Agenda


The TEISS 2019 agenda is below, with more speakers and sessions being added regularly.

08:00 Registration and welcome refreshments

Chair’s introduction and welcome

by Mark Johnson, Founder & CEO, The Risk Management Group Show Profile

09:00

Active Cyber Defence: Practical steps, marginal improvements, attack deterrence and lessened impact

PLENARY KEYNOTE

  • Using automation to reduce some of the most common weaknesses in cyber security defences
  • Reducing UK-based phishing sites and other results of the ACD programme
  • Understanding your risk and deploying suitable defence capabilities to fend off threats
  • Guidance to boards on questions to ask cyber security teams

by Ciaran Martin, CEO, National Cyber Security Centre Show Profile

09:10

Plenary Keynote

09:30

Behavioural psychology in the Fortune 500 – changing habits to protect your organisation from cyber criminality

PLENARY KEYNOTE

  • The number one cyber security threat facing the world!
  • What role behavioural science plays in Cyber Security
  • Why the CMO wins with the CFO and the CSO loses
  • How to modify belief and align with other CXOs to reduce cyber liability in the organisation

by Adam Anderson, Founder/CSO, Element Security Group Show Profile

09:50

Collaboration, Simplicity, Certainty: How organisations can work together to defend everyone from cyber criminality

PLENARY PANEL SESSION

  • Moving to institutionalised, active collaboration and organisational learning that spans organisations, industries and countries
  • Creating a cyber security process that turns volatility into business as normal
  • What makes collaboration effective, and what are the challenges to collaborating effectively?
  • How do you merge the interests of private and public sector bodies to form effective collaboration

by James Hatch, Director - Cyber Security, BAE Systems Show Profile

by Ian Burgess, Principal, Technology and Digital Policy Delivery, UK Finance Show Profile

by Titta Tajwer, CISO, News UK Show Profile

by Kevin Jones, Vice President - Global Technology, JP Morgan Show Profile

10:10

11:00 Morning refreshments & networking

Workshop 1

11:30

Let’s get offensive: Using cyber-attack simulations to improve your cyber security posture

  • Is Gartner right? “Is the Pentest really dead?”
  • ….and is the killer Breach and Attack Simulation?
  • Validate every vector of a mutivector attack – test yourself before, during, and after an attack
  • Validate how safe you are NOW – launch 50 attacks at yourself live at the Roundtable

by Jonathan Gad, Chief Revenue Officer, Cymulate Show Profile

11:30

Rethink Data Loss Prevention: Shift from Prevention to Protection

  • Where do legacy DLP solutions fall short?
  • How to manage insider threat, compliance and incident response without stifling users

by Richard Agnew, VP EMEA, Code42 Show Profile

11:30

IAM; How analytics is changing everything

by Mark Rodbert, CEO, idax Software Show Profile

11:30

Using sensory AI for cyber defence

by Senseon

11:30

Why do CISOs fail? Overcoming the top five barriers to success and organisation-wide impact

11:30

Passive defence v Active defence – which of your operations require a different cyber security strategy

11:30

Which security metrics do you track, which can you track, and which should you ignore?

11:30

Is cyber security training a waste of your budget? Where to focus security education to have the greatest impact

11:30

AI and machine learning: Can you use legacy data to calculate the risk of future attacks?

11:30

How do you run your hacking and incident response exercises, and how do these replicate “live” threats?

11:30

12:30 Lunch & networking

The negotiating CISO: Develop and maintain the right relationships with the right vendors at the right price

BEST-PRACTICE BRIEFING

  • How do you learn about disruptive tech?
  • VARs, Vendor Aggregators and conferences like this one!
  • Direct Vendor Engagement
  • My experiment with vendor engagement, and what I’ve learned from it

by Allan Alford, CISO, Mitel Show Profile

13:40

Measuring progress in cultural change – which metrics are quantifiable, repeatable and comparable

PANEL SESSION

  • The importance of establishing benchmarks before engaging in any change exercise, both qualitative and quantitative
  • Recognising and reflecting behavioural psychology, cognitive abilities, social attitudes and modern work-environments
  • Definitions and objectives – what do we want the end ‘culture’ to look like, so that we can establish progress against this
  • Can you measure employees’ emotions about organisational security?

