Menu Close
November Header

Programme Day 1

John Doody is the Author of “From Stripes to Stars” and Director of Interlocutor Services Limited, a company established in 2003 to promote Information Assurance and Cyber Security issues both nationally and internationally, the company offers a range of services including Marketing, Communications, Public Speaking, Strategy Reviews, Information Assurance, Cyber Security and Information Technology, these services are geared to the strategic level within government and industry.

Prior to this John served at CESG/GCHQ for 10 years in the appointment of Head of Information Assurance Customer Services. John has a wealth of knowledge across the whole spectrum of Cyber Security and Information Assurance. In this latter appointment he was a major contributor to CESG’s move to a commercial business footing. John also had a role as a Non-Executive Director to a security company as well as providing Strategic Advice to a number of major UK and US IT Security companies. John’s recent major role was as the Global Strategic Cyber Security Adviser to Ultra Electronics Limited where he reported directly to the CEO on Cyber Security matters. He also provided Strategic Advice to FireEye, Booze Allan and Safenet, three large US Cyber companies. John has the unique experience of having held appointments in Defence, the Intelligence Services and Industry.

John is currently a Deloitte Associate.

John is a retired officer of the UK Royal Corps of Signals, a Corps in which he served for 33 years rising to the rank of Colonel.

John is a qualified engineer and has held a number of strategic engineering appointments in the UK Ministry of Defence including system support to PTARMIGAN and WAVELL, the army’s tactical communication and CIS systems, Director in the Procurement Executive as Project Director for Army Electronic Warfare, Battlefield Target Engagement System (BATES), Air Defence CIS system (ADCIS) and WAVELL managing £1B of programmes.

John has also worked in the R&D environment working on Electronic Warfare Simulation. John also served in various operational environments including Loan Service to the Trucial Oman Scouts (A Paramilitary Force) in the Middle East.

John has chaired many international committees dealing with Cyber, Information Assurance, Communications and Interoperability. John is well known on the national and international Cyber/ Information Assurance Conference circuit where he has chaired many events and has given over 100 talks on Cyber and Information Assurance. John is a renowned Evangelist for Cyber Security and Information Assurance.

John held the position of an International Class Director for the Armed Forces Communications and Electronics Association (AFCEA) International (Fairfax Virginia USA). John is a past President and Vice-President of the AFCEA UK WEST Chapter and he served as a Member at Large for AFCEA London in the early 90s. John was also the Cyber Security Lead for the BCS Security Community of Expertise.

John was awarded the CESG/GCHQ Directors Medal in 2003.

John was elevated to the Infosecurity Europe Hall of Fame in 2012.

John was nominated “Godfather of Cyber Security 2021” at the Unsung Cyber Heroes Award Ceremony in the city of London in October 2021


50% of software vulnerabilities are found in the design. Once in production, they’re 100x more expensive to fix. The answer? Threat modeling. By scoping your security requirements in the design stage, you can avoid developer rework and delays to production – so why is no one doing it? In this session, Jonny Tennyson, Head of Client Innovation at IriusRisk, will talk about what threat modeling is, why people aren’t currently threat modeling, and ultimately ask the question: ‘why aren’t we all threat modeling?’

APIs are the lifeblood of modern Internet-connected services and they are becoming an increasingly popular target for cyber attacks. Daniele Molteni, Firewall Product Manager at Cloudflare, will discuss the most common security threats for API traffic and what technologies can be deployed to identify vulnerabilities and defend critical infrastructure.

One of the biggest challenges security teams face today is the inability to continuously detect and mitigate cyberattacks at scale. Adversaries are constantly improving their techniques and evading defences, leaving security teams scratching their heads.

In this talk, Toby Wilmington, Senior Sales Engineer at Recorded Future, will demonstrate how access to security intelligence empowers organisations to learn how to understand their enemy and take action, before they have the chance to cause real damage.

Please take time to visit our sponsors, and interact live with speakers and staff members within their booth.

Who knew that lessons from biology could be applied to role management? In this session, we’ll take a look at role definitions – historically seen as depreciating assets – and consider the ways that role explosion occurs as roles inevitably age to a state of minimal business value. We’ll discuss the rule of least privilege in relation to user need and explore a modern, intelligence-led approach to keeping roles current, viable, and as fresh as a pomegranate

Mistakes are part and parcel of human nature but they don’t have to be costly and time draining. This session addresses the common issue of mistake rectification and shows MSPs how they can cover themselves against loss of information, time, revenue and reputation with IT Glue.

