The European Information Security Summit 2019 (TEISS)

TEISS 2018 featured over 60 sessions in 3 distinctive streams. Discover our 2018 agenda below. TEISS 2019 agenda will be released in Autumn.


KEYNOTE: Security is an illusion – where are your invisible vulnerabilities?

  • How to walk into a bank: is your security better than theirs?
  • 10 simple things you can change today to improve your security… but probably won’t

by FC aka ‘Freakyclown’, Co-Founder & Head of Ethical Hacking, Redacted Firm Show Profile


KEYNOTE: Why cyberthreats could kill your business transformation

We live in a connected world, and many organizations have responded with business transformation programs encompassing cloud, remote endpoints, shared networks, and more.  How long can these connected systems and processes survive in a world of next generation, increasingly stealthy and complex cyber threats?

This keynote will consider the threats facing digitally-powered businesses today and in the coming years – and how the security industry can help them address these threats. Not just through multi-layered, machine-learning and intelligence-based protection, but, equally importantly, through collaboration – with each other and with the business community – to share intelligence, build skills, and ensure security is built in from the very start of every new product and service.

by Adam Maskatiya, General Manager UK & Ireland, Kaspersky Lab Show Profile


KEYNOTE PANEL: Making post-Brexit cyber more secure

  • How will Brexit affect international intelligence sharing?
  • Anticipating the impact on operational processes

by Thom Langford, CISO, Publicis Groupe Show Profile

by Andy Bates, Executive Director UK & Europe, Global Cyber Alliance Show Profile

by Paul Edmunds, Head of Technology, National Cyber Crime Unit Show Profile

by Laura Jones, Senior Cyber Intelligence Analyst, Barclays Show Profile


Announcing the TEISS Awards

  • Nominated candidates will discover in this session which other entries are shortlisted alongside theirs
  • Conference delegates will be invited to review and judge these entries online after the conference
  • Winners of the inaugural Information Security Peer Award will be declared and celebrated at a ceremony in June

by Stephen Citron, Director, The Peer Awards Show Profile




Refreshment Break & Networking



  • Sensitive data: how much do you have; where is it; is it safe from attackers?
    • Hosted by Mandeep Sandhu, Compliance Technical Director, Carbon Black
  • Let’s get Offensive: Using cyberattack simulations to improve your cyber security posture
    • Hosted by Jonathan Gad, VP Business Development, Cymulate
  • Are we really dealing with the most sophisticated attacks head on?
    • Hosted by Dr Simon Wiseman, CTO, Deep Secure
  • Responding to ransomware
    • Hosted by Rory Duncan, Head of Security UK&I, Dimension Data and Chris Knowles, Senior Alliances Manager, NTT Security
  • Surviving a data breach: Lessons Learned for the SOC, CISO & Board
    • Hosted by Stephen Moore, VP & Chief Security Strategist at Exabeam, former Director of Infosec at Anthem
  • AI, machine learning and the possibilities it opens up in preventing, detecting and responding to attacks
    • Hosted by Martin Borrett, CTO, IBM Security Europe and Robert Sedman, Director, IBM UKI Security
  • How AI can help secure identities
    • Hosted by Gianni Aiello, Senior Manager Product Development, SailPoint
  •  How can cybersecurity awareness and training help organisations prepare for and comply with GDPR?
    • Hosted by Paul Down, EMEA Area Director, Wombat Security Technologies
  • Beyond data loss: the true impact of the Insider Threat
    • Hosted by Matt Little, CTO & Director, Zonefox

Workshop: Attracting and retaining talent

Cybercrime continues to grow; it cost the global economy more than $450 billion in 2016. On average companies face in excess of 200,000 security events on a single day. The people carrying out these attacks are becoming more organised and aggressive, while those defending against them struggle to grow their ranks.

The skills shortage is well documented, and whilst there a long overdue focus on bridging the skills gap for the future we address what can be done today to ensure your business is attracting and retaining the limited talent on offer.


