Agenda

Chair's Welcome

►Driving a Culture of InfoSec Excellence - How a Thriving Fintech Built Security into Its DNA

Jo Vane, InfoSec Compliance Director, Checkout.com

• The Pitfall of Compliance Alone
• Compliance ≠ Security: going beyond the basics
• Raising the Bar: InfoSec Excellence Defined
• Core Principles for Sustainable Security
• Leadership’s Role in Building Security DNA
• Achieving InfoSec excellence reduces risk, enhances brand trust, and strengthens market positioning

►Isolating Ransomware Attacks to Block Lateral Movement and Protect Critical Assets

Laurent Jacquemin, Field CISO, Akamai

• Prevent ransomware spreading across POS, inventory, and payment systems with Akamai Guardicore Segmentation
• Spot early signs of attack targeting retail infrastructure using behavioural analytics
• Uncover stealthy threats in-store and online with proactive threat hunting
• Strengthen defences across retail IT and cloud environments with Zero Trust controls
• Learn how leading UK retailers are building resilience after recent ransomware attacks

►Transforming Retail Personas into Microsoft Conditional Access: The Secret Weapon for Zero Trust Security

Louis Sherman, Cybersecurity Lead, C&J Clarks

• Leverage retail personas to fine-tune Conditional Access policies
• The Conditional Access gaps hiding in plain sight, and how to plug them
• Bring clarity and precision to policy creation with persona-driven access controls

►Rethinking Ecommerce Fraud Prevention: Stop Fraudsters Before the Buy Button

Maya Ogranovitch Scott, Retail Solution Manager, Ping Identity

• Top fraud risks in retail and ecommerce
• The link between identity fraud and fraudulent transactions
• Common tactics fraudsters use to attack online retailers
• How to spot and stop fraud throughout the user session
• Tips to crack down on fraud without sacrificing checkout convenience

Comfort Break

►Protecting retail networks from cyber threats effectively

Luke Fardell, Lead cyber Analyst, Tokio Marine Kiln

• Network segmentation
• Third party network access
• DNS record manipulation and email take over

►Unlock the Potential of Agentic AI

Alex Gardner, Product Marketing Director, Human Security

• LLM vs AI agents - what is the difference?
• The opportunities and risks of Agentic AI
• Preparing for Agentic commerce

►Resilience in Retail

Stuart Golding, Independent Cybersecurity Consultant

• Why is retail such a prime target?
• Common attack vectors and vulnerabilities and lessons learned
• Actionable strategies: zero-trust architecture; audit and protocols
• Weaponising threat intelligence
• Getting culture right

►Proactive Retail Cyber Resilience through Exposure Management

Bernard Montel, EMEA Technical Director and Security Strategist, Tenable

• Understanding the Expanded Attack Surface: From on-premise POS and IoT/OT devices to cloud e-commerce, user identities, and third-party supply chains – grasp every potential entry point
• Lessons from Recent UK Retail Attacks: Dissect real attack paths (e.g., social engineering, identity compromise, supply chain breaches) from incidents affecting M&S and Co-op by groups like Scattered Spider/DragonForce
• Mitigating Risk & Fraud with Exposure Management: Leverage an exposure-centric view to proactively identify, prioritise, and remediate exploitable exposures before they become devastating breaches

Comfort Break

►Securing Payment Pages: Navigating PCI DSS v4 Requirements for Browser-Loaded Scripts

Graham Dawson, Cyber Security Architect, Naked Wines

• Understanding the Invisible Risk: How scripts and tags on your payment pages impact security and compliance.
• Building Robust Controls: Implementing practical controls to mitigate risks and meet PCI DSS v4 standards effectively.
• Managing Scripts with Reflectiz: Exploring a cutting-edge tool to monitor, control, and secure browser-loaded scripts in real time.
• The Road Ahead: What does the future holds for compliance and innovation.

►From the Frontlines: Disrupting Hybrid Ransomware Attacks in the Age of SCATTERED SPIDER

David Holin, Professional Services Principal Consultant, Crowdstrike
Jack Humphries, Professional Services Senior Consultant, Crowdstrike

• Threat actors like SCATTERED SPIDER are exploiting the blurred lines between cloud and on-premise environments to launch sophisticated ransomware attacks
• In this session, CrowdStrike’s Incident Response team shares real-world insights into how these hybrid intrusions unfold — and how defenders can stay ahead
• Understand how SCATTERED SPIDER pivots between identity, cloud, and on-premise infrastructure during an attack
• Explore real-life examples from recent IR engagements in hybrid environments
• Learn key detection strategies and behavioural indicators of hybrid ransomware activity
• Get practical advice on hardening your cloud and on-premise assets to disrupt adversary operations

►Ransomware in Retail: How AI-Driven Ransomware Will Trigger the Next Major Breach

Manit Sahib, Ethical Hacker, The Global Fund & Former Head of Red Teaming, Bank of England

• LIVE DEMO - Inside the first AI-powered ransomware attack — See how my custom Agentic Ransomware Gang can take down a network in under 8 minutes
• Why retail is the perfect target — and how attackers are breaking in more easily than most think.
• Firsthand insights from real-world red team ops — from legacy tech and broken access controls to the critical lack of real-world security testing
• Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
• What CISOs and security leaders must do now — real-world, field-tested steps to prove your controls work before attackers do it for you

►Super Pets – The hero you didn’t know you had in the house

Gary Cox, Technology Director, Infoblox

• The most under leveraged security capability
• How NIST and NCSC are guiding us
• How to start to become truly proactive against evolving and current threats

►Cyber Essentials: Simple Steps, Stronger Security

Dr Emma Philpott, Director and CEO, IASME

• What's it all about?
• Effectiveness and Impact
• Overcoming challenges for large organisations meeting such a prescriptive standard
• Using Cyber Essentials as a Supply Chain Tool

Chair's closing remarks