Agenda

Presentations already confirmed include:


►Scaling Security Engineering using AI and Automation

Steve Withey, Principal Security Engineer, ASOS

  • Risk Prioritisation - Understand the current and emerging risks to your business
  • The AI Threat Landscape - A high-level coverage of key risks that AI has introduced to businesses
  • Scaling your teams - Identifying opportunities to innovate and use AI/Automation to scale yourselves
  • Measure outcomes - What are the key metrics that demonstrate value and success?
     

►Retail Threat Landscape 2026: What Security Leaders Should Prepare For

Boobeshwaran Sengodagoundar Kandasamy, Staff Threat Intelligence Specialist, Deliveroo

  • How retail threats are evolving to become more scalable, automated, and AI-driven—and what that means for your security strategy
  • Why reactive security approaches are no longer sufficient, and how to adopt a proactive, intelligence-led defence model
  • Where risks are expanding beyond technology, including brand abuse, social engineering, and supply chain vulnerabilities—and how to address them effectively

►Invisible Leaks: The Hidden Risks of Chatting with AI

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • AI Privacy Risks: How tools like ChatGPT, Claude, and Co-Pilot can end up knowing more about you than your best friend (and never forget a thing). The hidden dangers of casually sharing information with AI
  • When Small Details Add Up: Why a few “harmless” details can combine to paint a full picture & How scattered information can reveal sensitive data without you realising
  • The Myth of Security: Why AI models aren’t as secure as we might think & How attackers can trick them into spilling information
  • Simple, Practical Steps: For employees: how to keep personal and company data safe & For organisations: reducing AI-related risks before they grow

►Compliance in Chaos: The IMS Model That Puts CISOs Back in Control

Adaora Ezennia, GRC Lead, THG PLC

  • How to turn overlapping regulations into a coherent, control-driven operating model
  • How to redesign fragmented RegTech using an Integrated Management System (IMS) that drives clarity, ownership, and efficiency
  • How to build a defensible compliance posture, with clear accountability and audit-ready evidence, that stands up to regulators, auditors, and legal scrutiny

►Threat Modelling for Operations - The Threat-Led Onboarding Model

Richard Plumb, Threat Operations Lead, Post Office Ltd

  • Onboarding systems into the SOC is always a challenge. Knowing what log source to onboard and how to prioritise them isn’t always obvious.
  • How do ensure you’re bringing the right log sources onboard without onboarding absolutely everything?
  • Introducing the threat-led onboarding model. An NCSC tried & tested means to onboarding systems into your SOC.
  • Prioritise log sources, use cases, and make sure every aspect of your SOC is genuinely threat-led.

►CrowdStrike 2026 Global Threat Report: A Review of Key Findings

Mark Ward, Sr. Regional Sales Engineer, CrowdStrike 

  • Adversaries are becoming more evasive, faster, and harder to stop — leveraging AI and abusing unmanaged edge devices to move rapidly across endpoint, identity, cloud, and SaaS environments, often operating in plain sight.
  • Join us for an in-depth review of the CrowdStrike 2026 Global Threat Report, with a dedicated focus on how these evolving threats are impacting the retail sector.
  • We’ll explore real-world implications for retail organisations, share actionable insights, and outline the critical steps needed to strengthen your defences and protect your business in the year ahead.

►Presentation Title This Was Never a Drill: The Case for Autonomous IT

Dan Jones, Senior Security Advisor, Tanium

  • Why the speed and sophistication of today's retail threat landscape means manual security operations are no longer sufficient — and what that means for how teams must evolve.
  • How Autonomous IT works in practice: AI-powered systems that continuously monitor, detect, and remediate threats across endpoints without waiting for human intervention.
  • The real-world business case for autonomous security, including how to identify where automation will have the greatest impact and how to take the first practical steps toward implementation.