Agenda

Date and TimeTitle
May 12, 2021 (London)
9:00am - 9:30am
Succeeding with Secure Access Service Edge (SASE)

 

Succeeding with Secure Access Service Edge (SASE) Abstract: With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data. SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture?

Join this session to understand:

• Why SASE should be less complicated than many vendors are making it

• What to look for when evaluating a migration to a SASE platform

• A 3 month, 6 month, and 12 month roadmap for implementation

• How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits

May 12, 2021 (London)
9:30am - 10:00am
IoT Under Attack: Thwarting Zero-Days with Cyber AI

 

From internet-connected CCTV cameras to office temperature sensors, IoT devices have introduced an entirely new threat into the attack landscape. While developers have focused on perfecting the convenience and utility of their products, their security proficiency has lagged behind. As a result, devices have been rushed to market rife with zero-day vulnerabilities. Such technology is often implemented without the consultation of security teams, is outside their awareness, and, subsequently, outside of corporate protection. For attackers, these are the perfect means of surreptitious entry.

Join Dave Masson, Darktrace’s Director of Enterprise Security, and Marcus Fowler, Darktrace’s Director of Strategic Threat, as they discuss the challenges of securing IoT devices, and learn how Cyber AI is able to spot the full range of IoT threats in their earliest stages, before autonomously responding to contain the malicious activity. In this session, find out more about:

• How Darktrace’s AI understands what ‘normal’ looks like for all IoT devices on the corporate network

• How Darktrace recently thwarted a Mirai malware attack on a CCTV camera

• How a low-and-slow attack on a smart locker was neutralized by Cyber AI within seconds

Speaker: David Masson

Director of Enterprise Security

David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. David is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major international and national media outlets in Canada where he is based. He holds a master’s degree from Edinburgh University.

Speaker: Marcus Fowler

Director of Strategic Threat

Marcus Fowler spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies, until joining Darktrace in 2019. He has led cyber efforts with various US Intelligence Community elements and global partners, and has extensive experience advising senior leaders on cyber efforts. He is recognized as a leader in developing and deploying innovative cyber solutions. Prior to serving at the CIA, Marcus was an officer in the United States Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters’ Degree in International Security Studies from The Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.

May 12, 2021 (London)
10:15am - 10:45am
The Security Outcomes Study: a blueprint to enable growth and minimize risk

 

Many organizations have recently had to shift their security strategies to account for new threats, increased mobility, and rapid digitization. But how do you know exactly what works and what doesn’t in cybersecurity? Cisco has commissioned a study outlining which security best practices lead to the most impactful results. In this session we will share the key highlights affecting the UK, Europe and share how they compare to global findings.

Speaker: Steve Caimi

Cyber Frameworks Specialist, Cisco

Steve helps organizations manage risk and improve security programs by advocating cyber best practices and frameworks.

Speaker: Cindy Valladares

Head of Security Thought Leadership, Cisco

Cindy is an experienced marketing leader with a passion for delivering content and solutions to address the needs of cybersecurity professionals. She recently lead the creation of Cisco’s Security Outcomes Study. Please connect on LinkedIn.

May 12, 2021 (London)
10:45am - 11:15am
Why Identity Security?

 

As we step into 2021, this is the year that we move past the old paradigm of identity being an important back-office function and leap into a realm where identity is the not only the critical tip of the security spear but also the driving force for a modernised business. Everyone is talking about Zero Trust – it is the identity buzz word of the year. In this presentation Lori Robinson will discuss how the Identity industry is innovating around a Zero Trust architecture and discuss the top 5 Identity trends that will dominate Identity in 2021.

Speaker: Lori Robinson

Sr. Director of Product & Market Strategy

Lori Robinson is a Sr. Director of Product and Market Strategy at SailPoint where she leads a team of individuals responsible for developing and evangelizing SailPoint’s corporate and product strategy. Lori has over 15 years of experience in the identity and access management industry. Prior to joining SailPoint, she was a Managing Vice President at Gartner where covered the identity governance and administration, privileged access management, and consumer IAM markets.  She also served as a Managing Vice President for Gartner’s data management team where she led a team of experts covering databases, data integration, and data governance technologies. Lori is a recognized industry thought leader, speaker, and publisher. She is passionate about advancing opportunities for women in IT and has led various user groups, round tables, and events for women in identity.  

