Agenda

Date and TimeTitle
Sep 21, 2021 (London)
9:00am - 9:30am
Connecting Women in Cybersecurity

Cisco aims to take the industry’s common misconceptions and bust the myths about women working in cybersecurity roles . In this discussion, learn about the diverse range of opportunities a career in cybersecurity can provide.

Speaker: Nish Parkar

Cybersecurity Communications Manager & Women in Cybersecurity Co-lead, Cisco

As Global Communications Manager for Cisco Secure, Nish is responsible for influencing 70,000+ Cisco employees, customers and partners and helping them understand Cisco’s Cybersecurity strategy and offerings. Previous to this role, she held other roles at Cisco in Sales and Account Management, as well as leading Business Development for Media & Entertainment in Europe, Middle East, Africa and Russia. She has also held Sales Executive and Enablement roles at Vodafone and at Data Science company, IQVIA. Nish is passionate about building inclusive cultures and is co-leading Cisco Secure’s efforts for driving an inclusive future for all. She is a seasoned events host and presenter and most notably a friendly face of Cisco Live, Cisco’s flagship annual event attracting millions of customers and partners every year. Nish is also a regular speaker at technology events and is often at the heart of discussions on culture, diversity and leadership as well as the positive application of technology. In 2019, Nish spoke about all of the aforementioned topics she is passionate about in a TedX talk entitled “Technology for Good”. Nish is most energised when working with high-impact teams to drive change for the better. She is passionate about giving back, particularly when given opportunities to advance Women in Technology. Her other interests include travel and learning about other cultures, boxing, and giving in to every demand of her nine-month sassy cockapoo puppy, Simba.

Speaker: Petra Manche

Engineering Technical Leader, Cisco

Petra Manche brings 28 years experience in the information technology (IT) business, 25 of which have been in cybersecurity. She joined Cisco’s Global Certifications team in 2018 and is currently an Engineering Technical Leader responsible for Common Criteria evaluations of many Cisco products. Petra has 20 years of Common Criteria experience working both in a CC Laboratory and for vendors performing certification. In 2020, Petra was elected chair of the Common Criteria Users Forum (CCUF) Management Group after having served on its board since 2012. The CCUF, provides a voice and communications channel amongst the Common Criteria community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.

Speaker: Laura Waller

Program Manager, Information Security, Cisco

Laura Waller is an technical program manager and has been working at Cisco for 6+ years. She has a strong technical background developed from completing a degree in forensic computing and security as well as continuing to advance her knowledge by completing other qualifications including CISSP. Her current role allows her to play to her strengths of communication and relationship management by working with different parts of the business and managing security programs for the enterprise. She is passionate about diversity in the workplace and is active on challenging the status quo.

Sep 21, 2021 (London)
9:30am - 10:00am
Siemplify SOARing into Modern Secops

No matter the size or industry, company leaders recognise that minimising external threats are of paramount importance. As a result, companies value their SOCs and consider them critical to their cybersecurity strategy. In this session you will learn how our complete security operations platform addresses the broadest set of SecOps needs and how it is the SOC managers secret weapon to driving continuous improvement.

Speaker: Neil Nicholson

Enterprise Sales Director UK & Nordics

Neil Nicholson is Enterprise Sales Director for UK & Nordics for Siemplify. He has more than 10 years experience in the Cyber Security space, including various positions at vendors, resellers, and distributors. Neil is responsible for accelerating growth for Siemplify in the UK, Nordics & Benelux, focused on building a deep understanding of customers challenges and how these can be addressed by SOAR and building partnerships with existing and new customers. Prior to joining Siemplify, Neil held positions at Check Point Software Technologies and Forcepoint where he was responsible for building and managing client relationships and helping guide their cybersecurity strategy.

Sep 21, 2021 (London)
10:00am - 10:30am
Ransomware, threats, risk, experience, morale and trying to make sense of it all

Join us and learn about the recent increase in the number of ransomware events which is driving organisations to reassess their security posture with a view to reducing risk. In this session we will talk about the methods you can use to reduce risk, including the use of intelligence and automation.

Sep 21, 2021 (London)
10:45am - 11:15am
Reducing Ransomware at Scale: Exploring the Ransomware Task Force's Recommendation

In 2020, ransomware attackers made more than $350 million and caused terrible disruption, particularly in healthcare. Combatting this blight requires a comprehensive, multi-faceted strategy adopted in collaboration by governments around the world. To this end, the Ransomware Task Force brought together experts from governments, private, and non-profit sectors to identify actions that would help to disrupt, deter, prepare for, and respond to, ransomware attacks at scale. In April of this year, the Task Force issued its report, detailing 48 recommendations. This session will provide an overview of the recommendations, discuss the rationale behind them, and clarify next steps.

