Agenda

Date and TimeTitle
Jul 13, 2021 (London)
8:55am - 9:00am
Chairs Opening Address: Col (Retd) John Doody
Jul 13, 2021 (London)
9:00am - 9:30am
Levers of Human Deception: The Science and Methodology Behind Social Engineering

No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.

Join Javvad Malik, Security Awareness Advocate for KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life and details of sophisticated social engineering and online scams.

Key Takeaways:

• The Perception Vs. Reality Dilemma

• Understanding the OODA (Observe, Orient, Decide, Act) Loop

• How social engineers and scam artists achieve their goals by subverting OODA Loop's different components

• How we can defend ourselves and our organisations

Speaker: Javaad Malik

Security Awareness Advocate

Javvad Malik is a Security Awareness Advocate at KnowBe4, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speak to both technical and non-technical audiences alike. Prior to joining KnowBe4, he was security advocate at AlienVault. Before then, he was a Senior Analyst at 451’s Enterprise Security Practice (ESP).

Jul 13, 2021 (London)
9:30am - 10:00am
Managing Risk In An Ever Moving As-A-Service Environment

In the infrastructure and platform-as-a-service worlds, application developers are the new infrastructure superstars. With concepts ranging from containers to infrastructure as code, we are experiencing a paradigm shift in how tightly coupled application code and the related infrastructure are. Often security is underrepresented in this formula and for good reason; our challenge is first to understand the new security conventions and controls, but then to understand how to achieve visibility and governance of these controls within application infrastructure that never sleeps. It's a tall order, but tools, processes, and perspectives are maturing and in this session, I will share lessons learned from firsthand experience on how to tackle this emerging challenge.

Jul 13, 2021 (London)
10:15am - 10:45am
The Battle of Algorithms: How AI is beating AI at its own game

Among rapidly evolving technological advancements, the emergence of AIenhanced malware is making cyber-attacks exponentially more dangerous, and harder to identify. As AI-driven attacks evolve, they will be almost indistinguishable from genuine activity, and conducted at an unprecedented speed and scale. In the face of offensive AI, only defensive AI can fight back, detecting even the most subtle indicators of attack in real time, and respond with surgical actions to neutralize threats - wherever they strike.

In this session, discover:

• How cyber-criminals are leveraging AI tools to create sophisticated cyber weapons
• What an AI-powered spoofing threat may look like, and why humans will not be able to spot
them
• Why defensive AI technologies are uniquely positioned to fight back

Speaker: Max Heinemeyer

Director of Threat Hunting

Max is a cyber security expert with over a decade of experience in the field, specializing in a wide range of areas such as Penetration Testing, Red-Teaming, SIEM and SOC consulting and hunting Advanced Persistent Threat (APT) groups. At Darktrace, Max oversees global threat hunting efforts, working with strategic customers to investigate and respond to cyber-threats. He works closely with the R&D team at Darktrace’s Cambridge UK headquarters, leading research into new AI innovations and their various defensive and offensive applications. Max’s insights are regularly featured in international media outlets such as the BBC, Forbes and WIRED. When living in Germany, he was an active member of the Chaos Computer Club. Max holds an MSc from the University of Duisburg-Essen and a BSc from the Cooperative State University Stuttgart in International Business Information Systems.

Jul 13, 2021 (London)
10:45am - 11:15am
Boosting IT Security in 2021

As we face an unprecedented level of cyber-risk and attacks, join Kaseya to learn about the key cybersecurity challenges we’re all facing and the role of RMM / endpoint management solutions in enhancing IT security. During this session, you will learn about: Critical cybersecurity threats for 2021 The role of RMM / Endpoint Management tools in security How Kaseya VSA helps you meet IT security challenges

Jul 13, 2021 (London)
11:30am - 12:00pm
One simple missed vulnerability, one big headache.

Developers are often regarded as the superhumans that know it all and can do everything. This is more than often true, however if we start blaming them for misses in the security specter of their code we are doing them wrong. It is not their fault, but more the overall way on how development is done from the architecture to the release. In this presentation I will show you how easy it is to miss security related details, that can be used by attackers to breach the victims data. If those security misses are undetected throughout your SDLC, if they make it trough your DevOps process all the way to the release then catastrophe is unavoidable. Therefore I will also show you how to spot them at the right place and time to avoid delays in your delivery schedule.

Jul 13, 2021 (London)
12:00pm - 12:30pm
Keynote Presentation - Robin Smith, CISO/Expert Policy Analyst - Security Futures - Aston Martin Lagonda Ltd - How to Combat the Coming Cyber Crime Wave.

