Agenda

Presentations already confirmed include:


► Information Security Culture: a Never Ending Story

David Creighton-Offord, Senior Information Security Consultant, The University of Edinburgh

  • Knowing what you have already, for better or worse: Your audience, your infrastructure, your support network
  • The Challenge: Inertia, excess momentum, change fatigue
  • What you can do about it: Knowing your audience, making security easier, streamlining and diversifying your message

► AI & Machine Learning: A Cyber-Security Silver-Bullet?

David Stevenson, Head of Cyber Analytics Technology, Morgan Stanley

  • How AI & ML can address today’s cyber-challenges, including:
  1. the cyber-skills gap
  2. dealing with the information deluge
  3. protecting the enterprise from cyber threats
  • Where and how ML can help, with examples
  • Is AI and ML a cybersecurity silver bullet? Challenging the perceptions of machine learning and cybersecurity. What are the inconvenient truths?

► Building Scotland's digital economy. Why cyber-resilience is crucial for critical national infrastructure 

Kate Forbes, MSP, Minister for Public Finance and Digital Economy, Scottish Government.

  • Let's look at the big picture. What is the impact of a secure digital economy on the wider national economy? ​Can cybersecurity work as a competitive economic advantage on a global level? 
  • ​Building cyber-skills. What can government and industry do to tackle the cyber-skills shortage? Why is resourcing still one of cyber's biggest issues?
  • ​​Issues of cyber-accountability. What responsibility do governments and business hold to provide certain levels of cyber-resilience to their citizens and employees?

►5 A Day: Promoting Good Cyber Hygiene in Healthcare

Arunava Banerjee, Cybersecurity Manager, NHS Greater Glasgow and Clyde

  • Meaningful cyber awareness to develop a culture of good cyber hygiene among healthcare professionals
  • Handling insider threats and other major risks with cyber awareness
  • How to overcome challenges - product cost, staff time, organisational diversity, hours and location of working

► Agility ability: case study on managing cyber-risk alongside agile methodologies 

Andrew Smith, CTO, Nucleus Financial 

  • Case study: the relationship between the technology and the financial disciplines within Nucleus Financial.
  • How to build effective risk modelling structures for cyber? The contrasts and similarities of cyber-risk and other forms of risk
  • The move to agile, and how digitalisation and automation impacts information security. Incorporating information security into agile methodologies

►AI in security operations: What we have learnt so far

Matt Walmsley, EMEA Director, Vectra 

Time and talent are key factors in preventing a data breach. Learn from peers how AI enabled them to:

  • Detect hidden threats in cloud and enterprise networks
  • Perform conclusive incident investigations
  • Respond at previously unattainable speed and efficacy

►The time for change is now: the Scottish Government is upping the standards of cyber-resilience

Paul Chapman, Head of Public Sector Cyber Resilience, Scottish Government

  • First hand exclusive case study covering the first 2 years of the Scottish Government’s Public Sector Action plan - where we were, where we are now and where we’re going.
  • The Cyber Resilience Framework: why the need to up the standards of cyber-resilience is now
  • Ramifications for the private sector, and how to achieve greater public-private collaboration

► Cyber under arrest. The conflict between law enforcement and business. And what needs to change 

Craig Potter, Detective Constable, Specialist Crime Division, Scottish Police

  • How digitalisation, and in particular, cryptocurrencies are changing the Fraud, AML and Financial crime landscape and introducing new risks and challenges for law enforcement. International cryptocurrency case study
  • Competing objectives between law enforcement and business. Small picture Ethics vs Big picture Ethics
  • Reporting. Why does reporting remain a major frustration amongst law enforcement globally? Why is transparency such an issue, and what can be done to increase effective reporting and ensure the greatest value from reporting to law enforcement? Case studies

► Mobile Devices are a Much Bigger Security Problem than Traditional Computers

Ashish Patel, VP Sales UK & Northern Europe, Zimperium 

  • Mobile devices are an unprotected endpoint with access to or containing all of the information of a traditional endpoint
  • The differences between Mobile Device Management (MDM) Enterprise Mobility Management (EMM) and Mobile Threat Defense (MTD)
  • The different ways hackers are attacking your mobile device - network attack, phishing attacks, device attacks and app attacks
  • How to protect businesses and government agencies from these mobile threats

 


► Why understanding your attack surface matters?

Nick Brownrigg, Security Consultant, SecureData

  • What does it mean to obtain and use ‘cyber intelligence’ in a manner that effectively prioritises scarce resource across the full spectrum of ‘Assess, Protect, Detect & Respond’ cyber security disciplines?
  • Threats in cyber-space arise for two main reasons; weakness in IT infrastructure and an interest taken by an attacker. Most businesses know they must mitigate cyberthreats for their own good but also because regulators require them to.
  • But the threat landscape is ever changing as technology evolves and attackers innovate. Ensuring an organisation has the skills, agility and underlying platforms and processes to understand, detect and manage cyberthreats is one of the most compelling challenges faced by any 21st century business. Regulatory changes have pushed to issue up to board level.
  • What should the priority be for an organisation that wants to improve its cyber security posture, finding and removing vulnerabilities in its infrastructure or assessing the external threats it faces? 

►Executive panel discussion

Breaking the cyber-bank: lessons from the FS in cyber and Fraud risk

Three's not a crowd: examining the three lines of defence, and their stake in cyber-risk

Biometrics and risk metrics: how digitalisation is changing, and aiding, Fraud risk

What are the main challenges facing one of the most highly regulated industries? And what can others learn from them? 

  • Andrew Dillin, Threat Intelligence Lead, Cyber, RBS
  • Fiona Kelly, Information Security & Resilience Manager, TSB 
  • Mark Gale, Global Head of Fraud, Citi
  • Tony Povoas, CISO, Aegon UK

 


►Time-based Vulnerability Mitigation

Stephen Roostan, VP EMEA, Kenna Security

  • IT Risk and Security Risk are not the same! How do you get both sides engaged? 
  • How should success be measured? Number of vulnerabilities? Risk? Time?
  • Can you drastically improve both effectiveness & efficiency?  

 


► Defending against adversaries – what tactics can sport and warfare teach us to actively defend our networks from threat actors.

Mark Howell, VP UK & Ireland, Attivo Networks 

  • Tactics lessons from sport and warfare – what works when defending
  • Honeypots – from science project to modern day deception
  • Deception – attackers use it, defenders must
  • How can we apply these tactics in the cyber-realm

 


►Incident and Breach Management: Building a Harmonized Response Plan for Privacy & Security Teams

Chris Paterson, Privacy Engineer, CIPP/E, OneTrust

  • Learn how to build an incident and breach response plan that fits the needs of security teams and privacy teams
  • Breakdown what stakeholders, teams, tools and processes should come together in the event of an incident or breach
  • Understand how to maintain a consistent approach to incident response while complying with privacy regulations across the globe

 


► Why CISO's hate the word "cyber" : challenging the current cybersecurity paradigm, and aligning it with business goals

Chris Ulliott, CISO, RBS

  • the word cyber has become overloaded and there is little agreement on what it actually means - rather than talking about a vague cyber thing, we need to discuss the impact of insecure technology on our business objectives. Which leads to:
  • challenging the current cybersecurity paradigm. What are the business demands on today’s information security leader and how can they align their priorities with overall business objectives and continue to be seen as a business enabler
  • recent regulation has focussed the boards mind, but from a cyber security perspective, there is little new for those of us the highly regulated financial sector.... the senior manager regime has consequences for me as a CISO, but that’s unusual- as experts we should be held to account for our decisions.