by John Scott, Head of Security Education, Bank of England Show Profile

by Lucy Payne, Security Awareness and Engagement Lead, Aviva Show Profile

by Louise Cockburn, Information Security Awareness and Culture Manager, Quilter Show Profile

by Kiran Salam, Global Security Education and Awareness Manager, Equifax Show Profile

14:05

Am I the security risk in your supply chain? Why your compliance checklists don’t offer the information security you need

CASE STUDY

  • What do compliance checklists really protect?
  • Which compliance questions reveal the biggest security risks with 3rd parties
  • Alternative approaches to identifying risk in the supply chain
  • How to work up and down the supply chain to improve information security

by Bridget Kenyon, Global CISO, Thales eSecurity Show Profile

14:55

Chair’s opening remarks

by David Topping, COO, BlueSky Show Profile

13:30

Integrating privacy engineering into your information security practices

CASE STUDY

  • Where can privacy processes beat hackers, and where can security awareness beat them?
  • Why a reliance on security is not the same as privacy
  • Which legal, policy and operational processes need to be considered when implementing privacy engineering?
  • Evaluating whether your systems fulfil users’ privacy needs
13:40

GDPR and global data protection variations: What have we learned and what are we still working on?

PANEL SESSION

  • Update on the latest global data protection variations – is GDPR becoming the global data privacy standard
  • Harmonising data protection approach for different legislative regions
  • Brexit & data protection – latest update
  • What have we learned about contracts between controllers-processors, and the implementation of data protection policies

 

by Jon Townsend, CIO, National Trust Show Profile

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

by Rocio de la Cruz, Principal Associate, Gowling WLG Show Profile

by Shash Patel, Director, Information Risk Management & Privacy, Air Products Show Profile

14:05

Security innovations from Google: Preventing phishing and Zero Trust security

BEST-PRACTICE BRIEFING

  • How Google prevents its employees being phished, having no reported or confirmed account takeovers since 2017
  • What we are doing to protect billions of consumers and customers, and how they can prevent phishing like Google
  • Zero Trust: How Google provides secure remote access to 80,000+ employees without the use of a VPN
  • How you can take advantage of Google’s ongoing research and investment in security

by Tom Salmon, Customer Engineer for Google Cloud Platform, Google Show Profile

14:55

A New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

BEST-PRACTICE BRIEFING

  • Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats
  • How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
  • Why automation and autonomous response is enabling security teams to neutralise in-progress attacks, prioritise resources, and tangibly lower risk
  • Real-world examples of subtle, unknown threats that routinely bypass traditional controls

by Darktrace Show Profile

13:40

External Threats: Emerging recent trends in cyber criminality and the current risk landscape

PANEL SESSION

  • Meeting the challenge of destructive and disruptive attacks from defence in depth intended to deter intrusive attacks
  • Managing the nuances of a threat management discipline in a risk management culture
  • The implications of new regulatory direction on cyber resilience as operational resilience
  • Changing geo-political context affecting the threat environment for commerce and industry

by Tony Adams, Head of Investigations, Digital Forensics and Prevent Programme, National Cyber Crime Unit Show Profile

by Craig Rice, Chief Security Officer, Pay.UK Show Profile

by Niall MacLeod, Director of Solutions Engineering – EMEIA, Anomali Show Profile

14:05

Common failings of IoT – avoid providing attackers with toehold to exploit on your corporate network

BEST-PRACTICE BRIEFING

  • Discuss the emergence of the IoT and it’s enabling technologies
  • Explain why the security of IoT devices and apps is so poor
  • Demonstrate exactly how devices can be compromised, and how that can put your corporate network at risk
  • Show how you can make networks and users resilient to attack via IoT devices

by Ken Munro, Partner, Pen Test Partners Show Profile

14:55

15:20 Afternoon refreshments & networking

Fixing the disconnect – using the right language and translating from SOC to C Suite and back again

BEST PRACTICE BRIEFING

  • Translating C Suite priorities to your security team
  • Communicating threats and risks upwards to your C Suite
  • Where technical jargon helps, and where it hinders
  • Measuring and reporting progress and impact
16:00

