Menu Close

Virtual Conference December 2021 Programme


Programme Day 1

John Doody is the Author of “From Stripes to Stars” and Director of Interlocutor Services Limited, a company established in 2003 to promote Information Assurance and Cyber Security issues both nationally and internationally, the company offers a range of services including Marketing, Communications, Public Speaking, Strategy Reviews, Information Assurance, Cyber Security and Information Technology, these services are geared to the strategic level within government and industry.

Prior to this John served at CESG/GCHQ for 10 years in the appointment of Head of Information Assurance Customer Services. John has a wealth of knowledge across the whole spectrum of Cyber Security and Information Assurance. In this latter appointment he was a major contributor to CESG’s move to a commercial business footing. John also had a role as a Non-Executive Director to a security company as well as providing Strategic Advice to a number of major UK and US IT Security companies. John’s recent major role was as the Global Strategic Cyber Security Adviser to Ultra Electronics Limited where he reported directly to the CEO on Cyber Security matters. He also provided Strategic Advice to FireEye, Booze Allan and Safenet, three large US Cyber companies. John has the unique experience of having held appointments in Defence, the Intelligence Services and Industry.

John is currently a Deloitte Associate.

John is a retired officer of the UK Royal Corps of Signals, a Corps in which he served for 33 years rising to the rank of Colonel.

John is a qualified engineer and has held a number of strategic engineering appointments in the UK Ministry of Defence including system support to PTARMIGAN and WAVELL, the army’s tactical communication and CIS systems, Director in the Procurement Executive as Project Director for Army Electronic Warfare, Battlefield Target Engagement System (BATES), Air Defence CIS system (ADCIS) and WAVELL managing £1B of programmes.

John has also worked in the R&D environment working on Electronic Warfare Simulation. John also served in various operational environments including Loan Service to the Trucial Oman Scouts (A Paramilitary Force) in the Middle East.

John has chaired many international committees dealing with Cyber, Information Assurance, Communications and Interoperability. John is well known on the national and international Cyber/ Information Assurance Conference circuit where he has chaired many events and has given over 100 talks on Cyber and Information Assurance. John is a renowned Evangelist for Cyber Security and Information Assurance.

John held the position of an International Class Director for the Armed Forces Communications and Electronics Association (AFCEA) International (Fairfax Virginia USA). John is a past President and Vice-President of the AFCEA UK WEST Chapter and he served as a Member at Large for AFCEA London in the early 90s. John was also the Cyber Security Lead for the BCS Security Community of Expertise.

John was awarded the CESG/GCHQ Directors Medal in 2003.

John was elevated to the Infosecurity Europe Hall of Fame in 2012.

John was nominated “Godfather of Cyber Security 2021” at the Unsung Cyber Heroes Award Ceremony in the city of London in October 2021


Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple.

In this session, Javvad Malik, Lead Security Awareness Advocate for KnowBe4, will explain how to take your security awareness to the next level and prevent it from going stale. Changing behaviours and creating a culture of security can only be achieved by adopting the right mindset and techniques.

In this session you will learn:

• Why you need to brand the security department the right way

• The psychological approach to getting your message across

• Practical advice on building a strong security culture

30,000 websites around the world are hacked each day of which the FBI estimates that 4000 are ransomware attacks. 64% of companies worldwide have experienced at least one form of a cyber attack. It is the most digitally advanced nations that are most vulnerable to cyber-attacks, so how can we defend ourselves more wisely? If everyone is a target, there is little you can do to reduce the probability that you will be attacked, but there are things that you can do to reduce the impact of an attack and recover quickly.

This presentation will:

• propose 4 inexpensive ways to make yourself unattractive to attackers and how to respond if you are

• reveal the upside of dealing effectively with cyber security incidents.

The widespread adoption of cloud services has created digital environments where businesses can innovate, collaborate, and share more than ever before. However, this is often at the cost of visibility and control. Join Beverly McCann, a Senior Analyst at Darktrace, as she discusses the challenges of securing cloud infrastructure and SaaS applications, and learn why Self-Learning AI is best-in-class in protecting organizations’ dynamic workforces and constantly-changing digital infrastructure.


