Agenda

30,000 websites around the world are hacked each day of which the FBI estimates that 4000 are ransomware attacks. 64% of companies worldwide have experienced at least one form of a cyber attack. It is the most digitally advanced nations that are most vulnerable to cyber-attacks, so how can we defend ourselves more wisely? If everyone is a target, there is little you can do to reduce the probability that you will be attacked, but there are things that you can do to reduce the impact of an attack and recover quickly.

This presentation will:

• propose 4 inexpensive ways to make yourself unattractive to attackers and how to respond if you are

• reveal the upside of dealing effectively with cyber security incidents.

Speaker: Paul Brucciani

Head of Sales Enablement, Managed Detection and Response business

Having worked in cyber security industry for over 25 years for organisations of all sizes including start-ups, scale-ups and large global enterprises, over the years, cyber security has become one of my favourite topics of interest. I have had an eclectic early-career working as an system engineer, consultant, business developer, satellite data processing specialist, gold prospecting geologist and a baker. At F-Secure Corporation, I am responsible for our Global Sales Enablement function within our Managed Detection and Response division. I am keen to hear about some of the key challenges our current and future cyber security leaders face on a daily basis and how can help them navigate and succeed in this constantly shifting landscape.

Speaker: Tim Orchard

Executive Vice President, Managed Detection and Response, F-Secure

Tim has worked for over two decades in cyber security across both public and private sectors, developing expertise in penetration testing, managed services and consulting, both in the UK and abroad. Over this time he has developed a specific competency in building effective, high performing teams and solving complex cyber security problems. Aside from developing and ensuring the success of the Countercept Managed Detection and Response service Tim also helps steer the wider business as part of F-Secure’s leadership team.

As 2021 is drawing to a close, now is a good time to reflect on the cybersecurity challenges it presented as well as looking ahead to the immediate future of cybersecurity. Join this 1-on-1 discussion for insight and opinion on some key trends and what we can expect in 2022.

While we're all likely aware of the need to protect our organisations from security breaches. More and more, we're seeing a market via forums and the dark web for 'selling breaches'; that is where criminals buy enterprise network access from other criminals. This enables less skilled actors to acquire resources that enhance their capabilities while also enabling successful attackers to monetise their attacks, which in turn, increases the severity of the overall threat landscape.

In this fascinating presentation, Paul Prudhomme, Head of Threat Intelligence Advisory at Rapid7 outlines how these breaches are being 'sold' and how you can use intelligence to detect them.

Speaker: Paul Prudhomme

Head of Threat Intelligence Advisory, Rapid7

Paul Prudhomme is Head of Threat Intelligence Advisory at Rapid7. He previously served as a leader of the cyber threat intelligence subscription service at Deloitte and as an individual contributor to that of iDefense. Prior to that Paul covered cyber issues as a contractor in the US Intelligence Community. Paul specializes in the coverage of state-sponsored cyber threats, particularly those from Iran. He originally served as a linguist and cultural advisor and speaks multiple languages, including Arabic. Paul has a Master’s degree in History from Georgetown University. He is also a certified scuba diver and an award-winning amateur underwater photographer.

Charlie discusses the threats and need for appropriate cyber security measures, both physical, human and digital, examining the strategic nature of the precautions required now and in the future and gives operational examples of investigations dealt with in the past. Covering hackers attacking governments, banks, and retailers, organised criminals stealing our personal information, from state sponsored attacks to juveniles having fun. Charlie highlights current cyber risks and how and why every organisation is potentially vulnerable to Ransomware, Ddos and Data breach.  

 An overview of cyber crime, real world operational cases investigated and prosecuted, including organised crime groups attacking financial institutions, dark markets that facilitate cyber trade, internet frauds, phishing and hacktivist attacks. 

Attend this session to listen Gil Vega, Veeam’s Chief Information Security Officer, being interviewed by Jeff Reichard, Veeam’s Senior Director of Enterprise Strategy. They will discuss ransomware issues in UK&I today, other malware and security threats and what cyber security trends we can expect going into 2022.

Speaker: Gil Vega

Chief Information Security Officer, Veeam Software

With more than 22 years’ experience, Gil Vega is a security expert through and through. Before joining Veeam, Vega was Managing Director & CISO responsible for global cybersecurity, technology risk & compliance at CME Group Inc., based in Chicago. CME Group is the world’s leading exchange operator and most diverse derivatives marketplace – handling 3 billion contracts worth approximately $1 quadrillion annually. Prior to his career in financial services, Vega was a member of the U.S. Federal Government’s Senior Executive Service and served as the Associate Chief Information Officer & CISO for the U.S. Department of Energy and U.S. Immigration & Customs Enforcement in Washington, DC.

Zero Trust Architecture cannot be maintained without proper integrity controls at its foundation.

Discover how to successfully achieve a baseline of integrity to drive building, monitoring, and maintaining a Zero Trust architecture.

Learn key considerations to take into consideration before moving forward with any Zero Trust strategy.