Getting the CEO on board: How high-level buy-in turned our people into our strongest line of defence

CASE STUDY

  • Giving information security the same priority as Health & Safety
  • Creating a “no-blame” culture from the top down
  • Changing the “weakest link” culture of security
  • Measuring the impact of your top-down approach

by Mark Nicholls, Head of Information Security & Governance, Peabody Show Profile

16:25

Where are the information security risks in your supply chain? Best-practice in working with suppliers to identify shared vulnerabilities

CASE STUDY

  • Do you know what risk your supply chain presents to you?
  • How do you manage the risk in your supply chain?
  • If your suppliers suffer a data breach/loss where des you accountability start and end?
  • How can you provide assurance to your board that your suppliers have been properly vetted and the data they hold on your behalf is safe and secure?

by Mike Pitman, CISO, Dunnhumby Show Profile

16:50

Implementing secure single-factor authentication: The right and wrong way to end weak password use

BEST-PRACTICE BRIEFING

  • The death of the password?
  • Can SFA securely replace 2FA and MFA?
  • When something you have replaces something you are or something you know
  • Best-practice in deploying SFA across whole organisations
16:00

Blockchain beyond the marketing: Where is it currently in use, and what are the lessons for Information Security professionals?

PANEL SESSION

  • How can information security specialists engage with this technology?
  • Insight in the adoption opportunities and challenges for the wider business economy
  • How the UK government is approaching investment and regulation of Blockchain
  • Is blockchain technology in itself secure?

by Dr Maria Grazia Vigliotti, Founder & Director, Sandblocks Consulting Show Profile

by Roxanne Morison, Head of Digital Policy, CBI Show Profile

16:25

Real cases of Social Engineering: Hackers, competitors and insiders

CASE STUDY

  • How attackers, in a real case over 13 months, used social engineering to turn a dedicated employee into a malicious insider, what the devastating consequences were for the victims and how a competitor got their hands dirty in the attack.
  • What are the four social engineering attack vectors and how they are employed by attackers?
  • Why does social engineering work so well as an attack vector and what to look out for when trying to defend against it?
  • Some simple defensive steps you can take to make yourself a less appealing target of social engineering

by Lisa Forte, Partner, Red Goat Security Show Profile

16:00

The threat from AI – latest research into the cyber security of AI

RESEARCH BRIEFING

  • Is AI going to stop cybercrime?
  • The threat from smart malware and botnets
  • Where is the intersection between AI, cyber security, and human-computer Interaction?
  • How do we ensure security, privacy and transparency in complex and automated systems?

by Dr Jose Such, Director of the EPSRC-NCSC Academic Centre of Excellence in Cyber Security Research (ACE-CSR), King's College London Show Profile

16:25

The problem of trust and how it can destroy your organisation

BEST-PRACTICE BRIEFING

  • What is trust in an organisational context?
  • Why is it a problem for security professionals?
  • Why do people trust wrongly?
  • How can we make sure people trust appropriately?

by Jeremy Swinfen Green, Head of Consulting, TEISS Show Profile

16:50

17:15 Drinks reception & networking

08:00 Welcome refreshments & networking

Challenging and changing your data protection culture: Building awareness and engaging individuals inside and outside the office

CASE STUDY

  • Exploring the challenges of harnessing a data protection culture within your business.
  • How you can potentially overcome those challenges to embed a data protection culture.
  • How you ensure individuals are aware of their data protection responsibilities both inside and outside the office.
  • How you ensure individuals remain engaged with those responsibilities

by Matthew Kay, Group Data Protection Officer, Balfour Beatty Show Profile

09:10

Alternative approaches to recruitment: Attracting and retaining talent from non-traditional routes

CASE STUDY

  • Are some skills sets more transferable than others for cyber security careers?
  • Overcoming ingrained prejudices in cyber recruitment
  • Hire experience or hire to train?
  • Moving away from a blame culture to retain your best security staff
09:35

Effective threat intelligence communication strategies: Upwards, downwards and outwards

CASE STUDY

  • Communicating threats to different audiences, and how they decipher what they have just been told
  • Effective means and methods of communication tailored to your audience
  • Delivering the bad news with the good news – marrying the threat with the prevention in a single message
  • External communications and why your Press & Publicity team are critical to you

by Nick Nagle, CISO, Condé Nast International Show Profile

10:00

Chair’s opening remarks

by David Topping, COO, BlueSky Show Profile

09:00

Automatic profiling and GDPR: Is your use of AI to profile users and make automated decisions compliant?