Please take time to visit our sponsors, and interact live with speakers and staff members within their booth.

Moving applications to the cloud is a crucial step in most organisation’s digital transformation plan, but it can trigger a series of unexpected challenges.

This session will examine the following:

· How to ensure that the cloud applications will have the same level of security as on-premises applications

· Understanding the impact on both on and off-network users accessing the applications?

· Shortcomings of a virtual private network (VPN) for remote access

· How to respond to an increased digital attack surface and aggressive threat landscape.

You would be hard-pressed to find an IT or Security leader who hasn’t heard of “Zero Trust”. Not to mention the plethora of different vendors in the security space claiming to be your one-stop shop for all things Zero Trust. The problem? Zero Trust is not a single product or a solution, but rather a mindset that includes some guiding principles for a modern security strategy in today’s hyper digital world. On the other hand, it is not feasible (nor the desired end-goal) for organizations to achieve 100% Zero Trust. Join us as we delve into what Zero Trust really means and the essential tips for implementing this strategic security strategy, so that you can get started on your Zero Trust journey today.

Please take time to visit our sponsors and network in our lounge.

When 90% of cyber-attacks start with the human user, we need to move beyond tackling the human factor with a tick box approach to awareness. In this talk ThinkCyber unpick the science and theory behind behaviour models to help us understand why risky behaviours happen, and more importantly how to stop them. From research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour models that highlight the need for timely cues. We will explore how a real-time approach can allow awareness to form part of incident response and actively prevent incidents. This talk will offer real world examples and ways that all organisations can apply the theories to drive secure behaviour change.

When service techs and support personnel get the call to work on a client network, they need up-to-date information about the network environment — the kind of information gathered by the Network Detective Data Collectors. They also need ready access to the management plan, and all service notes including passwords, special procedures associated with the client, and links to related assets. This session will show you how to collect the data you need quickly and accurately.

Attend this session to listen Gil Vega, Veeam’s Chief Information Security Officer, being interviewed by Jeff Reichard, Veeam’s Senior Director of Enterprise Strategy. They will discuss ransomware issues in UK&I today, other malware and security threats and what cyber security trends we can expect going into 2022.

Please take the time to visit our sponsors within the exhibition hall

Zero Trust Architecture cannot be maintained without proper integrity controls at its foundation.

Discover how to successfully achieve a baseline of integrity to drive building, monitoring, and maintaining a Zero Trust architecture. Learn key considerations to take into consideration before moving forward with any Zero Trust strategy.

• Planning for Zero Trust: where to start

• Integrity at the basis for trust, how to determine a “good” state

• Ensuring ongoing trustworthiness

• Zero Trust over time

Join Tim Erlin, VP Product Marketing and Strategy, Tripwire, as he shares results from our recent research around Zero Trust and discusses the role of integrity when it comes to Zero Trust Architecture.

Programme Day 2

Investigative journalist Geoff White has covered technology for BBC News, Channel 4 News, Audible, Forbes online and many others. Crime Dot Com, his book on cybercrime for Reaktion Books, will be published on August 10, 2020. His exclusives reveal tech’s impact on our lives: the controversial police use of facial recognition; the failure of artificial intelligence therapy apps; hi-tech call centre scams that have cost victims their lives’ savings; fraud in the internet dating industry.

50% of software vulnerabilities are found in the design. Once in production, they’re 100x more expensive to fix. The answer? Threat modeling. By scoping your security requirements in the design stage, you can avoid developer rework and delays to production – so why is no one doing it?

In this session, Jonny Tennyson, Head of Client Innovation at IriusRisk, will talk about what threat modeling is, why people aren’t currently threat modeling, and ultimately ask the question: ‘why aren’t we all threat modeling?’

