Menu Close

Programme Day 1

Investigative journalist Geoff White has covered technology for BBC News, Channel 4 News, Audible, Forbes online and many others. Crime Dot Com, his book on cybercrime for Reaktion Books, will be published on August 10, 2020. His exclusives reveal tech’s impact on our lives: the controversial police use of facial recognition; the failure of artificial intelligence therapy apps; hi-tech call centre scams that have cost victims their lives’ savings; fraud in the internet dating industry.

Succeeding with Secure Access Service Edge (SASE) Abstract: With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data. SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture?

Join this session to understand:

• Why SASE should be less complicated than many vendors are making it

• What to look for when evaluating a migration to a SASE platform

• A 3 month, 6 month, and 12 month roadmap for implementation

• How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits

From internet-connected CCTV cameras to office temperature sensors, IoT devices have introduced an entirely new threat into the attack landscape. While developers have focused on perfecting the convenience and utility of their products, their security proficiency has lagged behind. As a result, devices have been rushed to market rife with zero-day vulnerabilities. Such technology is often implemented without the consultation of security teams, is outside their awareness, and, subsequently, outside of corporate protection. For attackers, these are the perfect means of surreptitious entry.

Join Dave Masson, Darktrace’s Director of Enterprise Security, and Marcus Fowler, Darktrace’s Director of Strategic Threat, as they discuss the challenges of securing IoT devices, and learn how Cyber AI is able to spot the full range of IoT threats in their earliest stages, before autonomously responding to contain the malicious activity.

In this session, find out more about:

• How Darktrace’s AI understands what ‘normal’ looks like for all IoT devices on the corporate network

• How Darktrace recently thwarted a Mirai malware attack on a CCTV camera

• How a low-and-slow attack on a smart locker was neutralized by Cyber AI within seconds

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

Many organizations have recently had to shift their security strategies to account for new threats, increased mobility, and rapid digitization. But how do you know exactly what works and what doesn’t in cybersecurity? Cisco has commissioned a study outlining which security best practices lead to the most impactful results. In this session we will share the key highlights affecting the UK, Europe and share how they compare to global findings.

As we step into 2021, this is the year that we move past the old paradigm of identity being an important back-office function and leap into a realm where identity is the not only the critical tip of the security spear but also the driving force for a modernised business. Everyone is talking about Zero Trust – it is the identity buzz word of the year. In this presentation Lori Robinson will discuss how the Identity industry is innovating around a Zero Trust architecture and discuss the top 5 Identity trends that will dominate Identity in 2021.

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

The cloud is more dynamic now than ever before. How do you keep up with development while thwarting off threats? Learn how to fend off threats and turning security into an enabling force behind enterprise digital transformation.

SIEM data has the ability to transform systems beyond SOAR. In this talk Jake will demonstrate how the sharing of specific types of telemetry can be automated across multiple disparate systems to reduce risk and operational demands.

The SolarWinds supply chain attack was a brutal security failure that relied on perimeter tools, threat hunting and prior knowledge to stop an attack – only to find that these tools were powerless to identify and stop it.

Existing security tools are not sufficient to secure the supply chain, namely because the most sophisticated attacks are occurring at runtime, a notorious blind spot in organizations. Conventional security tools are not instrumented to detect exploits in memory and do not provide any visibility into runtime. More importantly, they do not provide runtime protection, so evasive attacks that proliferate at the memory level often go undetected for days, months, or even years. Learn effective new tactics and tools to protect and defend against sophisticated and evasive supply chain attacks like remote code execution and other crippling runtime exploits. Get best practices to protect your workloads against future or ongoing supply chain attacks.

APIs will account for 90% of attack surface area for web applications this year1. Developers and attackers gravitate towards APIs for similar reasons: they’re flexible, suited for automation, and exchange critical data. As API footprint and functionality grows, so does their appeal to attackers. Proactive API protection must be a key priority in your application security strategy.