Lunch & Networking

CHAIR: Martin Smith, Founder, The Security Company

CASE STUDY: People, the strongest link

  • Transforming perceptions of people’s role in your organisation’s security
  • What security education, awareness and training can do, and what it can’t
  • Innovating cyber security education to make it more effective

by Emma W, People-Centered Security Team Lead, National Cyber Security Centre Show Profile


HOW TO: Trust your staff to detect attacks earlier

The average time elapsed between the initial breach of a network by an attacker and the discovery by the victim is 146 days and only 19% are identified by internal security processes. The threat is evolving at such a pace that internal security processes are no longer able to keep up. This presentation looks at some of those other methods of cyber-attack detection and offers advice on steps organisations can take to shorten the gap between attack and detection.

by Dr. Sandra Bell, Head of Resilience Consulting, Sungard Show Profile


HEAD TO HEAD: Is training a waste of money?

Should you spend your budget on training or technology? Which has a greater chance of mitigating incidents? Which has a better ROI?

This head-to-head will champion the two approaches to identify the best areas of cyber security investment.

by Vijay Rathour, Partner, Grant Thornton Show Profile

by Martin Smith, Founder, The Security Company Show Profile

by Raef Meeuwisse, External Relations Director & Author of 'Cybersecurity for Beginners', Isaca London Chapter Show Profile

by Simon Townsend, Chief Technologist EMEA, Ivanti Show Profile

by Andrew Rice, Information Security Strategist, Interpublic Group Show Profile




Refreshment Break & Networking


CASE STUDY: How do we increase compliance?

  • Can we improve on the traditional behavioural levers of rules and regulations, rewards and fines, information and awareness-raising?
  • Examining case studies where seemingly inconsequential adaptations to the design and implementation of public services had a disproportionate impact on behaviour

by Evie Monnington-Taylor, Senior Advisor, The Behavioural Insights Team Show Profile


HOW TO: Manage internal cyber risk holistically

  • Training and awareness are vital, but are not enough to keep organisations secure from mistakes by employees
  • Processes and policy instructions need to be easy to use and must not get in the way of completing everyday work tasks
  • Employees need to be motivated to keep data and systems safe: and that means developing a strong security culture

by Jeremy Swinfen-Green, Head of Consulting, TEISS Show Profile

CHAIR: Ed Moyle, Director Thought Leadership, ISACA

CASE STUDY: Security at scale — lessons from 15+ years securing Google

An end-to-end process is required for true security. Google has developed its model based on over 15 years of experience keeping customers safe on applications ranging from Gmail to Search and Google Cloud. These services are used by over a billion users every month from almost every country in the world. In this session, Tom Salmon will share lessons Google has learned doing this work, providing audience members with a clear understanding of the processes, software and hardware they can use to deter even the most advanced threats.

by Tom Salmon, Customer Engineer for Google Cloud Platform, Google Show Profile


BUSINESS UPDATE: The future impact of AI in cybercrime

The risks from the digital era have changed. We should now expect attacks on enterprise physical assets as well as the deliberate undermining of data-driven strategic decisions aimed to cause damage in the long term. AI and machine learning developments offer new opportunities for resilience across the whole digital business but will how will these same developments by used by digital criminals?

by Dave Palmer, Director of Technology, Darktrace Show Profile


PANEL DISCUSSION: The pros and cons of implementing AI as a cyber security measure

  • Using AI as a data discovery tool
  • Is AI purely a tool for speeding information or will it change the management of cyber space?
  • How much of a risk is it? Preparing for the ways it can be turned against us

by GP Singh, Global Head of NPL - AI & Robotics, Deutsche Bank Show Profile

by Akhil Lalwani, Head of Data Insights and Innovation, Prudential Show Profile

by Sue Daley, Head of Programme, TechUK Show Profile

by Gianni Aiello, Senior Manager Product Management, Sailpoint Show Profile




Refreshment Break & Networking


CASE STUDY: Improving incident detection through capturing new behaviour analytics

  • Using technology to protect ‘boxes from brains’ (and vice versa) through advanced communications
  • Moving from legacy detection techniques to full-spectrum behaviour analytics across the enterprise
  • Integrating a suite of sensors and analysis to build a corporate immune system of automatic actions

by Dr Mils Hills, Director, Centre for Security, Crisis, Risk Advisory and Management, University of Northampton Show Profile