Join Robin’s case-study presentation on foresight information and cybersecurity strategies to transform organisations. As he worked across law enforcement, health and UK think tanks you will hear his unique view to promote 'freedom through information'. During his session, you will learn how Aston Martin’s worked in collaboration with UK Police Service to enhance their threat intelligence programme.

Key learning points:

- How to empower employees to do more while reducing operational overhead

- Reviewing key trends in cyber criminality and the design of cyber defences including developing micro-learning to raise digital literacy

- Enhancing your threat intelligence programme with unique, comprehensive, and easy-to-consume cyber-threat feeds

- enhance intelligence-led security testing by developing CTIM and CBEST strategies

- Complementing internal security operations with 24/7/365 coverage

Jul 13, 2021 (London)
1:00pm - 1:30pm
Validating Zero Trust Network Security with Breach and Attack Simulation

A modern digital business has no perimeter; it lives everywhere it’s customers connect and everywhere it’s employees and partners interact with it’s data and services. Whether it’s the “new normal” model of working from home, or the migration of services to cloud, your attack surface is constantly increasing & changing. Zero Trust is a strategic approach to security that eliminates that explicit trust that is currently prevalent, and instead adopts an “assume breach” mindset. In this session we discuss the approach to Zero Trust, and how Breach & Attack Simulation (BAS) gives security teams the ability to continually validate their security posture by continuously attacking their defenses.

This session covers:

• How Zero Trust Architecture solves current security challenges

• Why Zero Trust Architecture requires continual validation with Breach and Attack Simulation

• How Breach & Attack Simulation gives security teams the edge

Jul 13, 2021 (London)
1:30pm - 2:00pm
Next Generation Cyber Threats of E-Commerce

Are you sure your clients’ data is safe? What risks are third-parties creating? How can you make digital business secure again? Want answers to these questions and gain other exclusive insights? Join the Reflectiz' session and learn all about your digital apps blind spots.

Jul 13, 2021 (London)
2:00pm - 2:30pm
Keynote Presentation - Stu Hirst, Chief Information Security Officer, Trustpilot - '10 Years to CISO'

What has the journey been like from entering the infosec industry 10 years ago to undertaking a CISO role? Stu's talk is a personal journey covering the successes and failures but more importantly the learnings from progressing through the industry.

Jul 13, 2021 (London)
2:32pm - 3:00pm
Extortionware: Your Privacy Problems Made Public

Over the last decade, ransomware has increasingly become the most popular option for hackers to monetize the access they've obtained to corporate computer systems around the world. Over the last few years, we've observed the ransomware software and techniques adapt and evolve to include the theft and exposure of private information, creating extortionware as a new breed of malicious software. This talk will provide an overview of these techniques and discuss the potential privacy and security impacts you may face as a result.

Jul 13, 2021 (London)
3:30pm - 4:00pm
Malware and You - How can we stop it?

Join Infoblox to understand what malware organisations should be aware of and what you can do to protect against it. We will be showing multiple ways companies can mitigate against it, and how Infoblox help you stay 1 step ahead of malicious actors, malware as well as keep your network running. Organisations need proven security solutions to protect cloud migrations, SDN adoption, IoT deployments and a large-scale distributed workforce that can keep pace with the rate of change the business demands.

Infoblox provides foundational layer security to reliably manage your evolving borderless hybrid-cloud network.

During the session, we will cover how to:

• improve your organisation’s security posture by using DNS as the first line of defence

• simplify management through DDI across data centre, cloud and distributed locations

• modernise distributed enterprise for secure DIA with cloud-native architecture

Jul 13, 2021 (London)
4:00pm - 4:30pm
Artificial Intelligence is Transforming Cyber Security: Hype or Reality?

A few facts are crystal clear. We, as a security industry, are not winning the war against cybercrime despite more than $100B spent each year by organizations. In addition it is equally clear that throwing more security professionals at the problem, even if they were widely available and affordable (which they aren’t), won’t solve the problem either as there is too much data, not enough integration, and too much forensic complexity for humans to keep up. The emergence of AI and machine learning as applied to security has received its fair share of hype, but can it really make a difference?
This session will explore key aspects of AI and machine learning, will give some real-life examples of it in practice, and then you can decide if it is a revolution in the making

Jul 13, 2021 (London)
4:30pm - 5:30pm
Live Keynote Q&A with Kevin Fielder, CISO, FNZ Group
Jul 14, 2021 (London)
9:00am - 9:30am
Q1 2021 Vulnerability Landscape

Between January 1 and March 31, 2021, Recorded Future identified 39 highest-risk vulnerabilities for Q1 2021. Major trends associated with these vulnerabilities include third-party threats, targeting of business- or enterprise-grade software, a widening distribution of affected products, and a high number of actively exploited vulnerabilities. In this talk, we will assess the importance of prioritising key assets, and how intelligence can be used to measure the real-time risk of vulnerabilities as they are disclosed.