Sep 21, 2021 (London)
11:15am - 11:45am
Zero Trust and beyond: a journey for everyone

The traditional perimeter is dead! So how do you protect your network in 2021 and beyond? The answer is a fundamental shift in your attitude to security, away from implicit trust and towards a default position where you trust no one without good reason. The first step on the pathway is Zero Trust Network Access (ZTNA). Even if you are not currently planning to adopt a Zero Trust approach, the technology decisions you make today will impact the ease of turning to this technology in the future. We invite you to take the next step towards a more secure future by using our simple, accessible approach, which allows you to benefit from the security advantages of Zero Trust… and beyond.

Sep 21, 2021 (London)
11:45am - 12:15pm
Keynote Presentation - Ste Watts, Group Head of Security Operations - Aldermore Bank - 'How Cyber Threat Intelligence (CTI) Can Super Charge Your Business'

What is Cyber Threat Intelligence? Why should businesses and security teams care about it? Does it solve all of my problems? Join me whilst I take you on a whistle-stop tour of CTI and explore some of the reasons why it should be part of your cyber/info security strategy.

Sep 21, 2021 (London)
12:45pm - 1:15pm
CSPM, CWPP, CNAPP & CASB, Oh My!

The vendor landscape for cloud security and compliance solutions is crowded, diverse, and confusing. Join Security Engineer Andy Condliffe as he breaks down the vendor landscape drawing on Orca and Analyst research, including Gartner’s recent Cool Vendors in Cloud Security Posture Management.

Sep 21, 2021 (London)
1:15pm - 1:45pm
To Trust, or Not to Trust the Cloud; That is Your Compliance and Risk Question

Many organziations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk.

Sep 21, 2021 (London)
1:45pm - 2:45pm
Live Headline Keynote - Alexis Conran, Security, Digital Risk and Crime Expert (as seen on 'The Real Hustle')

A charismatic and engaging keynote speaker, Alexis employs his knowledge of the dark and deceptive world of hustling, pickpockets and con-artists to speak candidly on the risks and security threats constantly faced by businesses, and to deliver important messages on the shrewdest ways to protect against the ever-increasing number of scams.

Sep 21, 2021 (London)
2:45pm - 3:15pm
How Old Arcade Games Teach New Active Directory Security Rules

Cybersecurity is a never-ending journey. The good old games are the same, always present and never out-of-date. Everyone knows Active Directory (AD). It is a seasoned IAM, not to mention one that nearly every organization in the world uses. There are built-in configurations and processes that “just work” without the need for any manual configurations that many administrators are not aware exist. Unfortunately, attackers are—and they leverage them to move laterally and gain privileges.

In this webinar, we will walk you through the most important security concepts and link them to some old arcade classics. (Who says videogames are useless?) If you’re anything like us, we know some of you cybersecurity experts are fans of the medium, and we will be using it to jog your memory and define 10 fundamental security concepts. Yes, some retro rules are still relevant in the current war against malware, poor system configuration and black hats.

It’s time to review and remember the happy days.

Speaker: Sylvain Cortes

Security Strategist

Sylvain Cortes is an Identity & Access Management (IAM) and cybersecurity expert. He works mainly with large organizations to execute identity and directories governance projects, including authentication processes, cross-OS privileges management, cloud identity management, and Active Directory cybersecurity. He has developed a deep expertise in AD bridge projects integrating Active Directory with various operating systems like Unix, Linux, and MacOS. Sylvain has been a Microsoft MVP in Active Directory, MIM, and Identity & Access for 16 years.

Sep 21, 2021 (London)
3:15pm - 3:45pm
Transforming your Data Center to the Hybrid Cloud in Three Phases

Organisations are in the midst of a strategic realignment of their information technology programs. This change is led by factors that were accelerated during the COVID-19 global pandemic including:

* Growing awareness of the large impact of malicious cyber events

* Rapid acceleration of public cloud and Software as a Service (SaaS) adoption

* Expanded implementation of microservices-based development models

* Embracing automation and consolidation to drive-down operational costs

* Increase in reliable high bandwidth commodity broadband

* Productivity benefits associated with work-from-home

Given the trends, we will show you how IT leaders are adopting transformation programs including:

* Automated intelligence-based threat prevention across network, cloud, endpoint, and mobile to prevent advanced attacks

* Cloud-first IT built on agile development

* Data center consolidation and modernization

* Edge-delivered security for users

Speaker: Avi Rembaum

Vice President, Security Solutions, Check Point

Avi is responsible for the company’s solution center, incident response team, strategic alliance program and security architecture function. In a previous role, he was responsible for the company’s business relationships with the Tier-1 Telcos in North America. Avi first began working in the information and network security industry in 1997, when he joined RADGUARD’s marketing team. He also held product management positions at RedCreek and SonicWALL and practice manager roles at RedCreek and Getronics, now CompuCom.