The webinar will cover:

  • Ensure compliance and access 30 days of documentation activity logs
  • Identify the exact cause of documentation mistakes
  • Rectify mistakes with deletion recovery and access to previous versions

New stories of ransomware attacks seemingly hit the news every day; so how do you ensure your company, data, and self are safe? Alert Logic’s routine tracking allows us to keep up with the latest tools, techniques, and practices of attackers for you and provide protection from their most critical threats.

Alert Logic’s Snr. Technical Product Marketing Manager, Josh Davies, will be discussing:

• Why advanced detection is key to closing the gap between known and unknown Cyber Threats

• How 24/7 MDR can support you before, during, and post breach

• A real-life use case: how Alert Logic managed a breached network and stopped a ransomware attack

Please take time to visit our sponsors and network in our lounge.

No matter the size or industry, company leaders recognize that minimizing external threats are of paramount importance. As a result, companies value their SOCs and consider them critical to their cybersecurity strategy, however, it is not always easy to quantify the ROI of these investments. In this session you will not only learn how to capture the ROI, but to improve it as well.

Everyone is moving to the cloud, faster than planned. Most organizations have their sights on adopting a multi and/or hybrid cloud strategy this year. Yet, 75% of cloud security breaches are expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner]. So how do you protect your growing multi cloud infrastructure? AWS alone currently offers some 258 services and involves 9,286 total permissions. Remote work is adding to identities and permissions explosion — increasing access risk. Securing and governing access is further compounded by the fact that each public cloud has its own way of managing permissions and privileges. Join Ermetic’s Or Priel, VP Product Management, for a better understanding of managing identities, permissions and privileges in AWS and Azure.

We will explore:

  • AWS IAM roles and policies and Azure RBAC Strategies for enforcing least privilege with confidence
  • Governing access and protecting sensitive resources
  • Mitigating multi cloud risk using automation and analytics

Join Stu for an informative fireside chat with our Chair, Col (Rtd) John Doody.

Stu was instrumental in building Skyscanner’s Security team from 2015-2017, having led them to the final of SC Magazine’s Security Team Of The Year 2017. He has previously worked in security at The Trainline, was part of the Cyber Leadership Team at Capital One UK, Photobox Group and Interim Director at Just Eat He has twice been nominated as a finalist for Cyber Evangelist Of The Year at the Scottish Cyber Awards and is one half of Cyber Scotland Connect. Stu has key-noted at numerous leading Security events such as InfoSec Europe, Cloud Expo Europe, BSides (various) and Future Of Cyber Security.

As most companies adopt a hybrid workplace or “work from anywhere” approach for the long term, they are accelerating their adoption of cloud, using more SaaS services and migrating off legacy infrastructure. This transition is not without challenges. Workloads and data are now not just within corporate datacentres, they are in the cloud, on employee devices at home and at edge locations. Visibility becomes limited as work from home users become invisible to enterprise inventory systems. In addition, the security stack in HQ cannot protect remote users or remote branches who directly access SaaS applications in the cloud, without sending traffic back to HQ. This is where DNS security comes in.

Join this session to learn how DNS security:

– Provides full visibility across data centre, private/public clouds, home, and remote locations

– Expands security using DNS as a foundational control point to protect work from anywhere users

– Speeds up incident response times with automation and ecosystem integrations

Discover how to retain talent and grow revenue TSD helps improve employee experience. When you develop a learning culture within your organisation it becomes almost self-sustaining – add in custom upskilling and reskilling and you’re in a position to make a real difference to your bottom line. Understand how TSD can help foster innovation An agile approach to tech skill moves the needle on your push for innovation. Customised courses, tailored to each employee, banishes the ‘one size fits all’ approach and liberates your employees to embrace new technology and push onwards to innovation.

Please take the time to visit our sponsors within the exhibition hall

These days, ransomware needs no introduction. Ransomware attacks have become so frequent that one occurs every 11 seconds with an average ransom of around $300,000. The largest known ransomware payout was $40 million in 2021.

Join LogRhythm Senior Threat Research Engineer, Sally Vincent as she breaks ransomware down into bite-sized pieces to help you better understand it, and ultimately, how to detect it. The MITRE ATT&CK framework offers ways to classify the distinct parts of a ransomware attack.