 

 

May 12, 2021 (London)
11:30am - 12:00pm
Cloud Security - It's Now or Too Late!

 

The cloud is more dynamic now than ever before. How do you keep up with development while thwarting off threats? Learn how to fend off threats and turning security into an enabling force behind enterprise digital transformation.

Speaker: Tsion (TJ) Gonen 

Head of Cloud Security Product Line, Check Point Software Technologies Ltd

Tsion (TJ) Gonen has more than 20 years of cyber security and executive experience, and is now the Head of Cloud Security at Check Point Security Software Technologies where he leads cloud innovation, as well as the go-to-market strategy. Prior to joining Check Point, TJ was co-founder and Chief Executive Officer of Protego Labs, the leading start-up for serverless security, which was acquired by Check Point in 2019.

May 12, 2021 (London)
12:00pm - 12:30pm
Keynote Presentation - Jake Rogers: Intelligent decision making: Repurposing security telemetry to extend trust

SIEM data has the ability to transform systems beyond SOAR. In this talk Jake will demonstrate how the sharing of specific types of telemetry can be automated across multiple disparate systems to reduce risk and operational demands.

May 12, 2021 (London)
1:00pm - 1:30pm
Supply Chain Protection: Preparing for the Next SolarWinds

 

The SolarWinds supply chain attack was a brutal security failure that relied on perimeter tools, threat hunting and prior knowledge to stop an attack – only to find that these tools were powerless to identify and stop it.

Existing security tools are not sufficient to secure the supply chain, namely because the most sophisticated attacks are occurring at runtime, a notorious blind spot in organizations. Conventional security tools are not instrumented to detect exploits in memory and do not provide any visibility into runtime. More importantly, they do not provide runtime protection, so evasive attacks that proliferate at the memory level often go undetected for days, months, or even years.

Learn effective new tactics and tools to protect and defend against sophisticated and evasive supply chain attacks like remote code execution and other crippling runtime exploits. Get best practices to protect your workloads against future or ongoing supply chain attacks.

Speaker: Willy Leichter

VP of Marketing and Product Strategy, Virsec

Willy Leichter leads Virsec marketing and product strategy. With extensive experience in a range of IT domains including network security, global data privacy laws, data loss prevention, access control, email security and cloud applications, he is a frequent speaker at industry events and author on IT security and compliance issues. A graduate of Stanford University, he has held marketing leadership positions in the US and Europe, at CipherCloud, Axway, Websense, Tumbleweed Communications, and Secure Computing (now McAfee).

May 12, 2021 (London)
1:30pm - 2:00pm
'Secure Your Apps from Four Common API Attacks'

 

APIs will account for 90% of attack surface area for web applications this year1. Developers and attackers gravitate towards APIs for similar reasons: they’re flexible, suited for automation, and exchange critical data. As API footprint and functionality grows, so does their appeal to attackers. Proactive API protection must be a key priority in your application security strategy.

Security experts Jimmy Mesta and Rob Gibson will demonstrate tactics to stop four common API threats:

- Account takeover (ATO)

- Enumeration

- Content scraping and probing

- HTTP verb tampering

Speaker: Jimmy Mesta

Head of Security Research, Fastly

Jimmy Mesta is a veteran application and infrastructure security leader with 15+ years of experience. He has spent time on both the offensive and defensive sides of the industry, working to build modern, developer-friendly security solutions. Prior to Signal Sciences, Jimmy maintained a global network, consulting with companies, and delivering technical security training, research, and infrastructure around the world. He previously ran the local Santa Barbara OWASP chapter and taught Kubernetes, Docker, DevOps, mobile security, and pentesting courses for Manicode. Follow Jimmy on Twitter @jimmesta.

Speaker: Rob Gibson

Product Manager, Fastly

Rob Gibson is product manager for defense experience at Signal Sciences, now part of Fastly. Prior to that, Rob worked at Symantec where he focused on Norton consumer security, mobile security, and identity access management (IAM). He has an MBA from UCLA Anderson School of Management.