Security experts Jimmy Mesta and Rob Gibson will demonstrate tactics to stop four common API threats:

– Account takeover (ATO)

– Enumeration

– Content scraping and probing

– HTTP verb tampering

ThinkCyber unpick the science and theory behind behaviour models to help us understand why risky behaviours happen, and more importantly how to stop them. From research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour models that highlight the need for timely cues. Looking at examples of how cognitive psychology, behavioural and social science can and are being used to guide user behaviour. This talk will offer real world examples and ways that all organisations can apply the theories to drive secure behaviour change.

Cloud adoption has grown rapidly over the past decade and has increased exponen9ally due to COVID-19 and a globally distributed remote workforce. Join me in this session as we walk through 5 practical tips you can follow to improve security in your cloud services, including leveraging two factor authentication (2FA) and logging/monitoring cloud systems.

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

A company-wide cyber security strategy is essential to combat today’s evolving risk landscape. While systems expertise remains an essential ingredient of preparedness, it is only when cyber security is understood within the organisation’s overall business strategy that executive leadership can have confidence that information, the single most important business asset is sufficiently protected against today’s threats.

Join us for this session where Vaibhav Malik, Head of Cyber Risk & Assurance at Integrity360 will share his insights on taking a three dimensional approach to optimising your cyber security strategy for the future. Vaibhav will discuss the business value that can be gained from cyber security, assess the need for rethinking the role of the CISO to adapt to the evolving threat landscape and he will delve into the importance of resilience as a contributor to a robust cyber security approach.

Vaibhav brings more than a decade of experience in defining and executing successful strategic security and digital transformations programs across Asia, EMEA and the UK. A cross-industry cyber security leader who maintains a strong track record of delivering success and stability in this rapidly evolving digital landscape. Coming from a big 4 background, Vaibhav brings rich experience across realms of cyber security, data privacy, resilience and technology risk, and helps organisations to think through what strategy means in the modern world of cyber security.

A deep dive into breaches and how vulnerability has been one of the key (and often the sole/main) contributors to their success. Join Steve Marshall, UK Group CISO, Bytes UK with XXXX from vulnerability management market leader Tenable to understand the role vulnerability plays in successful breaches, and learn how to lock down on this earlier, easier and with more lasting effect. See the importance of vulnerability visibility and prompt action and understand exactly how vulnerability was the lynchpin of many a headline hitting breach in recent times.

As Head of the UK’s Office of Security and Counter-Terrorism for the last five years, Hurd was the most senior official in the UK government responsible for Homeland Security, leading cross-government work countering state threats, cyber crime and security, disinformation, money laundering, online harms, child sexual exploitation and terrorism. He also oversaw the domestic operations of the intelligence agencies, CT Police and the National Crime Agency and played a leading role internationally on domestic security issues, especially within the Five Eyes community.

Hurd believed that mastering data and technology was key to transforming the UK’s approach to Homeland Security. He initiated new relationships within government but also with industry, academia and Big Tech to make this a reality. He was instrumental in helping create the Global Internet Forum to Counter Terrorism which has led social media companies to remove automatically tens of millions of terrorist content from the internet. Building on his expertise on breaking down barriers and building transparency between and within organisations, he created, on behalf of the UK’s Chief Scientific Advisor, a single approach to science and technology innovation across the UK’s national security community to help pull through technology faster to the front line and help the UK harness its cyber and science power on the world stage.

As a result of his experience in mastering data to achieve better outcomes, Hurd was asked in mid-2020 to set up from scratch, and at pace, the UK’s Joint Biosecurity Centre, a data-led organisation that brought data science and public health expertise together in one place to spot earlier and more accurately outbreaks of COVID-19 in the UK and then advise the UK government and local authorities how best to respond. Hurd also led the Joint Biosecurity Centre’s work to define and set COVID-19 national alert levels for the UK. Hurd has remained involved in health security helping ensure the security of the UK’s, vaccine supply chain.

Hurd is an expert in crisis management and recovery. He coordinated the UK response to terrorist attacks including breaking the momentum behind the attacks in 2017 in Manchester and London. He chaired, in 2018, the first COBRA meeting in response to the Russian chemical weapon attack in Salisbury and then led elements of the domestic response. As Chief of Assessments Staff in the Cabinet Office from 2012-14, Hurd personally led briefings to the PM at COBRAs. He also compiled the PM’s daily intelligence brief.

