| Date and Time | Title | |
|---|---|---|
| Aug 14, 2025 8:43am - 9:00am (London) | Chairperson's Opening Address with Sarah Armstrong-Smith |  |
| Aug 14, 2025 9:00am - 9:30am (London) | An Ounce of Prevention, Worth 100x Needing A Cure Lessons learned about proactive Application Development Risk management and the importance of going beyond compliance requirements. How a painful lesson from long ago turned into a competitive advantage for one financial services provider. High-level take-aways: - Sadly, it sometimes takes a breach to act as the wake-up call - now it’s more common for financial services organizations to get in front of the problem *before* a successful attack or breach. - Financial Services organizations are expected by the regulators to act as beacons - bastions of safety & security - others should follow. The bar is therefore set much higher by regulators (like the OCC) on these institutions. - Doing a tick-box exercise isn’t enough, there is a need to embrace the spirit of the law as well as address the letter of the law. - Today, it is seen as a competitive advantage for providers to adopt a proactive approach to Development Risk Management across tools and internal security champions programs. It isn’t enough to get in front of the problem but keep focused and proactive to stay in front of it. | |
| Aug 14, 2025 9:30am - 10:00am (London) | KEYNOTE PRESENTATION from Lianne Potter - This Company Sucks: The Reviews Knew Before Your SOC Did We’ve all read the Glassdoor reviews, the viral Reddit threads, the anonymous exit interview leaks: “Toxic culture.” “No support.” “Burnt out and ignored.” But what if those complaints weren’t just HR drama? What if they were the early warning signs of your next security incident? In this provocative and insightful talk, Lianne Potter explores how bad organisational culture creates fertile ground for phishing, insider threats, and policy bypasses and how employee sentiment, often dismissed as “fluff,” is in fact deeply forensic. Drawing on real research and real-world breaches, Lianne makes the case that listening to the people closest to the chaos (even when they’re venting on Reddit) is one of the most overlooked security controls we have. If your SOC is blindsided again and again, it’s time to ask: were the signs already there in the reviews? Perfect for security leaders, risk professionals, and anyone wondering why “awareness training” still isn’t working. | |
| Aug 14, 2025 10:00am - 10:30am (London) | Measuring what matters – Enhance security awareness through behavioural science and data Join an exclusive live talk with Tim Ward, CEO and Co-founder of Redflags. Tim will discuss the importance of measuring the right things in security awareness, making the shift from compliance-based to behaviour-based metrics. Attendees will learn to measure the effectiveness of security programs through behaviour-focused indicators, implement useful frameworks and tools, overcome employee engagement challenges, and communicate results effectively to stakeholders. | |
| Aug 14, 2025 10:30am - 11:00am (London) | Winning the Cloud Data Security Battle: Stop Threats, Protect Data, and Cut Costs Cloud data threats are on the rise, with 83% of companies reporting a security breach in the last 18 months. Securing AWS and Azure data is challenging, but it doesn't have to be. Join us to learn how Druva's air-gapped backups and advanced Threat Hunting can protect against cyber risks, enable proactive malware scanning, and help reduce storage costs by up to 40% without sacrificing security.
What you will learn:
The biggest data security threats targeting cloud environments—and how to stop them.
Why air-gapped, agentless backups are a game-changer
How to detect hidden threats with Threat Hunting and take action fast.
Proven ways to cut costs without sacrificing security. | |
| Aug 14, 2025 11:00am - 11:30am (London) | From Security Speed Bumps to Security Shortcuts In a world where users can track their pizza delivery in real-time but struggle with basic security procedures, something has clearly gone wrong with our approach to cybersecurity. This talk examines how traditional security controls often create unnecessary friction, driving users to find dangerous workarounds. We'll explore how organisations can transform security from a barrier into a natural pathway. Using the DEEP framework (Defend, Educate, Empower, Protect), we'll demonstrate how making security the path of least resistance not only improves adoption but actually enhances overall security posture. In a world where users can track their pizza delivery in real-time but struggle with basic security procedures, something has clearly gone wrong with our approach to cybersecurity. This talk examines how traditional security controls often create unnecessary friction, driving users to find dangerous workarounds. We'll explore how organizations can transform security from a barrier into a natural pathway. Using the DEEP framework (Defend, Educate, Empower, Protect), we'll demonstrate how making security the path of least resistance not only improves adoption but actually enhances overall security posture. | |
| Aug 14, 2025 12:00pm - 12:30pm (London) | AI-Assisted Future: How AI Assistance changes Dev and Sec in Organizations What is the hype and what are the challenges of AI Assistance in Organizations especially in software development. We'll explore the paradigm shift that is reshaping creativity and problem-solving in development, the new frontier of AI-influenced software risk, and discuss ways in which AI coding assistants and open source AI models form the next evolution of the software supply chain crisis.
We will look at this topic going from high-level business concerns directly to the developer experience by answering the following questions:
• What are the liabilities which arise when AI-generated code enters your products?