May 12, 2021 (London)
2:00pm - 2:30pm
Secure behaviour change: Engaging your human defences

ThinkCyber unpick the science and theory behind behaviour models to help
us understand why risky behaviours happen, and more importantly how to stop them. From
research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour
models that highlight the need for timely cues. Looking at examples of how cognitive psychology,
behavioural and social science can and are being used to guide user behaviour. This talk will offer
real world examples and ways that all organisations can apply the theories to drive secure behaviour
change.

May 12, 2021 (London)
2:30pm - 3:00pm
Cloudy Features: 5 Tips for Securing Cloud Services

Cloud adoption has grown rapidly over the past decade and has increased exponen9ally due to COVID-19 and a globally distributed remote workforce. Join me in this session as we walk through 5 practical tips you can follow to improve security in your cloud services, including leveraging two factor authentication (2FA) and logging/monitoring cloud systems.

Speaker: Alex Jones

IT Security Manager, Cobalt

Alex Jones is the Information Security Manager at Cobalt.io. Alex is passionate about cloud security, offensive security and pentesting. He is a certified cybersecurity and technology professional with award-winning projects, services, support and consulting. With over fifteen years of experience in technical roles and seven years of direct security/compliance experience, he is dedicated to delivering exceptional results for both clients and the organization.

May 12, 2021 (London)
3:30pm - 4:00pm
Developing your cyber security strategy for the future

A company-wide cyber security strategy is essential to combat today’s evolving risk landscape. While systems expertise remains an essential ingredient of preparedness, it is only when cyber security is understood within the organisation’s overall business strategy that executive leadership can have confidence that information, the single most important business asset is sufficiently protected against today’s threats.

Join us for this session where we will share insights on taking a three dimensional approach to optimising your cyber security strategy for the future. We will discuss the business value that can be gained from cyber security, assess the need for rethinking the role of the CISO to adapt to the evolving threat landscape and will delve into the importance of resilience as a contributor to a robust cyber security approach.

May 12, 2021 (London)
4:00pm - 4:30pm
How Vulnerability Translates to Compromise...

A deep dive into breaches and how vulnerability has been one of the key (and often the sole/main) contributors to their success. Join Steve Marshall, UK Group CISO, Bytes UK with Adam Palmer, Chief Cybersecurity Strategist from vulnerability management market leader Tenable to understand the role vulnerability plays in successful breaches, and learn how to lock down on this earlier, easier and with more lasting effect. See the importance of vulnerability visibility and prompt action and understand exactly how vulnerability was the lynchpin of many a headline hitting breach in recent times.

Speaker: Adam Palmer

Chief Cybersecurity Strategist, Tenable

Adam has over 20 years working in cybersecurity. His experience includes executive positions at large cybersecurity vendors, leading the U.N. Global Programme against Cybercrime, and working as the Global Director for IT & Cyber Risk at one of the largest EU banks. Adam’s diverse global background perfectly positions him to understand and advise security leaders to be successful.

May 12, 2021 (London)
4:30pm - 5:30pm
Live Q & A – Geoff. White & Thomas Hurd, former Head of the UK ‘Joint Biosecurity Centre’

Investigative journalist Geoff White has covered technology for BBC News,
Channel 4 News, Audible, Forbes online & many others. Crime Dot Com, his book on cyber-crime was published in Aug. 2020.
His exclusives reveal tech’s impact on our lives: the controversial police use of facial recognition; the failure of artificial intelligence therapy apps; hi-tech call centre scams that have cost victims their lives’ savings; fraud in the internet dating industry


Thomas Hurd, known as Tom Hurd, is the former head of the UK 
Biosecurity Centre announced by UK PM Boris Johnson in 2020. He held the position from May-June 2020. Hurd was also formerly the Director General of the British Government Office for Security & Counterterrorism.


A memorable encounter is anticipated.

May 13, 2021 (London)
9:00am - 9:30am
Zero Trust and beyond: a journey for everyone

 

The traditional perimeter is dead! So how do you protect your network in 2021 and beyond?

The answer is a fundamental shift in your attitude to security, away from implicit trust and towards a default position where you trust no one without good reason. The first step on the pathway is Zero Trust Network Access (ZTNA).

Even if you are not currently planning to adopt a Zero Trust approach, the technology decisions you make today will impact the ease of turning to this technology in the future.

