Agenda

APIs are the lifeblood of modern Internet-connected services and they are becoming an increasingly popular target for cyber attacks. Daniele Molteni, Firewall Product Manager at Cloudflare, will discuss the most common security threats for API traffic and what technologies can be deployed to identify vulnerabilities and defend critical infrastructure.

Who knew that lessons from biology could be applied to role management? In this session, we’ll take a look at role definitions – historically seen as depreciating assets – and consider the ways that role explosion occurs as roles inevitably age to a state of minimal business value. We’ll discuss the rule of least privilege in relation to user need and explore a modern, intelligence-led approach to keeping roles current, viable, and as fresh as a pomegranate

New stories of ransomware attacks seemingly hit the news every day; so how do you ensure your company, data, and self are safe? Alert Logic’s routine tracking allows us to keep up with the latest tools, techniques, and practices of attackers for you and provide protection from their most critical threats.

Alert Logic’s Snr. Technical Product Marketing Manager, Josh Davies, will be discussing:

• Why advanced detection is key to closing the gap between known and unknown Cyber Threats

• How 24/7 MDR can support you before, during, and post breach

• A real-life use case: how Alert Logic managed a breached network and stopped a ransomware attack

Speaker: Josh Davies

Product Manager

Josh is a Solutions Architect at Alert Logic and works with customers to identify appropriate security solutions to challenges across cloud, on premise and beyond. Formerly a security analyst, Josh has performed countless Incident Response and Threat Hunting tasks, identifying known and novel threats while working with responders to remediate compromise and improve security posture.

Everyone is moving to the cloud, faster than planned. Most organizations have their sights on adopting a multi and/or hybrid cloud strategy this year. Yet, 75% of cloud security breaches are expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner]. So how do you protect your growing multi cloud infrastructure? AWS alone currently offers some 258 services and involves 9,286 total permissions. Remote work is adding to identities and permissions explosion -- increasing access risk. Securing and governing access is further compounded by the fact that each public cloud has its own way of managing permissions and privileges. Join Ermetic’s Or Priel, VP Product Management, for a better understanding of managing identities, permissions and privileges in AWS and Azure. We will explore: AWS IAM roles and policies and Azure RBAC Strategies for enforcing least privilege with confidence Governing access and protecting sensitive resources Mitigating multi cloud risk using automation and analytics

As most companies adopt a hybrid workplace or “work from anywhere” approach for the long term, they are accelerating their adoption of cloud, using more SaaS services and migrating off legacy infrastructure. This transition is not without challenges. Workloads and data are now not just within corporate datacentres, they are in the cloud, on employee devices at home and at edge locations. Visibility becomes limited as work from home users become invisible to enterprise inventory systems. In addition, the security stack in HQ cannot protect remote users or remote branches who directly access SaaS applications in the cloud, without sending traffic back to HQ. This is where DNS security comes in.

Join this session to learn how DNS security:

- Provides full visibility across data centre, private/public clouds, home, and remote locations

- Expands security using DNS as a foundational control point to protect work from anywhere users

- Speeds up incident response times with automation and ecosystem integrations

Speaker: Krupa Srivatsan

Director, Product Marketing

Srikrupa has 20 plus years of experience in technology in various roles including software development, product management and product marketing. Currently, as Director of Product Marketing at Infoblox, she is responsible for messaging, positioning and bringing to market Infoblox’s security solutions that optimize operations and provide foundational security against known and zero-day threats. She has an MBA from University of California, Haas School of Business and a Computer Science Engineering degree.

These days, ransomware needs no introduction. Ransomware attacks have become so frequent that one occurs every 11 seconds with an average ransom of around $300,000. The largest known ransomware payout was $40 million in 2021.

Join LogRhythm Senior Threat Research Engineer, Sally Vincent as she breaks ransomware down into bite-sized pieces to help you better understand it, and ultimately, how to detect it. The MITRE ATT&CK framework offers ways to classify the distinct parts of a ransomware attack. By using MITRE, you can identify ransomware attacks and determine how to detect them faster. 

In this session, you will learn about:

• Common ransomware MITRE techniques

• How to detect ransomware precursors

• Best practices to detect ransomware

Information Security is traditionally considered a cost centre, focused on risk. The success of which has been hard to illustrate, harder to communicate, and very expensive.

What if there was a way companies could convert their assurance into revenue, have security increase earnings, and become very appealing indeed to the business? 

The widespread adoption of cloud services has created digital environments where businesses can innovate, collaborate, and share more than ever before. However, this is often at the cost of visibility and control. Join Mariana Pereira, Director of Email Security at Darktrace, as she discusses the challenges of securing cloud infrastructure and SaaS applications, and learn why Self-Learning AI is best-in-class in protecting organizations’ dynamic workforces and constantly-changing digital infrastructure.

Speaker: Mariana Pereira

Director of Email Security Products

Mariana Pereira is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialism in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian and Portuguese.

Many organizations struggle with digital transformation, hybrid workforces and cloud computing, particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward, while delivering quality services and balancing cost and risk. We will also talk about the approach to trusting a brand while applying a “Zero Trust Technical Architecture and Zero Trust Operating Model”

Today’s work environment has been fast-tracked along its journey to hybrid working. As this evolution has driven an increasingly digital landscape, workers are now using cloud-based applications on a daily basis, giving rise to new advanced threats. The transition of the modern workplace from a place to an activity has also made the traditional concept of a network perimeter redundant. We are now in an era where security needs to be designed around an entirely new perimeter, built on identity and context.