LEGAL BRIEFING

  • GDPR – Profiling Overview including; Data; Subject; Fundamental Rights
  • Article 22 – Interpretational challenges for sole automated processing
  • Striking a balance – Public Benefit & Individual harms
  • What of the future? – identifying risk; working towards more efficient compliance; DPIAs; Privacy by Design and Certification

by Angeline Hayles-Henderson, Solicitor - Data Protection/Privacy and Information Law, Birmingham City Council Show Profile

09:10

Understanding and securing your data crown jewels: Building and implementing a new model to assess the sensitivity of data, and applying protective controls

CASE STUDY

  • Understanding the extent of your data holding – your crown jewels
  • Creating new methods to assess the content of data for its sensitivity and protection
  • Developing security policy based on data sensitivity to meet risk appetite, security protection and legal requirements
  • Embedding data ownership for improved governance

by Andy Wall, Chief Security Officer, Office for National Statistics Show Profile

09:35

Moving to a continuous assurance model to minimise risk, maintain information security and avoiding human error

CASE STUDY

  • Prevention strategies v Mitigation strategies
  • Establishing a model to monitor data risk over time
  • Measure cyber risk and shorten response times
  • Communicating and managing change across the organisation to avoid human error
10:00

Using AI in behavioural analytics to identify and negate internal threats

CASE STUDY

  • Moving from legacy detection to full-spectrum behavioural analytics
  • How can you prevent false negatives?
  • Accomplish highly accurate anomaly detection from the outset
  • Using legacy behavioural data to predict and pre-empt internal threats
09:10

Defence-in-depth: Building a defence system that withstands human error

CASE STUDY

  • Helping people make the right choices in their day-to-day lives without training
  • Can we survive people clicking links, downloading files or visiting malicious sites
  • Ensuring infection is not the start of catastrophic, city-wide failure
  • Developing a “digital twin” to recover painlessly and quickly

by Michael Makstman, CISO, The City and County of San Francisco Show Profile

09:35

The security risk from legacy IoT devices on your network: Where vulnerabilities may lie and how to mitigate the risk for the future and new devices joining the network

BEST-PRACTICE BRIEFING

  • What are the three most important issues should you consider when implementing IoT?
  • What are the challenges and risks with these three issues?
  • What risks you should be aware of for each issue?
  • How should you address each issue to mitigate current and future risk?

by Phil Beecher, President/CEO, Wi-Sun Alliance Show Profile

10:00

10:25 Morning refreshments & networking

Demonstration 2

11:20

Demonstration 3

11:40

Workshop 2

11:00

Workshop 3

11:00

12:00 Lunch & networking

Chair’s introduction and welcome

by Geoff McDonald, Co-Founder, Minds@Work Show Profile

13:30

Unacceptable personal pressure: How senior Cyber Security Executives safeguard their own mental health, and those of their teams

PLENARY PANEL SESSION

This panel of leading information security professional discuss different strategies for maintaining a healthy work/life balance for themselves, for the teams they lead, and how they share professional and personal concerns.

  • How CISOs have a duty of care to protect the mental health of those that they work with
  • How to recognise burn out in your team and yourself, and ways in which we can reduce the stress of individuals
  • Building a team culture and values, and how your culture influences honesty and openness
  • Understanding personality types and triggers, and creating a circle of trust

by Paul Watts, CISO, Dominos Pizza Show Profile

by Thom Langford, CISO, Publicis Groupe Show Profile

by Mark Walmsley, CISO, Freshfields Bruckhaus Deringer LLP Show Profile

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

by Allan Alford, CISO, Mitel Show Profile

13:40

Plenary Keynote

14:40

Chair’s closing remarks

15:00

15:50 Conference close

back to top

Copyright © Lyonsdown Ltd. 2018. All rights reserved. TEISS® is a registered trademark of Lyonsdown Limited.