Hurd studied Arabic at Oxford University and spent much of his career in postings in the Middle East and in senior leadership positions in government focused on conflict resolution in the region, in particular in Iraq and on Israeli-Palestinian issues.

Hurd has attended the National Security Council and was a member of the UK’s Joint Intelligence Committee. He was appointed OBE by Her Majesty in 2011 and CB in 2020 for his services to national security.

Member of The Magic Circle Lord Harri will leave you amazed! An author, creator and inventor you will love his virtual magic show. He has entertained audiences across the Globe with his infectious humour, stunning tricks and wizardry! Not to be missed!

Programme Day 2

John Doody is the Author of “From Stripes to Stars” and Director of Interlocutor Services Limited, a company established in 2003 to promote Information Assurance and Cyber Security issues both nationally and internationally, the company offers a range of services including Marketing, Communications, Public Speaking, Strategy Reviews, Information Assurance, Cyber Security and Information Technology, these services are geared to the strategic level within government and industry.

Prior to this John served at CESG/GCHQ for 10 years in the appointment of Head of Information Assurance Customer Services. He has a wealth of knowledge across the whole spectrum of Cyber Security and Information Assurance. In this latter appointment he was a major contributor to CESG’s move to a commercial business footing. He also has had a role as a Non Executive Director to a security company as well as providing Strategic Advice to a number of major UK and US IT Security companies. John’s recent major role was as the Global Strategic Cyber Security Adviser to Ultra Electronics Limited where he reported directly to the CEO on Cyber Security matters. He also provided Strategic Advice to FireEye and Safenet, two large US Cyber companies.

He is currently a Deloitte Associate.

John is a retired officer of the UK Royal Corps of Signals, a Corps in which he served for 33 years to the rank of Colonel.

He is a qualified engineer and has held a number of strategic engineering appointments in the UK Ministry of Defence including system support to PTARMIGAN and WAVELL, the army’s tactical communication and CIS systems, Director in the Procurement Executive as Project Director for Army Electronic Warfare, Battlefield Target Engagement System (BATES), Air Defence CIS system (ADCIS) and WAVELL managing £1B of programmes.

John has also worked in the R&D environment working on Electronic Warfare Simulation. He has also served in various operational environments including Loan Service to the Trucial Oman Scouts in the Middle East.

John has chaired many international committees dealing with Cyber, Information Assurance, Communications and Interoperability. John is well known on the national and international Cyber/ Information Assurance Conference circuit where he has chaired many events and has given many talks on Cyber and Information Assurance. He is a renowned Evangelist for Cyber Security and Information Assurance.

He has held the position of an International Class Director for the Armed Forces
Communications and Electronics Association (AFCEA) International (Fairfax Virginia
USA). He is a past President and Vice-President of the AFCEA UK WEST Chapter and
served as a Member at Large for AFCEA London in the early 90s. He was also also the Cyber Security Lead for the BCS Security Community of Expertise.

John was awarded the CESG/GCHQ Directors Medal in 2003.

He was elevated to the Infosecurity Europe Hall of Fame in 2012.

The traditional perimeter is dead! So how do you protect your network in 2021 and beyond?

The answer is a fundamental shift in your attitude to security, away from implicit trust and towards a default position where you trust no one without good reason. The first step on the pathway is Zero Trust Network Access (ZTNA).

Even if you are not currently planning to adopt a Zero Trust approach, the technology decisions you make today will impact the ease of turning to this technology in the future. #

We invite you to take the next step towards a more secure future by using our simple, accessible approach, which allows you to benefit from the security advantages of Zero Trust… and beyond. 


As the world’s knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world’s most critical businesses’ internet exposure is more important than ever.

In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on FTSE 350 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staff, and their internal business partners to address.