Jul 14, 2021 (London)
9:30am - 10:00am
Why you’re probably doing agile threat modeling wrong (unless you’re doing agile right)

We all know that Agile is a thing. There are very few people left in the software or security industry that haven’t at least heard of Agile software development, and “agile transformation” is a fact of life in many organisations. We also know that Agile has a big impact on security. Some see it as bad thing, others see a great opportunity. In this talk we are going to dig a little deeper into WHY agile is even a thing, why BEING agile is different to doing agile, and what this REALLY means for cyber security and threat modeling. We’ll explore the human element, the Cynefin framework, and Wardley mapping, and finish on some practical tips to help bring focus to your threat modeling journey.

Jul 14, 2021 (London)
10:15am - 10:45am
The Future of Cyber Security Skills Training is already here!

The proliferation of technical solutions is not stopping the inevitable global rise in data-centric criminal activity. Synchronising and improving cyber defence teams’ interactions with their defence tools, and ensuring their responses are both fit for purpose and established best practices, is now more critical than ever. RangeForce provides the perfect way to combine self-paced individual learning with team based breach simulation scenarios to craft cyber readiness across the organisation. Hands-on, continuous, verifiable education programmes are your keys to raising the bar in terms of overall cyber defence.

Jul 14, 2021 (London)
10:45am - 11:15am
Security awareness needs to adapt: A behavioural perspective

The shift to working from home and then to hybrid working have had a significant impact on security posture. But it’s not just new threats, it’s the change of “context” – who would have thought in 2019 that security awareness training should warn people about being overheard when working in the garden!? Traditional awareness, with typical quarterly or yearly content cycles, has been too slow to adapt. In this talk, ThinkCyber explore the behavioural science of helping people adapt to changing risk contexts, driving secure behaviours and empowering users to protect themselves against cyber threats that target the human user.

This talk will offer real worldexamples and ways that all organisations can apply the theories to adapt their approaches.

Jul 14, 2021 (London)
11:30am - 12:00pm
Ransomware Trends and Futures: Prepare Now for Continuity Later

Ransomware and other cybersecurity threats put your data at risk. There are many approaches to take across all of the disciplines to increase a cybersecurity resilience, but at the end of the day being able to have control of data is critical. This session will highlight a number of key trends on ransomware as well as tips to prepare on now to ensure data recovery in a ransomware incident and align to established cybersecurity practises.

Speaker: Rick Vanover

Senior Director, Product Strategy

Rick Vanover (Cisco Champion, MVP, vExpert) is the senior director of technical product strategy and evangelism for Veeam Software. Rick's IT experience includes system administration and IT management, with virtualization being the central theme of his career recently.

Jul 14, 2021 (London)
12:00pm - 12:30pm
Keynote Presentation - Ste Watts, Group Head of Security Operations - Aldermore Bank - 'How Cyber Threat Intelligence (CTI) Can Super Charge Your Business'

What is Cyber Threat Intelligence? Why should businesses and security teams care about it? Does it solve all of my problems? Join me whilst I take you on a whistle-stop tour of CTI and explore some of the reasons why it should be part of your cyber/info security strategy.

Jul 14, 2021 (London)
1:00pm - 1:30pm
Securing Manufacturing 4.0: OT and IoT Security and Visibility
  • Viruses Are Disrupting Our Supply Chains
  • Where Do The Biggest Vulnerabilities Lie?
  • Manufacturing 4.0 is (almost) everywhere
  • How to detect threat & anomalies
  • How to use AI to secure Operations
Jul 14, 2021 (London)
1:30pm - 2:00pm
Minding the Multi-cloud: An Identity-First Approach to Securing AWS and Azure