By using MITRE, you can identify ransomware attacks and determine how to detect them faster.

In this session, you will learn about:

• Common ransomware MITRE techniques

• How to detect ransomware precursors

• Best practices to detect ransomware

In its report, The State of Ransomware 2020, Sophos found more than half of organisations were hit by ransomware in the last year, and nearly three quarters of attack victims said the cybercriminal succeeded in encrypting their data. It’s a growing dilemma for businesses, who are reliant on their cyber security to offer optimum resolution to posing threats and maintaining the quality of their daily usage online. But for IT professionals and executives, it’s easy to undervalue basic reasons on how to stay cyber safe.

This webinar, in partnership with Sophos, highlights the four common cybersecurity incident response mistakes:

1. Waiting too long to react

2. Declaring “mission accomplished” too soon

3. Relying on complete visibility

4. Assuming you can handle your issues on your own

Many firms have conceded that cyber security is an ongoing task that requires full investment and time to make their stakeholders completely satisfied, and here, Sophos focuses on ways it can help your business within three key areas: protection, visibility and expertise.

Information Security is traditionally considered a cost centre, focused on risk. The success of which has been hard to illustrate, harder to communicate, and very expensive. What if there was a way companies could convert their assurance into revenue, have security increase earnings, and become very appealing indeed to the business?

Greg van der Gaast is a frequent speaker and consultant on bringing care, initiative, and accountability to the Information Security profession to break out of today’s costly and often ineffective reactive status quo. He is an expert at building Information Security organisations that perform better at protecting the business and enable it through numerous other benefits, including increased IT quality, new business capabilities, and even additional revenue. He does this by introducing elements of leadership, strategic thinking, and business alignment rarely seen in Information Security. His security and business experience spans nearly 25 years, from covert operations with the FBI and DoD to creating bespoke security programmes and organisations for Fortune 500 companies. In addition to being the CISO of Scoutbee GmbH, he is also a Bloor Navigator and Managing Director at consultancy CMCG.


Inventor and Pyromancer.

Coming from a family dynasty of Magicians, Sirus is a real life wizard.

When not at events Sirus can be found at his residency at the House Of Magic in London.

His virtual magic show will leave you stunned!

Programme Day 2

Investigative journalist Geoff White has covered technology for BBC News, Channel 4 News, Audible, Forbes online and many others. Crime Dot Com, his book on cybercrime for Reaktion Books, will be published on August 10, 2020. His exclusives reveal tech’s impact on our lives: the controversial police use of facial recognition; the failure of artificial intelligence therapy apps; hi-tech call centre scams that have cost victims their lives’ savings; fraud in the internet dating industry.


A large percentage of organisations understand the importance of modern security in cloud native deployments, but few seem to be following through on that. In this session we will talk through the trends that Rapid are observing through conversations about Cloud security. How we can identify the gaps and value we are getting from a combination of skills and tooling. And what modern security means in a world of traditional security with cloud native solutions. Whether Cloud security requires an entirely different approach that emphasizes what Cloud is all about?

The widespread adoption of cloud services has created digital environments where businesses can innovate, collaborate, and share more than ever before. However, this is often at the cost of visibility and control. Join Mariana Pereira, Director of Email Security at Darktrace, as she discusses the challenges of securing cloud infrastructure and SaaS applications, and learn why Self-Learning AI is best-in-class in protecting organizations’ dynamic workforces and constantly-changing digital infrastructure.

Daniela Waugh is a relative newbie in the world of information security, yet she has an extensive experience from various sectors and big organisations such as Capita, Warwickshire Police and Selco Builders Warehouse. She is an advocate of online privacy, mentor and a volunteer with her heart set on improving information security through creating meaningful relationships within organisation to drive success and understanding the importance of information security and accountability on appropriate levels.

Many organizations struggle with digital transformation, hybrid workforces and cloud computing, particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward, while delivering quality services and balancing cost and risk. We will also talk about the approach to trusting a brand while applying a “Zero Trust Technical Architecture and Zero Trust Operating Model”


Please take the time to visit the sponsor booths within the exhibition hall

No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Javvad Malik, Security Awareness Advocate for KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life and details of sophisticated social engineering and online scams.