These five facets of internet-facing cyber-exposure and risk include:

1. Authenticated email origination and handling (DMARC)

 2. Encryption standards for public web applications (HTTPS and HSTS)

3. Version management for web servers and email servers (focusing on IIS, nginx, Apache, and Exchange)

4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)

5. The proliferation of vulnerability disclosure programs (VDPs).

Join this talk as Chris Hartley, UK & Ireland Lead, and Matt Rider, Director of Applied Engineering discuss the findings and provide recommendations CISOs and security practitioners can take action on.

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

Hear about how expectations are driving the world of security, customer needs and desires and the ultimate requirements for sustainable intelligence and reliable response. Listen to thoughts on risk, integration, critical metrics, common themes and the overall security journey that all businesses are on as they drive to understand and control their security posture and, ultimately, protect their customers and industry reputation.

Discover the art and science behind deception, and why you may still fall for dirty tricks even after you understand how they work. From the slight-of-hand used by magicians, to the slight-of-tongue used for social engineering, we are all wired to deceive and to be deceived. See how threat actors use these techniques against your end-users and how security awareness training can help them spot deceptions before it’s too late.

Join Perry Carpenter, KnowBe4’s Chief Strategy Officer, as he shows you how easily we can be deceived and how that relates to our understanding of social engineering scams that come our way.

During this intriguing session, Perry will share his insights and answers to these questions:

• Are we wired for deception?

• Why are some more susceptible to manipulation than others?

• How do hackers use these techniques to create scenarios to entrap your employees?

• How can you ethically leverage these techniques to bring about desired behavior change?

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

50% of software vulnerabilities are found in the design. Once in production, they’re 100x more expensive to fix. The answer? Threat modeling. By scoping your security requirements in the design stage, you can avoid developer rework and delays to production – so why is no one doing it? In this session, Jonny Tennyson, Head of Client Innovation at IriusRisk, will talk about what threat modeling is, why people aren’t currently threat modeling, and ultimately ask the question: ‘why aren’t we all threat modeling?’

Several years ago the legal sector was in many ways perceived as the ‘flat underbelly’ of the supply chain from a cyber and information security perspective.  This however has changed quite dramatically, as the sector has risen to greater threats from cyber-crime and increasing regulatory challenges (often passed down the supply chain from their clients).  Mechanisms therefore to both demonstrate a compliant (and of course effective!) information security program have therefore had to be put in place, alongside mechanisms to carry out due diligence on suppliers who provide services to law firms.   This keynote will aim to relay the experience of ‘sitting both sides’ of the supply chain fence, and offer an insight into the pitfalls and successes of a journey so far that many can hopefully relate to.

Mike is Head of Supply Chain Information Risk for international law firm Pinsent Masons, where he has developed and implemented a methodology and process for supply chain and third party information risk.  With a global remit, he is also the lead for any client related information security assurance matters and obligations.  The latter entails relaying the Firm’s information security framework and controls to meet the needs of a wide and extensive client base (many of whom operate in a regulated environment).

Previously at Iron Mountain, Mike was given a UK remit of expansion of ISO27001 certification scope before becoming responsible for regulatory and customer focused Information Security compliance across Europe and Asia.  He has also held a number of positions in the area of employee background screening.  In this field he worked for Kroll (as a background screening service provider) and Iron Mountain (embedding an internal vetting process).

His early career included various security related roles and environments at the Home Office, ranging from the prison service through to subsequent analytical roles at the Serious Organised Crime Agency (SOCA).  He finished an eleven year career with the Home Office specialising in South Asian political, human rights and security related matters for the immigration service.

Cyber attacks via email are stealing millions of pounds from businesses and putting them at risk of going out of business. Every company, no matter its size is a target, and the damages go well beyond the financial loss to include the cost of recovery, the disruption of operations, undermining the business reputation …. We’ll talk about the risks your employees pose and who are the most likely phishing targets.. and about ways you can prevent them seeing those phishing emails in the first place.

The centrepiece of modern life is technology, and it all runs on software. But all that code is prone to risk and vulnerabilities. Even as we raise our risk awareness, we often miss the thing that is responsible for the next big breach. It’s vital to understand the threats we face in today’s software supply chain and stay aware of the ways that make the software we depend on more secure. 