This is where Zero Trust and ZTNA (Zero Trust Network Access) comes in, as part of the journey towards SASE.

Join Censornet’s CTO Richard Walters as he dispels the SASE one-size-fits-all myth, and instead explains how it can be adapted to serve the needs of a world where the perimeter is no longer “entombed in a box” but anywhere the enterprise needs it to be.

Richard will also explore how the smart decisions you make today will optimise your future cloud and network security.

The promise of adding new security tools and capabilities to security operations efforts is more intelligence to make better, more well informed decisions with, but do they deliver on that promise? If a Security Operations Center (SOC) team receives hundreds of “high priority” alerts every day should they even trust the risk score that is being used? In this session we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

Speaker: Andy Condliffe

Lead Security Engineer (UK), Orca

Andy has over twenty years experience specialising in security and is currently helping organisations get full visibility to their cloud risks across the leading public clouds. He has designed security solutions for SME's to large Enterprises, both traditional and cloud based, engaging with staff at both technical and senior levels. He takes a pragmatic approach to solving problems at a business and technical level.

Cisco aims to take the industry’s common misconceptions and bust the myths about women working in cybersecurity roles . In this discussion, learn about the diverse range of opportunities a career in cybersecurity can provide.

Speaker: Nish Parkar

Cybersecurity Communications Manager & Women in Cybersecurity Co-lead, Cisco

As Global Communications Manager for Cisco Secure, Nish is responsible for influencing 70,000+ Cisco employees, customers and partners and helping them understand Cisco’s Cybersecurity strategy and offerings. Previous to this role, she held other roles at Cisco in Sales and Account Management, as well as leading Business Development for Media & Entertainment in Europe, Middle East, Africa and Russia. She has also held Sales Executive and Enablement roles at Vodafone and at Data Science company, IQVIA. Nish is passionate about building inclusive cultures and is co-leading Cisco Secure’s efforts for driving an inclusive future for all. She is a seasoned events host and presenter and most notably a friendly face of Cisco Live, Cisco’s flagship annual event attracting millions of customers and partners every year. Nish is also a regular speaker at technology events and is often at the heart of discussions on culture, diversity and leadership as well as the positive application of technology. In 2019, Nish spoke about all of the aforementioned topics she is passionate about in a TedX talk entitled “Technology for Good”. Nish is most energised when working with high-impact teams to drive change for the better. She is passionate about giving back, particularly when given opportunities to advance Women in Technology. Her other interests include travel and learning about other cultures, boxing, and giving in to every demand of her nine-month sassy cockapoo puppy, Simba.

Speaker: Petra Manche

Engineering Technical Leader, Cisco

Petra Manche brings 28 years experience in the information technology (IT) business, 25 of which have been in cybersecurity. She joined Cisco’s Global Certifications team in 2018 and is currently an Engineering Technical Leader responsible for Common Criteria evaluations of many Cisco products. Petra has 20 years of Common Criteria experience working both in a CC Laboratory and for vendors performing certification. In 2020, Petra was elected chair of the Common Criteria Users Forum (CCUF) Management Group after having served on its board since 2012. The CCUF, provides a voice and communications channel amongst the Common Criteria community including the vendors, consultants, testing laboratories, Common Criteria organizational committees, national schemes, policy makers, and other interested parties.

Speaker: Laura Waller

Program Manager, Information Security, Cisco

Laura Waller is an technical program manager and has been working at Cisco for 6+ years. She has a strong technical background developed from completing a degree in forensic computing and security as well as continuing to advance her knowledge by completing other qualifications including CISSP. Her current role allows her to play to her strengths of communication and relationship management by working with different parts of the business and managing security programs for the enterprise. She is passionate about diversity in the workplace and is active on challenging the status quo.

As the volume and impact of security threats increases organisations large and small need to adapt their approach to ensure they can successfully detect and respond to threats.

This session will look at core components of a modern security operation, and how they need to work together to defend an organisation from the threat actors of today and tomorrow.

Speaker: Richard Ford

Group Technical Director

Richard Ford, Group Technical Director in Integrity360 has worked in the IT and cyber sector for the last 14 years. He oversees the growth & development of Integrity360’s technical capabilities and has been integral to the success of the Managed Security Services including MDR, SIEM, SOAR and EDR. Richard brings a vast amount of knowledge, skills and experience to Integrity360 customers and works closely with them to enhance their security posture and overall maturity. He is instrumental in understanding the changing needs of organisations and evolving Integrity360 offerings to meet these needs. Richard holds a Bachelors of Engineering in Computer Networking from the University of Greenwich, and also holds a number of professional certifications including CCSE, CCNP & FCNSP.

Our people are central to our organisations’ success and reputation. We have known for years that cyber-criminals target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.

We need to take a fresh look.

Security that doesn’t work for people, doesn’t work. All of us have our role to play in staying safe online and reducing the risk of cyber-attacks and data breaches. The behavioural science and techniques for how we ensure our people play a collaborative role in our cyber awareness education are adapting - but what are the practical challenges and opportunities in moving beyond awareness to developing a people-centred security culture.

This short presentation will outline new insights and innovation from the front-line – from expert security education practitioners and leading human factors academics – and outline ideas for transforming your human cyber risk management.