• Is this technology a sustainable path to innovation or a source of unpredictable risk?
• How AI coding assistance alters hiring strategies and the critical role of code review by security-capable developers in an AI-driven workflow?
• What are the potential attack vectors tied to the growing use of open-source AI models? | |
| Aug 14, 2025 12:30pm - 1:00pm (London) | Modern Data Protection: Immutability, Compliance & Cyber Resilience This presentation explores the evolving threat landscape, the rise of ransomware, and the regulatory pressures driving the need for operational resilience. It highlights how Veeam v13 empowers organisations with immutable backups, secure recovery environments, and a maturity model to assess and improve data resilience. Through real-world examples and a live demo, the session offers practical insights into building a cyber-resilient strategy that aligns with frameworks like DORA, NIS2, and ISO 27001. | |
| Aug 14, 2025 1:00pm - 1:30pm (London) | The Future of Security Operations: Agentic, Autonomous and Agile As cyber threats become more sophisticated and widespread, Security Operations Centers (SOCs) must evolve to keep pace. This session will explore how automation and artificial intelligence (AI) are revolutionizing modern SOCs, enabling teams to respond faster, reduce false positives, and optimize resources. We’ll discuss practical use cases, from AI-driven threat detection and automated incident response to leveraging machine learning for proactive defense. Attendees will gain insights into implementing AI and automation strategies that enhance SOC efficiency, reduce analyst burnout, and improve overall security posture. | |
| Aug 14, 2025 1:30pm - 2:00pm (London) | Crowdsourced Defense: Lessons from Ethical Hackers on Protecting Active Directory and Entra ID In today's landscape, identity systems like Active Directory and Entra ID are prime targets for attackers. This session explores five critical attack scenarios on these systems, offering detailed insights into traditional detection and prevention methods. Discover how our Identity Threat Detection and Response (ITDR) platform effectively counters these threats, validated through a groundbreaking crowdsourced testing initiative by ethical hackers. Gain practical strategies for mitigating attacks, witness real-world demonstrations of our solutions, and acquire insights from ethical hackers' collective intelligence, showcasing security solutions tested at scale.
1. Learn about real-world identity-centric attacks
2. See how real ethical hackers attempt to compromise privileged identities
3. Understand how to protect your organization against these types of attacks
4. See live product demonstrations showing attack detections and mitigations
5. Learn what you can do for free to assess the risk of your own organization | |
| Aug 14, 2025 2:00pm - 2:30pm (London) | KEYNOTE: Six-Pack Security: Sculpting Stronger Cyber Cultures One Change at a Time by Gurps Khaira Cybersecurity isn't just about firewalls, encryption, and threat detection, it's about discipline, mindset, and culture. In this high-energy, insight-packed keynote, we draw an unexpected but powerful parallel between fitness modelling and building a resilient cybersecurity culture; proving that the same principles that shape a six-pack can transform your organization's cyber posture. From commitment to consistency, from breaking old habits to embracing uncomfortable change, this talk explores how leaders can drive lasting, meaningful change across their cybersecurity environments. Just as physical transformation doesn’t come from a crash diet, cyber transformation won’t come from a one-time awareness training. It requires daily reps, supportive environments, and leadership that leads by example. Using humour, personal case studies, and lessons from both the gym and Banking, this keynote helps organisations reframe cybersecurity not as a compliance checklist, but as a strategic lifestyle change. | |
| Aug 14, 2025 3:00pm - 3:30pm (London) | SIEMless Outcomes Breaking free from SIEM The future of AI-driven security operations.
Why are traditional SIEMs becoming outdated, and what challenges do they pose for modern security teams?
How can AI-driven security operations deliver SIEM-like outcomes without the cost and complexity?
What real-world examples show how lean security teams are detecting and responding to threats faster with AI? | |
| Aug 14, 2025 3:30pm - 4:00pm (London) | The AI Arms Race: Good AI vs. Bad AI Artificial intelligence is rapidly transforming the cybersecurity landscape—both as a critical defence tool and a new weapon in the hands of cybercriminals. In this session, Mike Morton of Abnormal AI explores the evolving arms race between “Good AI” and “Bad AI”, offering real-world examples and insights from the frontlines of AI-driven security.
Attendees will learn how generative AI is being exploited to craft highly targeted phishing emails, business email compromise (BEC) scams, and other social engineering attacks—many of which evade traditional, rules-based security systems.
The session also demonstrates how defensive AI can be used to counter these threats, identifying abnormal behaviour, detecting novel attack patterns, and autonomously protecting users and infrastructure across email and collaboration platforms. | |
| Aug 14, 2025 4:00pm - 5:00pm (London) | LIVE KEYNOTE FIRESIDE CHAT – Stu Hurst & Sarah Armstrong-Smith This promised to be a session not to be missed. Please also remember to ask any questions you have during the session and Sarah will try and get as many of your questions to him LIVE | |
 | |||
Agenda
|
|