As attackers evolve, so must machines: advancing machine learning beyond the hype

The demand for machine learning (ML) in security is growing fast. There are countless approaches, but there’s also a lot of hype. This talk provides a frank assessment of the strengths and weaknesses of static analysis, decompilation, detonation, in-context analysis, and other emerging approaches, all grounded in real-world examples and specific algorithmic details.

by Randeep Gill, Regional Technical Engineer, Carbon Black Show Profile

by Mandeep Sandhu, Compliance Technical Director, Carbon Black Show Profile


TOMORROW’S CYBER: What quantum computing means for cyber security

  • How soon will quantum computing become a corporate reality?
  • Slowing down the hackers: the impact of quantum computing on encryption

by Carlos Perez-Delgado, Lecturer in Computing, University of Kent Show Profile

CHAIR: A representative from the IoT Security Foundation

TOMORROW’S CYBER : 12 IoT controls for auditing security on connected devices

In the near future IoT devices will carry a white goods equivalent rating scale, similar to washing machines and refrigerators. Instead of energy usage, manufacturers will be measured on the number and type of security controls they have implemented. To begin the journey on IoT control standardisation, this presentation lists 12 IoT controls to provide a simple method to audit IoT devices which focuses on the device’s environment of use.

by Yiannis Pavlosoglou, Executive Director of Cyber Resilience, UBS Show Profile


BUSINESS UPDATE: Insecurity of Technology (IoT) – security and privacy in an instrumented world

IoT allows instrumentation of environments with sensors and actuators, which improves situational awareness and real-time remote control of systems. Data-driven automation based on relatively cheap IoT devices improves convenience and reduces costs, but it also introduces new risks arising from diminished robustness and increased attack surfaces. Moreover, automated collection of massive amounts of data raises serious privacy concerns, when data relates to identifiable people.

by Christian Damsgaard Jensen, Associate Professor, Technical University of Denmark Show Profile


SPRINGBOARD DISCUSSION: Taking responsibility for IoT beyond your business

  • Society 5.0 – integrating man and machine
  • The threats and opportunities of IoT security
  • Securing big urban data and critical national infrastructure in smart environments

by Angeline Hayles-Henderson, Solicitor, Birmingham City Council Show Profile

by Julie Alexander, Director, Urban Development & Smart Cities, Siemens Show Profile

by Dr. Martin Schulz, Senior Research Fellow, Fujitsu Research Institute Show Profile

by Peter Warren, Chairman, Cyber Security Research Institute Show Profile




Refreshment Break & Networking


CASE STUDY: Broadening your risk awareness of the IoT attack surface

  • Who is vulnerable to IoT compromise? Asset and vulnerability management
  • Common attacks and how to defend against them
  • Designing for an agile defence
  • Planning for idiosyncratic attacks

by Chad Childers, Connected x Security, Ford Motor Company Show Profile


CASE STUDY: Challenges and considerations for a more secure Internet of Things

In this talk, Dr. Garcia-Morchon will provide an overview of challenges and considerations for a secure IoT, including:
• the relevance of considering (resource) constraints of devices and IoT systems when deploying security
• requirements for a secure development process
• challenges arising from the heterogeneous nature of IoT systems
• problems to perform secure bootstrapping
• the importance of software updates, testing and bug hunting
• quantum-computers and long-term security
• trustworthy operation
• risks of data leakage

by Oscar Garcia-Morchon, Senior Scientist & Project Leader, Philips Show Profile


BUSINESS UPDATE: Automated cost effective security for IoT devices

  • Authenticating IoT devices
  • Implementing security-by-default incentives for device manufacturers

by Dr. Shahid Raza, Director of Security Lab, RISE SICS Show Profile

Hosted by Kaspersky Lab

The top cyberthreats your business could face in 2018

  • Forecasting the main threats facing business over the next 12 months
  • Exploring their evolution and impact on sectors including financial services, automotive, connected health and industrial security

by David Emm, Principal Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky Lab Show Profile


How can security teams successfully fight advanced threats?