 

Sep 21, 2021 (London)
4:00pm - 4:30pm
Revil: Pick Your Path

Today’s ransomware actors are operating to devastating effect as evidenced by the Colonial Pipeline and JBS attacks, showing that a successful attack can disrupt any business. How would your organisation handle such an attack? Join us where we will walk your organisation through the steps and EFFECTS of the REVIL ransomware attack as if it were on your infrastructure.

Sep 21, 2021 (London)
4:30pm - 5:00pm
Essential techniques to control privileged access across the enterprise

In the session, we will discuss a new approach to Privileged Access Management, which can help organizations secure every privileged user, session, and asset across their enterprise. Covered topics will include: -What are the risks associated with unmanaged privileged accounts? -Why does relying on password management alone leave dangerous gaps in security -Understand your internal PAM landscape -Keys to a PAM solution that is invisible to end users.

Sep 21, 2021 (London)
5:00pm - 5:30pm
Keynote Presentation from Mike Koss, Head of Cyber Security, Rathbone Brothers PLC

Mike's talk will be a light hearted discussion about the current state of cyber security, ask the question, are the defenders winning then talk cover some of his experiences from both sides of the fence and end on what will hopefully be a positive note.

Sep 22, 2021 (London)
9:00am - 9:30am
Spies like Us: Cuban “Numbers Stations,” Shared Signals, and the Move to Real-time Authorisation

Numbers stations have been in use in spy craft for the last 60 years. Their shortwave radio can reach around the globe, can be received by off-the-shelf equipment that is globally available, and, most importantly, they can provide crucial information to a distributed network of agents. Identity in the future will require a similar approach; no longer can decisions *only* be made in a central location at “admin-time.” We’ll examine the emerging trend towards a distributed, scalable authorisation model—one that is being driven by a new standard that allows for the sharing of identity information during a user’s session, called “Shared Signals.”

Speaker: Mike Kiser

Senior Identity Strategist, Office of the CTO

Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently a Senior Identity Strategist for SailPoint Technologies.

Sep 22, 2021 (London)
9:30am - 10:00am
How Zero Trust Network Access can stop ransomware from stopping you

Ransomware wreaks havoc by infiltrating user devices, then spreading laterally across resources on the network until it achieves full network lockdown. To stop infection and spread, the Cybersecurity and Infrastructure Security Agency (CISA) recommends that security teams implement a sweeping set of at least 24 measures including phishing prevention, vulnerability management, as well as careful configuration of remote access services like the VPN and RDP.

You can address at least 4 of those 24 recommendations by implementing a Zero Trust Network Access approach, which replaces blanket network access with default-deny rules in front of all corporate resources.

In this session, Phill Toms, Zero Trust Product Specialist at Cloudflare, will share how replacing your VPN with Zero Trust Network Access can reduce the risks of ransomware attacks in your enterprise.

You’ll learn:

• Real world examples of ransomware attacks, and how Zero Trust principles could have helped mitigate them

• How replacing VPNs with a Zero Trust model helps stop lateral movement in its tracks

• Cloudflare’s platform for preventing delivery and lateral movement of ransomware

Sep 22, 2021 (London)
10:15am - 10:45am
Levers of Human Deception: The Science and Methodology Behind Social Engineering

No matter how much security technology we purchase, we still face a fundamental security problem: people.

This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Javvad Malik, Security Awareness Advocate for KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life and details of sophisticated social engineering and online scams.

Key Takeaways:

• The Perception Vs. Reality Dilemma

• Understanding the OODA (Observe, Orient, Decide, Act) Loop

• How social engineers and scam artists achieve their goals by subverting OODA Loop’s different components

• How we can defend ourselves and our organisations

Speaker: Javaad Malik

Security Awareness Advocate

Javvad Malik is a Security Awareness Advocate at KnowBe4, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speak to both technical and non-technical audiences alike. Prior to joining KnowBe4, he was security advocate at AlienVault. Before then, he was a Senior Analyst at 451’s Enterprise Security Practice (ESP).

Sep 22, 2021 (London)
10:45am - 11:15am
The Battle of Algorithms: How AI is beating AI at its own game

Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous, and harder to identify. As AI-driven attacks evolve, they will be almost indistinguishable from genuine activity, and conducted at an unprecedented speed and scale. In the face of offensive AI, only defensive AI can fight back, detecting even the most subtle indicators of attack in real time, and respond with surgical actions to neutralize threats - wherever they strike.