Key Takeaways:

• The Perception Vs. Reality Dilemma

• Understanding the OODA (Observe, Orient, Decide, Act) Loop

• How social engineersand scam artists achieve their goals by subverting OODA Loop’s different components

• How we can defend ourselves and our organisations

Today’s work environment has been fast-tracked along its journey to hybrid working. As this evolution has driven an increasingly digital landscape, workers are now using cloud-based applications on a daily basis, giving rise to new advanced threats. The transition of the modern workplace from a place to an activity has also made the traditional concept of a network perimeter redundant. We are now in an era where security needs to be designed around an entirely new perimeter, built on identity and context. This is where Zero Trust and ZTNA (Zero Trust Network Access) comes in, as part of the journey towards SASE.

Join Censornet’s CTO Richard Walters as he dispels the SASE one-size-fits-all myth, and instead explains how it can be adapted to serve the needs of a world where the perimeter is no longer “entombed in a box” but anywhere the enterprise needs it to be. Richard will also explore how the smart decisions you make today will optimise your future cloud and network security.

Moving applications to the cloud is a crucial step in most organisation’s digital transformation plan, but it can trigger a series of unexpected challenges.

This session will examine the following:

· How to ensure that the cloud applications will have the same level of security as on-premises applications

· Understanding the impact on both on and off-network users accessing the applications?

· Shortcomings of a virtual private network (VPN) for remote access

· How to respond to an increased digital attack surface and aggressive threat landscape.

The promise of adding new security tools and capabilities to security operations efforts is more intelligence to make better, more well informed decisions with, but do they deliver on that promise? If a Security Operations Center (SOC) team receives hundreds of “high priority” alerts every day should they even trust the risk score that is being used? In this session we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

Jamie will start off his talk with a bit about himself and how he got into security and some of the organisations he has worked for. He will then move onto the evolutionary aspects of security and how it has evolved from back in the 90s to where we are at now.

Jamie’s speciality is the human side to security. His talk is not focused primarily about that, but he also talks on a broad spectrum of topics from the human element to security, to ransomware, remote working and Covid 19 and the impact on security. He will also include some live demonstrations throughout his presentation – one being how to infiltrate a nuclear facility without any credentials.

In his late 20s, Jamie Woodruff is one of the world’s leading authorities on hacking and cyber security. Woodruff entered the public eye when he successfully hacked Facebook as part of a student competition at Bangor University where he was studying computer information systems. He has since uncovered security holes in numerous high-profile operations, including Kim Kardashian’s website, which he hacked.

Cisco aims to take the industry’s common misconceptions and bust the myths about women working in cybersecurity roles . In this discussion, learn about the diverse range of opportunities a career in cybersecurity can provide.


Your clients are aware of the Dark Web but how much do they know about how it has taken hold of them? Bursting with ever evolving threats, what clients think they know about the Dark Web today, won’t be the same tomorrow, and despite having taken some ‘protection’ measures, they will still be compromised, right now! This is your opportunity to impress your clients and boost your sales with total knowledge of where the Dark Web has taken hold and a complete portfolio of armour against these often business breaking threats!

Please take the time to visit the sponsor booths within the exhibition hall

As the volume and impact of security threats increases organisations large and small need to adapt their approach to ensure they can successfully detect and respond to threats. This session will look at core components of a modern security operation, and how they need to work together to defend an organisation from the threat actors of today and tomorrow.

RangeForce believes the days of boring, week-long, training courses, hosted in smelly training rooms and designed primarily to get the user through a single instance certification exam, should now belong to pre-COVID history. Elite SOC and cyber defence teams deploy continuous professional education, long since stipulated in other critical, vocational careers. RangeForce is at the forefront of a revolution in this space, opening up the concept of “Combination Learning”. We incorporate individual, self-paced, hands-on skills development, interspersed with pressurised team training exercises, where learners must respond to live cyber incidents in real time. All delivered through the browser and at a fraction of the cost of the “old way”.

Our people are central to our organisations’ success and reputation. We have known for years that cyber-criminals target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem. We need to take a fresh look. Security that doesn’t work for people, doesn’t work. All of us have our role to play in staying safe online and reducing the risk of cyber-attacks and data breaches. The behavioural science and techniques for how we ensure our people play a collaborative role in our cyber awareness education are adapting – but what are the practical challenges and opportunities in moving beyond awareness to developing a people-centred security culture. This short presentation will outline new insights and innovation from the front-line – from expert security education practitioners and leading human factors academics – and outline ideas for transforming your human cyber risk management.



Delegates booked so far

Community Area


Home Workouts


spaghetti Bolognese