Let’s get offensive: Using cyber-attack simulations to improve your cyber security posture

• Is Gartner right? “Is the Pentest really dead?”
• ….and is the killer Breach and Attack Simulation?
• Validate every vector of a mutivector attack – test yourself before, during, and after an attack
• Validate how safe you are NOW – launch 50 attacks at yourself live at the Roundtable

by Jonathan Gad, VP Business Development, Cymulate Show Profile

Rethink Data Loss Prevention: Shift from Prevention to Protection

• Where do legacy DLP solutions fall short?
• How to manage insider threat, compliance and incident response without stifling users

by Richard Agnew, VP EMEA, Code42 Show Profile

IAM; How analytics is changing everything

• How to analyse your entitlement data quickly and effectively
• How moving department is a clean-up opportunity
• Why a quick preventative control delivers more benefits than a slow detective one
• Why Gamification and Security go together, and how to harness social media approach to reduce cyber threats

by Mark Rodbert, CEO, idax Software Show Profile

AI: Positive forces at work, or false positives?

• False positives or ‘innocent anomalies’ are a huge distraction for over-stretched security teams
• How can a unique AI approach gather context and triangulate threats across the entire digital estate?
• Automate investigation, reduce false positives and simplify the security stack

by David Atkinson, CEO, Senseon Show Profile

Open Source security vulnerabilities 101

• Open source components have become a key building block for application development in today’s market where companies are under constant pressure to deploy products as fast as possible.
• The recent increase in open source usage, however, has introduced many new security challenges.
• Over the past few years, we have seen a variety of open source vulnerabilities wreak havoc across the web (Heartbleed, Shellshock, and POODLE) which woke organizations up to the risks that come along with the convenience of using open source components

by Clive McDaid, Director of Sales - EMEA, Whitesource Software Show Profile

How do you solve a problem like CyberSecurity?

• Is Security a Tactical or Strategic project to your business?
• Is the Cyber Security Industry its own worst enemy? Confusing? Overwhelming?
• EDR – Is it worth all of the hype?
• Do you approach security as a system? Or implement solutions to fill the ‘gap’?

by Marina Partlett, Corporate Enterprise Territory Account Manager, Sophos Show Profile

Point Product and Alert Overload: The Future of Cyber Security?

• Are too many security products and is this a serious problem for organisations of all sizes?
• Is the current industry solution – use yet more products – causing an unmanageable level of complexity, along with alert overload?
• Is it even possible to develop a genuinely integrated, adaptive, automated security solution – capable of preventing attacks before they occur?
• How is the idea of “really, truly, fully automated cyber security” might just be about to become a reality and how is this a game changer for the industry?

by Richard Walters, CTO, Censornet Show Profile

Phishing: The Uncomfortable Truths

• Phishing emails are making it, all too regularly, to the user inbox.
• How can an enterprise effectively defend itself against this single greatest cyber security threat?

by David Janson, Vice President - Sales, Cofense Show Profile

If organisations are digital first, why are they (still) security second?

• Organisations that undergo “digital transformation” are finding new revenue streams or reducing operational cost
• Many organisations are undergoing digital transformations to discover new revenue streams or reduce operating cost
• These initiatives are often driven from Board level, with security teams being forced to play catch up
• How is your security team reacting to, or driving, the digital transformation agenda?
• What security integrations, innovations and soft skills will help the Board see security first, not second?

by Sunil Choudrie, Security Strategist, Symantec Show Profile

Cyber security for the distributed world, managed detection and response

by James Morgan, Territory Manager - EMEA, eSentire Show Profile

Chair’s opening remarks

by David Topping, COO, BlueSky Show Profile

CyberSecurity Ratings: How an independent and out-side in perspective helps you manage and report on cybersecurity performance and third party risk management

CASE STUDY

• Why are increasing numbers of companies using external ratings
• What are cyber security ratings?
• How are ratings calculated?
• What types of risks do they identify?

by Philip East, Regional Sales Director, BitSight Show Profile

GDPR and global data protection variations: What have we learned and what are we still working on?