Over the last decade, ransomware has increasingly become the most popular option for hackers to monetize the access they’ve obtained to corporate computer systems around the world. Over the last few years, we’ve observed the ransomware software and techniques adapt and evolve to include the theft and exposure of private information, creating extortionware as a new breed of malicious software. This talk will provide an overview of these techniques and discuss the potential privacy and security impacts you may face as a result.

FTP, FTPS and SFTP are three of the key protocols for transferring files, but do you know which one is the best way to secure your organization’s sensitive data during the transfer process?

In today’s complex digital landscape, file transfer management not only poses significant logistical challenges but also substantial security risk. Organizations have various file transfer options at their disposal, each offering their own distinct set of challenges and benefits. Understanding and defining which is the best method to implement, and when, is of paramount importance for organizations of all sizes.

Join this webinar to learn the differences between the protocols, how to determine which is the most optimal for your organization and more. Key takeaways: The difference between FTP, FTPS, and SFTP, with specific focus on authentication, implementation and speed Which protocol is best for certain instances, including complying with security standards and working with trading partners requirements

Please take time to visit our sponsors, and interact live with speakers and staff members within their booths.

Rob deMain takes you through the key challenges facing security operation teams today and outlines, with a demonstration, one view of the future of security operations in light of these challenges. 

When migrating to the cloud, security is the underlying element that will impact every step of your transformation journey. Failure to make security an overall priority can complicate your migration process, cause significant delays, and introduce risks that may harm your organization for years to come. To design a secure migration strategy, you must understand the security needs of the technologies that power each stage of your cloud journey.

  • Learn about security requirements for each stage of the cloud journey: migration, re-architecting, and cloud native.
  • Learn how to design security and compliance into cloud applications.
  • Get best practices for securing cloud workloads including user access, containers, and serverless

Ciaran Martin founded the UK’s world leading National Cyber Security Centre and headed it for the first four years of its existence. Currently, after stepping down from his role with NCSC at the end of August 2020, Martin holds the position of Professor of Practice in the Management of Public Organisations at Oxford University’s Blavatnik School of Government and advises NATO and a number of private sector organisations on cyber security strategies.

The NCSC, part of GCHQ, where Martin served as an executive board member for six and a half years, is regarded as the world leader among public authorities for cyber security. The International Telecommunications Union now ranks the UK as the #1 country for cyber security as a result of the NCSC’s work.

Under Martin’s leadership, the NCSC took the lead in managing more than 2,000 nationally significant cyber-attacks against the UK, including the so-called Wannacry attack against the NHS in 2017. He led the detection work that prompted the Government to call out, for the first time, cyber aggression from Russia, China, Iran and North Korea. He helped the NCSC transform the Government’s relationship with business on cyber security. In 2018, in a keynote at the CBI’s cyber security conference, he launched a board toolkit with five essential questions corporate leaders needed to understand. As a global cyber security leader, he travelled to more than 30 countries in five continents building partnerships with Government, national security and corporate leaders. At the NCSC he was a much sought after guest of the UK’s major corporate boards.

Martin believes the essence of good cyber security is demystifying a complex subject and finding a way and a language for the specialists to engage with the leadership. That becomes more and more important as new technologies and technology platforms – 5G, the Internet of Things, quantum – become the new realities.

Martin is also a 23 year veteran of the UK Government, working directly with five Prime Ministers and a variety of senior Ministers from three political parties. He held senior positions at HM Treasury and the Cabinet Office as well as GCHQ. He was head of the Cabinet Secretary’s Office and led the official negotiations that led to the agreed terms and rules for the Scottish independence referendum.

In 2020 Ciaran Martin was appointed CB by Her Majesty The Queen

Member of The Magic Circle Lord Harri will leave you amazed! An author, creator and inventor you will love his virtual magic show. He has entertained audiences across the Globe with his infectious humour, stunning tricks and wizardry! Not to be missed!

Delegates booked so far


Community Area


Home Workouts


spaghetti Bolognese