We invite you to take the next step towards a more secure future by using our simple, accessible approach, which allows you to benefit from the security advantages of Zero Trust… and beyond.

May 13, 2021 (London)
9:30am - 10:00am
Highlights & Recommendations: 2021 Industry Cyber Exposure Report for FTSE 350

As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever.

In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on FTSE 350 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staff, and their internal business partners to address.

These five facets of internet-facing cyber-exposure and risk include: 1. Authenticated email origination and handling (DMARC)

2. Encryption standards for public web applications (HTTPS and HSTS)

3. Version management for web servers and email servers (focusing on IIS, nginx, Apache, and Exchange)

4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)

5. The proliferation of vulnerability disclosure programs (VDPs).

Join this talk as Chris Hartley, UK & Ireland Lead, and Matt Rider, Director of Applied Engineering discuss the findings and provide recommendations CISOs and security practitioners can take action on.

May 13, 2021 (London)
10:15am - 10:45am
AI Operations – why, where and how to take the journey with Fortinet

Hear about how expectations are driving the world of security, customer needs and desires and the ultimate requirements for sustainable intelligence and reliable response. Listen to thoughts on risk, integration, critical metrics, common themes and the overall security journey that all businesses are on as they drive to understand and control their security posture and, ultimately, protect their customers and industry reputation.

Speaker: Chris Roberts

Business Development Manager, AI Ops, Fortinet

Chris has worked in IT since 1992 across a variety of disciplines such as IT support, project management, departmental head and business development management, moving into security focussed roles from 2003. Time at various key vendors such as HP, Cisco and Fortinet as well as time at more specialised VAR’s has given him a variety of relevant experience. Even though now in a business development commercially focussed role, he still enjoys the techier side of things so invariably spends some of his spare time configuring his home Fortinet deployment! Aside from technology and security he enjoys running, cycling, movies, reading, MotoGP and meeting up with friends and family when allowed!

May 13, 2021 (London)
10:45am - 11:15am
The Mind's Lie: How Our Thoughts and Actions Can Be Hacked and Hijacked

 

Discover the art and science behind deception, and why you may still fall for dirty tricks even after you understand how they work. From the slight-of-hand used by magicians, to the slight-of-tongue used for social engineering, we are all wired to deceive and to be deceived. See how threat actors use these techniques against your end-users and how security awareness training can help them spot deceptions before it’s too late.

Speaker: Perry Carpenter

Chief Evangelist & Strategy Officer

Perry Carpenter currently serves as Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. Previously, Perry led security awareness, security culture management, and anti-phishing behaviour management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Mr. Carpenter has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).

Join Perry Carpenter, KnowBe4’s Chief Strategy Officer, as he shows you how easily we can be deceived and how that relates to our understanding of social engineering scams that come our way.

During this intriguing session, Perry will share his insights and answers to these questions:

• Are we wired for deception?

• Why are some more susceptible to manipulation than others?

• How do hackers use these techniques to create scenarios to entrap your employees?

• How can you ethically leverage these techniques to bring about desired behavior change?

May 13, 2021 (London)
11:30am - 12:00pm
Why aren't we all Threat Modeling?

 

50% of software vulnerabilities are found in the design. Once in production, they’re 100x more expensive to fix. The answer? Threat modeling. By scoping your security requirements in the design stage, you can avoid developer rework and delays to production - so why is no one doing it? In this session, Jonny Tennyson, Head of Client Innovation at IriusRisk, will talk about what threat modeling is, why people aren’t currently threat modeling, and ultimately ask the question: ‘why aren’t we all threat modeling?’

May 13, 2021 (London)
12:00pm - 12:30pm
Presentation from Mike Seeney. Supply Chain Assurance – both sides of the fence: A Legal sector perspective

Several years ago the legal sector was in many ways perceived as the ‘flat
underbelly’ of the supply chain from a cyber and information security perspective. This however has
changed quite dramatically, as the sector has risen to greater threats from cyber-crime and
increasing regulatory challenges (often passed down the supply chain from their clients).
Mechanisms therefore to both demonstrate a compliant (and of course effective!) information
security program have therefore had to be put in place, alongside mechanisms to carry out due
diligence on suppliers who provide services to law firms. This keynote will aim to relay the
experience of ‘sitting both sides’ of the supply chain fence, and offer an insight into the pitfalls and
successes of a journey so far that many can hopefully relate to.