PANEL SESSION

• Update on the latest global data protection variations – is GDPR becoming the global data privacy standard
• Harmonising data protection approach for different legislative regions
• Brexit & data protection – latest update
• What have we learned about contracts between controllers-processors, and the implementation of data protection policies

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

by Rocio de la Cruz, Principal Associate, Gowling WLG Show Profile

by Shash Patel, Director, Information Risk Management & Privacy, Air Products Show Profile

by Matt Middleton-Leal, General Manager EMEA, Netwrix Corporation Show Profile

A Playbook for “Reasonable and Appropriate” Security Measures and Safeguards

CASE STUDY

• Understand the requirements and importance of implementing “reasonable and appropriate” security measures and safeguards for privacy professionals
• Outline several areas of common ground that should help every organisation align their security and privacy operations
• Take away a playbook for building a harmonised and risk-based security framework

by Jacob Eborn, Privacy Consultant, OneTrust Show Profile

Chair’s opening remarks

by Paul Taylor, Partner and UK Lead for Cyber in the Boardroom, KPMG Show Profile

A New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

BEST-PRACTICE BRIEFING

• Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats
• How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
• Why automation and autonomous response is enabling security teams to neutralise in-progress attacks, prioritise resources, and tangibly lower risk
• Real-world examples of subtle, unknown threats that routinely bypass traditional controls

by Dave Palmer, Director of Technology, Darktrace Show Profile

External Threats: Emerging recent trends in cyber criminality and the current risk landscape

PANEL SESSION

• Meeting the challenge of destructive and disruptive attacks from defence in depth intended to deter intrusive attacks
• Managing the nuances of a threat management discipline in a risk management culture
• The implications of new regulatory direction on cyber resilience as operational resilience
• Changing geo-political context affecting the threat environment for commerce and industry

by Tony Adams, Head of Investigations, Digital Forensics and Prevent Programme, National Cyber Crime Unit Show Profile

by Craig Rice, CSO, Pay.UK Show Profile

by Martin Smith MBE, Chairman & Founder, The Security Company Show Profile

by Niall MacLeod, Director of Solutions Engineering – EMEIA, Anomali Show Profile

Common failings of IoT – avoid providing attackers with toehold to exploit on your corporate network

BEST-PRACTICE BRIEFING

• Discuss the emergence of the IoT and it’s enabling technologies
• Explain why the security of IoT devices and apps is so poor
• Demonstrate exactly how devices can be compromised, and how that can put your corporate network at risk
• Show how you can make networks and users resilient to attack via IoT devices

by Ken Munro, Partner, Pen Test Partners Show Profile

The future of authentication: Secure passwordless login for employees and customers

BEST-PRACTICE BRIEFING

• The death of the password?
• Can SFA securely replace 2FA and MFA?
• When something you have replaces something you are or something you know
• Best-practice in deploying SFA across whole organisations

by Claire Galbois-Alcaix, Marketing Director, Yubico Show Profile

Blockchain beyond the marketing: Where is it currently in use, and what are the lessons for Information Security professionals?

PANEL SESSION

• How can information security specialists engage with this technology?
• Insight in the adoption opportunities and challenges for the wider business economy
• How the UK government is approaching investment and regulation of Blockchain
• Is blockchain technology in itself secure?

by Dr Maria Grazia Vigliotti, Founder & Director, Sandblocks Consulting Show Profile

by Roxanne Morison, Head of Digital Policy, CBI Show Profile

by Tim Holmes-Mitra MBE, Co-founder and CTO, Broadhaven Show Profile

Security innovations from Google: Preventing phishing and Zero Trust security

BEST-PRACTICE BRIEFING

• How Google prevents its employees being phished, having no reported or confirmed account takeovers since 2017
• What we are doing to protect billions of consumers and customers, and how they can prevent phishing like Google
• Zero Trust: How Google provides secure remote access to 80,000+ employees without the use of a VPN
• How you can take advantage of Google’s ongoing research and investment in security

by Tom Salmon, Customer Engineer for Google Cloud Platform, Google Show Profile

Real cases of Social Engineering: Hackers, competitors and insiders

CASE STUDY

• How attackers, in a real case over 13 months, used social engineering to turn a dedicated employee into a malicious insider, what the devastating consequences were for the victims and how a competitor got their hands dirty in the attack.
• What are the four social engineering attack vectors and how they are employed by attackers?
• Why does social engineering work so well as an attack vector and what to look out for when trying to defend against it?
• Some simple defensive steps you can take to make yourself a less appealing target of social engineering

by Lisa Forte, Partner, Red Goat Security Show Profile

The threat from AI – latest research into the cyber security of AI

RESEARCH BRIEFING

• Is AI going to stop cybercrime?
• The threat from smart malware and botnets
• Where is the intersection between AI, cyber security, and human-computer Interaction?
• How do we ensure security, privacy and transparency in complex and automated systems?

by Dr Jose Such, Director of the EPSRC-NCSC Academic Centre of Excellence in Cyber Security Research (ACE-CSR), King's College London Show Profile

The Decalogue of Contractual Security Sins

CASE STUDY

• Why do we keep running into security issues with our IT contracts?
• What are the most prevalent “Security Sins” we see in our contracts?
• What are some real-life examples and consequences of such issues?
• What can security and business professionals do to prevent these issues?

by Sebastian Avarvarei, Director Advisory Security Services, Wolters Kluwer Show Profile