In this session, discover:

· How cyber-criminals are leveraging AI tools to create sophisticated cyber weapons

· What an AI-powered spoofing threat may look like, and why humans will not be able to spot them

· Why defensive AI technologies are uniquely positioned to fight back

Speaker: Toby Lewis

Head of Threat Analysis

Prior to joining Darktrace, Toby spent 15 years in the UK Government’s cyber security threats response unit, including as the UK National Cyber Security Centre’s Deputy Technical Director for Incident Management. He has specialist expertise in Security Operations, having worked across Cyber Threat Intelligence, Incident Management, and Threat Hunting. He has presented at several high-profile events, including the NCSC’s flagship conference, CyberUK, the SANS CyberThreat conference, and the Cheltenham Science Festival. He was a lead contributor to the first CyberFirst Girls Competition, championing greater gender diversity in STEM and cyber security. Toby is a Certified Information Systems Security Professional (CISSP) and holds a Master’s in Engineering from the University of Bristol.

Sep 22, 2021 (London)
11:30am - 12:00pm
Taming the beast within the SDLC

For those in application security, it’s no secret that there’s often friction around testing time. Security vs. speed to market creates an atmosphere of software engineers vs. security pros – and it really doesn’t have to be this way. Jenna Preston syncs with two of threat modeling’s most passionate advocates, Cristina Bentué and Natalia Girabet, who will share their experiences of tackling this issue head-on by bringing scalable security design to DevOps – all whilst help promoting the role of women within Application Security

Speaker: Cristina Bentué

Chief Operating Officer and Co-Founder of IriusRisk

Cristina Bentué is Chief Operating Officer and Co-Founder of IriusRisk: a global scale-up with a powerful, automated threat modeling platform that helps organisations scale secure application design. After studying extensively in Near-Eastern Studies, she forged her successful career in technology startups between Barcelona and London and currently co-manages IriusRisk’s Research and Development department. A passionate advocate of women in technology, Cristina makes it her personal mission to create a diverse and inclusive family at IriusRisk and is known to engage in community projects that encourage STEM education amongst girls.

Speaker: Natalia Girabet

Senior Software Engineer, IriusRisk

Natàlia Girabet is a senior software engineer at IriusRisk and previously spent the bulk of her career in the financial services sector. Her role is to analyse and develop solutions for IriusRisk’s automated threat modeling platform. In her spare time, Natàlia takes part in initiatives such as Technovation as a mentor to young girls, women, and children to introduce the many fruitful career paths that are open to them and help them gain the skills and confidence they need to start successful technology careers.

Sep 22, 2021 (London)
12:00pm - 12:30pm
Validating Zero Trust Network Security with Breach and Attack Simulation

A modern digital business has no perimeter; it lives everywhere it’s customers connect and everywhere it’s employees and partners interact with it’s data and services. Whether it’s the “new normal” model of working from home, or the migration of services to cloud, your attack surface is constantly increasing & changing. Zero Trust is a strategic approach to security that eliminates that explicit trust that is currently prevalent, and instead adopts an “assume breach” mindset. In this session we discuss the approach to Zero Trust, and how Breach & Attack Simulation (BAS) gives security teams the ability to continually validate their security posture by continuously attacking their defenses.

This session covers:

• How Zero Trust Architecture solves current security challenges

• Why Zero Trust Architecture requires continual validation with Breach and Attack Simulation

• How Breach & Attack Simulation gives security teams the edge

Sep 22, 2021 (London)
1:00pm - 1:30pm
Security and the C-Suite: Evaluating the influence of security leaders

According to new research from LogRhythm and Ponemon, 93% of security leaders do not report to the SEO. In fact, most are three levels away from the CEO, making it difficult to ensure that leadership has an accurate and complete understanding of security risks. This session will explore the state of the influence of security leaders, security budgets and spending priorities, factors and challenges affecting the security leader’s role, and how to make security priorities business priorities within an organisation.

Sep 22, 2021 (London)
1:30pm - 2:00pm
Q2 2021 Malware Trends: Ransomware Operators Add DDoS, Target Critical Infrastructure and Linux Systems; Botnet Space Evolves

This talk continues our quarterly series analysing trends in malware use, distribution, and development. Insikt Group used the Recorded Future® Platform to look at mainstream news, security vendor reporting, technical reporting around malware, vulnerabilities, security breaches, and dark web and underground forums from April 1 to June 30, 2021, to examine major trends to malware impacting desktop systems and mobile devices. The trends outlined in this talk illustrate the tactics, techniques, and procedures (TTPs) that had a major effect on technology. This talk will assist threat hunters and security operations centre (SOC) teams in strengthening their security posture by prioritising hunting techniques and detection methods based on this research and data.