Everyone is moving to the cloud, faster than planned. Most organizations have their sights on adopting a multi and/or hybrid cloud strategy this year. Yet, 75% of cloud security breaches are expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner]. So how do you protect your growing multi cloud infrastructure? AWS alone currently offers some 258 services and involves 9,286 total permissions. Remote work is adding to identities and permissions explosion -- increasing access risk. Securing and governing access is further compounded by the fact that each public cloud has its own way of managing permissions and privileges. Join Ermetic’s Or Priel, VP Product Management, for a better understanding of managing identities, permissions and privileges in AWS and Azure. We will explore: AWS IAM roles and policies and Azure RBAC Strategies for enforcing least privilege with confidence Governing access and protecting sensitive resources Mitigating multi cloud risk using automation and analytics

Jul 14, 2021 (London)
2:00pm - 2:30pm
Live Keynote Presentation - Sreedevi Jayachandran, Information Technology and Security Strategy Professional CISSP | CEH | ISO 27001 LA

The art of Social Engineering, attacks and techniques; COVID-19 The Era of Social Distancing and Social Engineering

Jul 14, 2021 (London)
2:30pm - 3:00pm
Rectify Documentation Mistakes and Recover Lost Files in Seconds!

Mistakes are part and parcel of human nature but they don’t have to be costly and time draining. This session addresses the common issue of mistake rectification and shows MSPs how they can cover themselves against loss of information, time, revenue and reputation with IT Glue. The webinar will cover: Ensure compliance and access 30 days of documentation activity logs Identify the exact cause of documentation mistakes Rectify mistakes with deletion recovery and access to previous versions.

The session will guide you through the following features: Immutable Audit Trail and Restore Access and Version Control

Jul 14, 2021 (London)
3:30pm - 4:00pm
Siemplify SOARing into Modern Secops

No matter the size or industry, company leaders recognise that minimising external threats are of paramount importance. As a result, companies value their SOCs and consider them critical to their cybersecurity strategy. In this session you will learn how our complete security operations platform addresses the broadest set of SecOps needs and how it is the SOC managers secret weapon to driving continuous improvement.

Speaker: Neil Nicholson

Enterprise Sales Director UK & Nordics

Neil Nicholson is Enterprise Sales Director for UK & Nordics for Siemplify. He has more than 10 years experience in the Cyber Security space, including various positions at vendors, resellers, and distributors. Neil is responsible for accelerating growth for Siemplify in the UK, Nordics & Benelux, focused on building a deep understanding of customers challenges and how these can be addressed by SOAR and building partnerships with existing and new customers. Prior to joining Siemplify, Neil held positions at Check Point Software Technologies and Forcepoint where he was responsible for building and managing client relationships and helping guide their cybersecurity strategy.

Jul 14, 2021 (London)
4:00pm - 4:30pm
Sandip Patel QC FCIArb, Managing Partner at Aliant, London - 'Rise in ransomware: are the criminals winning?'

Sandip Patel QC FCIArb, managing partner at Aliant, London, has been at the forefront of notable serious and organised cybercrime cases including ‘DarkMarket’, ‘the Facebook Hacker’, prosecution of members of ‘Anonymous’ for the hacking of PayPal, Visa, Sony, FBI, CIA, UK NCA, MoD etc, and ‘the boy who almost broke the Internet’.


Sandip is routinely asked to advise and assist in the creation, training, and implementation of cyber law enforcement programmes. For example, in Grenada, he devised and implemented a cybercrime training course for investigators, the A-G’s office and judges so as to give effect to new cyber legislation.


Sandip contributed to the leading textbook: Electronic Evidence, 3rd Edition, Stephen Mason


As head of Aliant’s Data Protection and Privacy Team, Sandip advises and assist organisations on data laws, privacy, protection and cyber security.


Sandip is Chairperson of the Cybercrime Practitioners’ Association.


Sandip is Chief Adviser to the OSP Cyber Academy.

Jul 14, 2021 (London)
4:30pm - 5:30pm
Live Keynote Q&A with Jane Frankland, Cybersecurity Executive | Author | Keynote Speaker | Awards Judge | Thought Leader & Women’s Change Agent
Jul 14, 2021 (London)
5:30pm - 6:20pm
Conference Close and Music from The Fanatics!

Enjoy a catch up with speakers, sponsors & peers and join our entertainment from The Fanatics!

“They’re hot. They rock. They get the party started!” Highly recommended by the many clients whose events they have set off with a bang, The Fanatics are an award-winning band, and among the industry’s favourite crowd-pleasers. With a repertoire spanning funk, soul, rock & pop, with killer male and female lead vocals, The Fanatics are a party powerhouse guaranteed to rock your dancefloor.
Recent gigs include the 2019 Gymnastic World Cup, where they performed for 16,000 people at the NEC, and 2 million BBC viewers.