Agenda

Chairman's welcome 

►Threat Modelling for Operations - The Threat-Led Onboarding Model

Richard Plumb, Threat Operations Lead, Post Office Ltd

• Onboarding systems into the SOC is always a challenge. Knowing what log source to onboard and how to prioritise them isn’t always obvious.
• How do you ensure you’re bringing the right log sources onboard without onboarding absolutely everything?
• Introducing the threat-led onboarding model. An NCSC tried & tested means to onboarding systems into your SOC.
• Prioritise log sources, use cases, and making sure every aspect of your SOC is genuinely threat-led.

►This Was Never a Drill: The Case for Autonomous IT

Dan Jones, Senior Security Advisor, Tanium

• Why the speed and sophistication of today's retail threat landscape means manual security operations are no longer sufficient — and what that means for how teams must evolve.
• How Autonomous IT works in practice: AI-powered systems that continuously monitor, detect, and remediate threats across endpoints without waiting for human intervention.
• The real-world business case for autonomous security, including how to identify where automation will have the greatest impact and how to take the first practical steps toward implementation.

►AI-Powered Threats in Retail: Debunking the Hype, Defining the Response

Tom Butchers, Cyber Security Strategy & Advisory Lead, Bytes
Rafe Pilling, Director of Threat Intelligence, Sophos

• Retail organisations are facing an increasingly complex cyber risk landscape - where AI is accelerating attacks, lowering the barrier to entry for cybercriminals, and reshaping how breaches occur. From identity-driven compromise to ransomware disruption, threats are becoming faster, more targeted, and harder to detect.
• In this 20-minute fireside chat, Bytes and Sophos will bring a pragmatic, real-world perspective to how adversaries are using AI today - cutting through the hype to explore what’s actually happening across the retail sector, and where AI is genuinely transforming the risk landscape. 
• The discussion will also cover how AI is a force multiplier for security teams - accelerating threat discovery, highlighting vulnerabilities and mitigation methods, and empowering teams of agentic SOC analysts, all of which are helping organisations stay ahead of evolving threats.
• The key takeaway: while attacks are becoming faster and more automated, effective defence is entirely achievable. By focusing on strong cyber hygiene, identity protection, and integrated, AI-enabled security operations, retail organisations can reduce risk, strengthen resilience, and stay in control.

►Compliance in Chaos: The IMS Model That Puts CISOs Back in Control

Adaora Ezennia, GRC Lead, THG PLC

• How to turn overlapping regulations into a coherent, control-driven operating model
• How to redesign fragmented RegTech using an Integrated Management System (IMS) that drives clarity, ownership, and efficiency
• How to build a defensible compliance posture, with clear accountability and audit-ready evidence, that stands up to regulators, auditors, and legal scrutiny

Comfort Break

►Scaling Security Engineering using AI and Automation

Steve Withey, Principal Security Engineer, ASOS

• Risk Prioritisation - Understand the current and emerging risks to your business
• The AI Threat Landscape - A high-level coverage of key risks that AI has introduced to businesses
• Scaling your teams - Identifying opportunities to innovate and use AI/Automation to scale yourselves
• Measure outcomes - What are the key metrics that demonstrate value and success?

►CrowdStrike 2026 Global Threat Report: A Review of Key Findings

Mark Ward, Sr. Regional Sales Engineer, CrowdStrike 

• Adversaries are becoming more evasive, faster, and harder to stop — leveraging AI and abusing unmanaged edge devices to move rapidly across endpoint, identity, cloud, and SaaS environments, often operating in plain sight.
• Join us for an in-depth review of the CrowdStrike 2026 Global Threat Report, with a dedicated focus on how these evolving threats are impacting the retail sector.
• We’ll explore real-world implications for retail organisations, share actionable insights, and outline the critical steps needed to strengthen your defences and protect your business in the year ahead.

►Two Inboxes, One Kill Chain: Defending Retail from the Most Sophisticated Attacks

Callie Baron, Sr. Content Marketing Manager, Threat Intelligence
Kieran Frost, Chief Operating Officer, Sendmarc

• In March 2026, Abnormal discovered VENOM, a previously undocumented phishing-as-a-service platform, during its investigation into a credential theft campaign targeting C-suite executives by name across 20+ industries since November 2025 - the campaign neutralizes MFA, survives standard remediation, and grants attackers access to trusted executive accounts that can become launchpads for even more damaging attacks.
• In this 20-minute discussion, Callie Baron (Abnormal AI, co-author of the Exposing VENOM report) and Kieran Frost (COO, Sendmarc) walk the VENOM kill chain and address the concern that matters to retail CISOs: the same impersonation playbook that goes after your execs goes after your customers every day. So what does a defensive posture that covers both actually look like? 
• This session is built for retail security leaders thinking through the wave that hit M&S, Co-op, Harrods, and the brands that came after.

Comfort Break

►Retail Threat Landscape 2026: What Security Leaders Should Prepare For

Boobeshwaran Sengodagoundar Kandasamy, Staff Threat Intelligence Specialist, Deliveroo

• How retail threats are evolving to become more scalable, automated, and AI-driven—and what that means for your security strategy
• Why reactive security approaches are no longer sufficient, and how to adopt a proactive, intelligence-led defence model
• Where risks are expanding beyond technology, including brand abuse, social engineering, and supply chain vulnerabilities—and how to address them effectively

►Protecting Operational Technology in Modern Retail

Harel Ben David, Director of Market Development, Claroty

• Modern retailers rely on interconnected Operational Technology (OT) throughout the supply chain and in their stores, from AMRs and smart inventory systems to the critical climate controls of the cold chains
• Recognise the "drive-by" threats targeting your critical systems before they disrupt your operations and potentially damage customer trust
• Move beyond a tools-only mindset to a resilience strategy that balances people, process, and technology

►Make Your Business a Hard Target for Cybercriminals

Eoin McGrath, Solutions Engineer, ThreatLocker

• When it comes to potential targets for cyberattacks, easier to breach means more likely to fall victim. 
• While you might not be able to influence your perceived value, there are changes that can eliminate your organization from being seen as an easy target. 
• We’ll explore practical tactics to reduce your surface area of attack and controls to prevent lateral movement should a breach occur.

►Invisible Leaks: The Hidden Risks of Chatting with AI

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

• AI Privacy Risks: How tools like ChatGPT, Claude, and Co-Pilot can end up knowing more about you than your best friend (and never forget a thing). The hidden dangers of casually sharing information with AI
• When Small Details Add Up: Why a few “harmless” details can combine to paint a full picture & How scattered information can reveal sensitive data without you realising
• The Myth of Security: Why AI models aren’t as secure as we might think & How attackers can trick them into spilling information
• Simple, Practical Steps: For employees: how to keep personal and company data safe & For organisations: reducing AI-related risks before they grow

Chairs Closing Remarks