Mistakes are part and parcel of human nature but they don’t have to be costly and time draining. This session addresses the common issue of mistake rectification and shows MSPs how they can cover themselves against loss of information, time, revenue and reputation with IT Glue.

The webinar will cover:

  • Ensure compliance and access 30 days of documentation activity logs
  • Identify the exact cause of documentation mistakes
  • Rectify mistakes with deletion recovery and access to previous versions

As the cyber world constantly transforms and evolves, so must cybersecurity. With cyber risks at the forefront of executives and boards minds, it is critical for enterprise ICT leaders to understand how the solutions landscape is adapting to these new threats.

In this session we will cover:

• How to build the distributed, hybrid workforce of the future, without exposing your enterprise to unprecedented levels of cyber risk

• Ways to ensure the safety of customers’ data and minimize future disruption

• How to prevent criminals from exploiting vulnerabilities in the changing workplace • A new breed of end point security rooted in Zero Trust principles – HP Wolf Security

• The future of endpoint security secure-by-design

Microsoft Office 365 adoption rates have soared in the past year. Accelerated by the pandemic, more and more organisations are making the move to better facilitate remote working, aid scalability and agility, reduce infrastructure maintenance time and cost. What’s not to love? Phishing Attacks.

Despite all the operational advantages Office 365 provides, and the in-built email security protections Microsoft offers, threats still land in user’s inboxes. In fact, every year, the Cofense Phishing Defense Center (PDC) identifies some 3,500 threats that have evaded technical controls – even with Microsoft Advanced Threat Protection deployed.

If you have Office365, or are considering migrating to it, join our exclusive briefing to understand how to optimise that investment with Cofense, and why having a dedicated phishing detection and response strategy should be a top priority in your migration plan.

We will cover:

  • Cofense Phishing Defense Center (PDC) Statistics for 2020 A deep dive into Microsoft’s offerings and add-ons – Where is additional protection needed?
  • Critical capabilities for effective phishing defense
  • Strategies to help identify and remediate phishing attacks as soon as they are found in your network

Please take the time to visit the sponsor booths within the exhibition hall

Your clients are aware of the Dark Web but how much do they know about how it has taken hold of them? Bursting with ever evolving threats, what clients think they know about the Dark Web today, won’t be the same tomorrow, and despite having taken some ‘protection’ measures, they will still be compromised, right now! This is your opportunity to impress your clients and boost your sales with total knowledge of where the Dark Web has taken hold and a complete portfolio of armour against these often business breaking threats!

RangeForce believes the days of boring, week-long, training courses, hosted in smelly training rooms and designed primarily to get the user through a single instance certification exam, should now belong to pre-COVID history. Elite SOC and cyber defence teams deploy continuous professional education, long since stipulated in other critical, vocational careers. RangeForce is at the forefront of a revolution in this space, opening up the concept of “Combination Learning”. We incorporate individual, self-paced, hands-on skills development, interspersed with pressurised team training exercises, where learners must respond to live cyber incidents in real time. All delivered through the browser and at a fraction of the cost of the “old way”.

Modern software is created from a combination of proprietary and open source software forming a software supply chain with potentially hundreds of components. While embedded and IoT developers often have specific commercial libraries for their platforms, cloud and mobile application developers may have dozens of candidate open source libraries – each nominally equivalent in functional capabilities, but each tested to different standards. The overall security of the application then becomes a function of what testing was performed within the supply chain combined with the patch management strategy used by library consumers.

Securing your devices can be challenging, especially when some of your employees are working remotely. All endpoints, both on- and off-network, must be patched and secured on an ongoing basis.

Join us for a hands on presentation where we will provide live training on these critical processes:

• Performing a security assessment

• Setting up a secure VPN for remote workers to access applications

• Developing a Bring Your Own Device (BYOD) policy that specifies security requirements

• Automating software patch management and vulnerability management

Please take the time to visit the sponsor booths within the exhibition hall



Delegates booked so far

Community Area


Home Workouts


spaghetti Bolognese