Agenda

Presentations already confirmed include:


► Chain Reactions: Understanding your supply chain risk and its impact on security

A high-level interactive dialogue with Mark Walmsley, CISO, Freshfields, and Mike Seeney, Head of Supply Chain Risk, Pinsent Masons

Grill two of the legal industry's most prominent security and risk leaders on what they have to share on mitigating your business risk. Topics covered include:

  • Understanding how your supply chain works and how you mitigate its security risk?
  • Client questionnaires and meeting clients’ security demands
  • Working with external auditors
  • Accountability and who owns supply chain risk?


► Cloud One on One with Andrew Powell, CIO, Macfarlanes

Ask this industry leader what you really want to know about: 

  • Budget allocation
  • Cloud security platforms and what factors to take into account when making a cybersecurity business decision
  • CSP’s. The advantages and disadvantages. How do you navigate the market?
  • Where does the accountability lie for security of data in the Cloud?
  • What are the relative responsibilities/contrasts/parallels between larger law firms and smaller law firms, especially when it comes to things like Cloud security?
  • Does the structure of law firms (pyramidal, with Partners holding equity) create a unique set of risks and challenges?

► Law & Disorder – Raising the Cybersecurity Bar

David Carroll, CEO, CyberScore

  • Why organisations struggle to address the basic technical security controls
  • How the cybersecurity industry can help
  • Future trends

► New technologies, new clients. How digitalisation is changing clients' security demands 

David Robinson, Head of IT Security, Herbert Smith Freehills 

  • The onset of new technologies and innovation. Digitalisation means exposure and vulnerability. How do you mitigate the risk? 
  • Case study: automation of the client contract procedure
  • The duality and problematic nature of questionnaires: how you are held accountable for the questions and demands of you clients but equally, you also have to make sure that you are asking the pertinent questions in your own third party questionnaires to your suppliers? 

► Who's really protecting your data? The truth about the evolving role of the DPO, and why good governance equals good security

Bruno Edenogie, Compliance Manager & Data Protection Officer, Orrick, Herrington & Sutcliffe 

  • The role of the DPO, and the evolution of the perception of information security and data governance and protection. 
  • Data governance as part of wider business governance. Does good governance generally mean good cybersecurity and vice versa? Why is this? 
  • The issues of cross-jurisdiction and different regional demands and standards. How do you provide a cohesive strategy in a siloed environment?

► Insider Threats: Risks Continue to Grow

Richard Cassidy, Senior Director, Security Strategy, Exabeam

  • Familiarize yourself with breaches caused by insiders (41% of orgs had a threat last year) 
  • Understand key challenges for detecting an insider threat 
  • Learn how to protect against compromised and malicious employees

► Crossing over from the Dark side: one former lawyer's journey to information security professional and his cross-function business insights 

Rob Pomeroy, Security Architect at Hill Dickinson 

  • The journey from solicitor to information security professional. Insights from both sides of the security communication disconnect
  • Cybersecurity risk management: why the industry needs to gear up, assassinate the lowly risk matrix and bury it six feet under
     

 


► Leveraging SD-WAN to evolve and improve security for Law Firms

Simon Pamplin, EMEA Technical Sales Director, Silver Peak

  • Why SD-WAN is not to be feared.
  • How SD-WAN compliments, enables and improves security.
  • How exactly Silver Peak can help improve your Security posture

► Executive panel discussion 

The indside(r's) story. How law firms are managing security and compliance alongside innovation and technological evolution

  • Omar Choudhury, Head of Compliance & Risk Management, Ropes & Gray
  • Bruno Edenogie, Compliance Manager & Data Protection Officer, Orrick, Herrington & Sutcliffe

  • Steve Byrne, Lead Information Security Officer, DWF

  • Dan Fox, Information Security Specialist, Osborne Clarke

 


► Keeping it confidential. Client relationships. Confidentiality and Openness

Steve Sumner, IT Director, Taylor Vinters

  • Security and the Client Relationship – Confidentiality and Openness
  • Binding Commitments on Security – Can you deliver
  • Managing Client and Partner expectations – Business case may mean no
  • Asking the Client – How dare you

 Finding the right snake oil: navigating the muddy waters of the cybersecurity solutions market

Emmet Horrigan, IT Director, Arthur Cox

  • The lack of a clearly defined cybersecurity strategy and structure in law firms. It’s impacts on budget and purchasing decisions.
  • Put your money where your mouth is: almost every Partner will now concede that cybersecurity is a key priority. But where does it really sit in terms of business priorities and client engagement.
  • The method behind the madness:  why do we invest in cybersecurity?
  • Developing a reliable strategy to evaluate systems in a consistent way is a key challenge faced by every law firm. What are the metrics and techniques that information secure leaders can use to find and invest in the right solutions?

Education seminars


Compliance Does Not Equal Security: How To Identify Gaps In Your Protection Strategy


Dan Wolff, Director, Endpoint Product Marketing, Bitdefender

Many firms who passed rigorous compliance certifications have been the victims of serious breaches. Due to the security skills shortage, high cost and fragmented state of today’s security tools, no one can be confident they are safe. Detecting sophisticated hacker groups might prove too much of a challenge for most firms as full-time monitoring of events is not an activity all organizations can afford. Cost effective methods, tools and services exist which can maximize protection with the lowest cost to the firm. By investing in low overheard protection, firms can avoid the financial, reputational and regulatory implications of an inevitable security breach.

In this seminar, you will learn:

  • Specific techniques and tools to assess where your gaps are.
  • How simple configuration risk assessments can continuously harden your systems against attack.
  • A three pronged approach to realize the best protection

Perfect Harmony: aligning privacy and security to supercharge your incident response plan


Luke Hahn, Sales Manager, OneTrust

In the event of a breach, privacy and security professionals often approach incident response from two different outlooks. Whereas security teams are focused on threat vectors, privacy teams are concerned with personal data leaks and adhering to various global privacy laws. While the two come from different perspectives, it is possible to build an incident and breach response plan that addresses the needs of both teams. In this session, we’ll discuss how to build a harmonized response plan that addresses both the security team’s technical needs and privacy team’s regulatory requirements across the patchwork of US privacy laws, the GDPR and other global privacy regulations. We’ll also provide tips to help you map out a 72-hour personal data breach action plan and share practical advice to improve your privacy program

  • Learn how to build an incident and breach response plan that fits the needs of security teams and privacy teams
  • Breakdown what stakeholders, teams, tools and processes should come together in the event of an incident or breach
  • Understand how to maintain a consistent approach to incident response while complying with privacy regulations across the globe

SOC-as-a-Service; One Size Can Fit ALL


Simon Crumplin, CEO, Secrutiny Ltd

Law firms are engaged in a constant battle to ensure a reasonable security posture while balancing costs, usability, technology, user behaviour, transformation and agility. The SOC-as-a-Service (SOCaaS) concept resonates for many as it provides firms with the knowledge and skills necessary to combat cyber security threats.

In this session we explore: 

  • Myths and realities of SOCaaS (What is it? How does it work in ‘real-life’?)
  • Is building and maintaining a SOC price/function scalable?
  • Not all SOCaaS offerings are the same (How to evaluate SOCaaS providers)
  • Noisy SIEMs to meaningful SOC alerts (Getting SOC ready)