May 13, 2021 (London)
1:00pm - 1:30pm
Cyber Security - Where we have been, Where we are and Where are we going?

Cyber attacks via email are stealing millions of pounds from businesses and putting them at risk of going out of business. Every company, no matter its size is a target, and the damages go well beyond the financial loss to include the cost of recovery, the disruption of operations, undermining the business reputation …. We’ll talk about the risks your employees pose and who are the most likely phishing targets.. and about ways you can prevent them seeing those phishing emails in the first place.

May 13, 2021 (London)
1:30pm - 2:00pm
Your software is vulnerable. Ask a hacker if you wonder how

The centrepiece of modern life is technology, and it all runs on software. But all that code is prone to risk and vulnerabilities. Even as we raise our risk awareness, we often miss the thing that is responsible for the next big breach. It’s vital to understand the threats we face in today’s software supply chain and stay aware of the ways that make the software we depend on more secure. 

May 13, 2021 (London)
2:00pm - 2:30pm
Extortionware: Your Privacy Problems Made Public

 

Over the last decade, ransomware has increasingly become the most popular option for hackers to monetize the access they’ve obtained to corporate computer systems around the world. Over the last few years, we’ve observed the ransomware software and techniques adapt and evolve to include the theft and exposure of private information, creating extortionware as a new breed of malicious software. This talk will provide an overview of these techniques and discuss the potential privacy and security impacts you may face as a result.

May 13, 2021 (London)
2:30pm - 3:00pm
FTP, FTPS, & SFTP: Which Protocol Should You Use and When?

 

FTP, FTPS and SFTP are three of the key protocols for transferring files, but do you know which one is the best way to secure your organization’s sensitive data during the transfer process?

In today’s complex digital landscape, file transfer management not only poses significant logistical challenges but also substantial security risk. Organizations have various file transfer options at their disposal, each offering their own distinct set of challenges and benefits. Understanding and defining which is the best method to implement, and when, is of paramount importance for organizations of all sizes.

Join this webinar to learn the differences between the protocols, how to determine which is the most optimal for your organization and more. Key takeaways: The difference between FTP, FTPS, and SFTP, with specific focus on authentication, implementation and speed Which protocol is best for certain instances, including complying with security standards and working with trading partners requirements

May 13, 2021 (London)
3:30pm - 4:00pm
The challenges facing security operations teams in 2021: what does the future look like?

 

Rob deMain takes you through the key challenges facing security operation teams today and outlines, with a demonstration, one view of the future of security operations in light of these challenges. 

May 13, 2021 (London)
4:00pm - 4:30pm
How to Build a Secure Cloud Migration Strategy

When migrating to the cloud, security is the underlying element that will impact every step of your transformation journey. Failure to make security an overall priority can complicate your migration process, cause significant delays, and introduce risks that may harm your organization for years to come. To design a secure migration strategy, you must understand the security needs of the technologies that power each stage of your cloud journey.
 
• Learn about security requirements for each stage of the cloud journey: migration, re-architecting, and cloud native.
• Learn how to design security and compliance into cloud applications.
• Get best practices for securing cloud workloads including user access, containers, and serverless

May 13, 2021 (London)
4:30pm - 5:30pm
Live Q & A – Col. John Doody &, ex Director, Ciaran Martin, founding Chief Executive of the National Cyber Security Centre, part of GCHQ.

Colonel John Doody is the Author of new book “From Stripes to Stars” & Director of Interlocutor Services, a company established to promote Information Assurance & Cyber Security issues nationally & internationally Prior to this John served at CESG/GCHQ for 10 years in the role of Head of Information Assurance Customer Services.


Ciaran Martin is Professor of Practice in the Management of Public Organisations. Blavatnik School of Government, University of Oxford.
Prior to joining the School, Ciaran was the founding Chief Executive of the National Cyber Security Centre, part of GCHQ.
Ciaran led a fundamental shift in the UK’s approach to cyber-security in the 2nd half of the last decade. 
With the GCHQ connections, a memorable encounter is anticipated.