Sep 22, 2021 (London)
2:00pm - 3:00pm
Live Q & A – Col. John Doody interviews John Noble CBE, Non-executive director at NHS Digital

John Noble CBE

John Noble CBE is a non-executive director on the NHS Digital Board. He joined the board on 1 July 2018 & leads for information & cyber security, along with chairing the Information & Cyber Security Committee (IACSC).

Formerly, he was Director of Incident Management at the National Cyber Security Centre (NCSC), where he led on nearly 800 major cyber incidents. Prior to that, John spent 4 years at the British Embassy in Washington, USA.

During his 40 years of Government service, John specialised in operational delivery &  strategic business change. For his work in creating effective partnerships in the run up to the London Olympics, he was awarded a CBE in 2012.

Colonel John Doody is the Author of new book “From Stripes to Stars” & Director of Interlocutor Services,  a company established to promote Information Assurance & Cyber Security issues nationally & internationally Prior to this John served at CESG/GCHQ for 10 years in the role of Head of Information Assurance Customer Services.

 A memorable encounter is anticipated.

Sep 22, 2021 (London)
3:00pm - 3:30pm
Looking beyond EDR to comprehensive detection and response

While security challenges have been influenced by recent technological advances, global events and the adoption of widespread hybrid working, the fundamental challenges remain. Organisations are still struggling with achieving visibility across their entire environment as they look to decrease their mean time to detect and respond to cyber threats and attacks.

In response, the Threat Detection and Response market has exploded with tools and it can be difficult to untangle the acronyms and ensure you are combining the right tools with people and processes to maximise value.

Join Josh, who will apply his experience as a SOC analyst to cover:

• EDR, XDR, MDR: what is the difference

• Discuss challenges facing organisations when implementing a detection and response program

• A practical guide to successfully evaluating EDR, XDR & MDR solutions

Sep 22, 2021 (London)
4:00pm - 4:30pm
The Importance of Upskilling Quality Management in the Age of Cyber and Converged Security

This talk will examine how organisations could build up resilient procedures and speed up their security compliance despite the challenge regarding the worldwide shortage of cyber experts we face.

Maria Dimitrova is IMSM's Head of Business Development and is truly an international expert. She has worked in several EU countries and has been involved in technological and consultancy projects for over twenty years. She holds an MBA and is a certified lead auditor for ISO management systems such as ISO 9001 Quality, ISO 45001 Occupational Health and Safety, ISO 27001 Information Security, and ISO 22301 Business Continuity. Maria is also affiliated with the Chartered Institute of Information Security.

Maria participates in several IMSM events, expos, and live sessions, so for those unable to attend a sponsored event or summit, her talks are still available to you through social platforms. With topics such as, Enabling a Culture of Continual Improvement in Public Procurement, ISO's Aim for Standardization in Machine Learning, A New Approach to Business Continuity, and many others, you can access a range of valuable information. Even after an event has passed, you can still post questions on these discussions as Maria is always available to respond and share her knowledge and expertise. However, today Maria is on hand and will be sharing her expertise as she discusses "The Importance of Upskilling Quality Management in the Age of Cyber and Converged Security." This talk will examine how organisations could build up resilient procedures and speed up their security compliance despite the challenge regarding the worldwide shortage of cyber experts we face. You won't want to miss this.

Sep 22, 2021 (London)
4:30pm - 5:00pm
Project 2030: Scenarios for the Future of Cybersecurity

Security professionals may be dialed in on the here and now of current cybersecurity risks, especially while dealing with a global pandemic. However, keeping an eye on the future of technology and the threats that come with it, is just as important. Similar to our Project 2020 report, Trend Micro takes a holistic look at what 2030 could hold from the viewpoint of an individual, an organization, and a government.

Sep 22, 2021 (London)
5:00pm - 5:35pm
Keynote Presentation from Zoe Mackenzie, Board Member, Women in Cyber Security UK (WiCyS) & Information Security Specialist, Dr Martens. 'A Day in the Life of a Cyber Security Analyst'

This talk will cover Zoe's personal experience in her journey into the security industry, and what a day in the life of a Cyber Security Analyst looks like. She will discuss her career to date, including the transferable skills she gained along the way. The aim of this session is to inspire the next generation of cyber security leaders into the field and to demystify the day-to-day skills required to fulfil this position. Key takeaways of this session will include what skills are required to enter the security industry, both technical and non-technical, and how they play a key part in success.