• Planning for Zero Trust: where to start

• Integrity at the basis for trust, how to determine a “good” state

• Ensuring ongoing trustworthiness

• Zero Trust over time

Join Tim Erlin, VP Product Marketing and Strategy, Tripwire, as he shares results from our recent research around Zero Trust and discusses the role of integrity when it comes to Zero Trust Architecture.

Speaker: Tim Erlin

VP, Product Marketing and Strategy

Tim Erlin is VP of Strategy at Tripwire. He previously managed Tripwire’s Vulnerability Management product line, including IP360 and PureCloud. Erlin's background as a Sales Engineer has provided a solid grounding in the realities of the market, allowing him to be an effective leader and product manager across a variety of products. His career in information technology began with project management, customer service, as well as systems and network administration. Erlin is actively involved in the information security community. His contributions include blogging, podcasts, press, speaking and television.

Architectural risk analysis is a crucial security activity that’s typically carried out manually in workshops. Although valuable, they are often time consuming, and with engineering teams under increasing pressure to deliver software faster, they require techniques to automate as much of the process as possible.

Fraser will explore these challenges and how Infrastructure as Code is uniquely able to meet them. He’ll introduce the Open Threat Model (OTM) format and how to create files automatically using open source tools.

We’ll look at how you can operationalise threat modeling with OTM into a DevSecOps workflow - useful if you have multiple teams using different technologies.

A series of high-profile incidents highlight the potential for widespread havoc has demonstrated that attackers are exploiting vulnerabilities in supply chain security. This trend is real and growing. In my presentation, I explore the challenges facing organisations including some supply chain attack examples. I will also propose possible technical and legal solutions, and what the future holds.

Join Cofense Senior Sales Engineer Ian Wallace for an examination of the current state of phishing defence, with a particular focus on which technology layers may - or may not - be automatable with AI/ML technologies, and in which layers does “human intelligence” continue to provide the best solution. With consideration of competing objectives such as enhanced security, automation, and affordability, this is essential learning for those who wish to find out the best ways to configure their phishing defenses within a wider cyber strategy.

Speaker: Dr Ian Wallace

Sales Engineer

Dr Ian Wallace lectured at Kingston University and received his Ph.D. in AI with the encouragement of Dr. Susan Calvin. He has spent the last 25 years helping security vendors establish themselves and build their sales channel in Europe. He claims to never have worked a day in his life, but has been fortunate enough to find organisations prepared to fund his endless curiosity about all things IT. He can currently be found fighting Phish with Cofense Inc.

RangeForce believes the days of boring, week-long, training courses, hosted in smelly training rooms and designed primarily to get the user through a single instance certification exam, should now belong to pre-COVID history. Elite SOC and cyber defence teams deploy continuous professional education, long since stipulated in other critical, vocational careers. RangeForce is at the forefront of a revolution in this space, opening up the concept of “Combination Learning”. We incorporate individual, self-paced, hands-on skills development, interspersed with pressurised team training exercises, where learners must respond to live cyber incidents in real time. All delivered through the browser and at a fraction of the cost of the “old way”.

Securing your devices can be challenging, especially when some of your employees are working remotely. All endpoints, both on- and off-network, must be patched and secured on an ongoing basis.

Join us for a hands on presentation where we will provide live training on these critical processes:

• Performing a security assessment

• Setting up a secure VPN for remote workers to access applications

• Developing a Bring Your Own Device (BYOD) policy that specifies security requirements

• Automating software patch management and vulnerability management

With an increasingly diverse threat landscape and news headlines often dominated by the latest threats, it can be difficult for cyber security professionals to determine how best to apply scarce resources to protect their organisation.

Join Integrity360’s Vaibhav Malik, Head of Cyber Advisory Practice as he explores the key threats and trends that have emerged in 2021 and how to build this information into a successful cyber threat management programme to help you to determine the most effective use of your precious resources.

Speaker: Vaibhav Malik

Head of Cyber Advisory Practice

Vaibhav Malik, Head of Cyber Advisory Practice at Integrity360 brings more than a decade of experience in defining and executing successful strategic security and digital transformations programmes across the UK, Asia and EMEA. Vaibhav is a cross-industry cyber security leader who maintains a strong track record of delivering success and stability in this rapidly evolving digital landscape. Coming from a Big 4 background, Vaibhav brings rich experience across realms of cyber security, data privacy, resilience, and technology risk and helps Integrity360 clients think through what strategy means in the modern world.

Employees are the biggest threat to our cybersecurity. Every click or action they take can place us at risk. But how can we guarantee and track that we’re getting through to them? In this session we’ll share how to create employee awareness campaigns that really work. We’ll show you how to build an engaged workforce where cybersecurity is second nature. And we’ll share best practice tips for maximizing your communication success. Join us to learn: - Why the old ways of communicating with staff don’t work - How to optimize your messaging to boost InfoSec compliance - What tactics you can use to get 100% message cut-through