  • Why did big brands, some with big cybersecurity budgets, fall victim to attack in 2017?
  • Next generation, complex threats require more – it’s about the right security process, expertise and tools

by Alessio Aceti, Head of Enterprise Business, Kaspersky Lab Show Profile


The security leadership debate: is there an acceptable level of risk?

  • Is any risk worth taking in the face of next generation cyberthreats?
  • Finding the balance between security investment and the likelihood of a severe attack
  • How much is enough: skills, security software, threat intelligence?

by Adam Maskatiya, General Manager UK & Ireland, Kaspersky Lab Show Profile

by Dan Raywood, Contributing Editor, Infosecurity Magazine Show Profile

by Mike Buck, Head of Delivery, BJSS Show Profile

by Thom Langford, CISO, Publicis Groupe Show Profile

by Gareth Wharton, Cyber-CEO, Hiscox Insurance Show Profile



Drinks Reception

CHAIR: Martin Smith, Founder, The Security Company



CASE STUDY: Designing the human element into eServices

  • Overcoming legacy systems to implement Smart changes
  • Creating an E-State: how the Estonian government improved national cyber security

by Crystal LaGrone, Department of Privacy Technologies, Cybernetica Show Profile


HOW TO: Run ethical hacking exercises and incident response

  • Exploring free tools to help test and train staff in a safe, realistic environment, including:
    • VM malware detonation
    • Kali Linux
    • Precedence vs Impact Assessments
  • Improving staff buy-in through full organisational exercises

by Kieren Nicolas Lovell, Head of Computer Emergency Response, University of Cambridge Show Profile


Refreshment Break & Networking

CHAIR: Ed Moyle, Director Thought Leadership, ISACA



BUSINESS UPDATE: Cybersecurity the right way – to a standard!

Cybersecurity is a vast and daunting topic.  Getting the fundamentals right is critical.  BS10010 (Information Classification, Marking and Handling) is a pragmatic standard approach to understanding what data and Information is, and is not, valuable or sensitive in your organisation and how to manage it securely.

Implementing the standard can:

  • Reduce Risk
  • Improve the effectiveness of all other Cybersecurity initiates
  • Make it easier for staff to take part in Cybersecurity
  • Simplify secure information exchange with other organisations

This presentation introduces and positions BS10010 as part of your overall Cybersecurity initiatives, shows how it positively affects your organisation and gives an overview of how simply it can be implemented, even post GDPR.


by David Topping, COO, BlueSky Show Profile

by Andrew Rogoyski, Committee Chair, BSI Show Profile


BUSINESS UPDATE: Cyber security myths and reality

Why focus on potential zero day attacks, when the vast majority of successful attacks use known vulnerabilities?  This short presentation includes a brief analysis of a successful attack on the US Government and then describes a number of common cyber security myths and their real world solutions.  It ends by recommending a standard set of security controls that have been developed over many years by the US Department of Defense.


by Sumin Tchen, Principal & Founder, Belarc Show Profile


HOW TO: Fight back against phishing

  • Identifying patterns from the tide of spam: who’s being targeted, how, and where from?
  • Using this information to improve defences and follow up on attacks

by Lesley Marjoribanks, Head of Ethical Phishing, Royal Bank of Scotland Show Profile


Refreshment Break & Networking

CHAIR: A representative from the IoT Security Foundation



CASE STUDY: Ethics and IoT – a new generation of smart cities

  • Designing delivery systems from scratch: Google’s Quayside Development in Toronto
  • Assessing the risks attendant in advanced data collection
  • Exploring an ethical framework for IoT data gathering and usage
  • What can be done to mitigate the information being passively taken by companion robots such as the Amazon Echo and the Roomba?

by Professor Tom Sorell, Professor of Politics and Philosophy, University of Warwick Show Profile


TOMORROW’S CYBER: Ethics, consent and the Internet of Everything

  • Gathering and using data ethically in IoT
  • Developing active, rather than passive, consent across all stakeholder groups

by Gordon Wright, Future Strategist – IT and Transformation, Aberdeen City Council Show Profile


TOMORROW’S CYBER: On the Internet of Things, no one knows you’re a fridge

2017 has seen escalating cyber attacks which commoditised cybercrime into the next ‘as-a-service’, and huge data breaches involving millions of citizens have become the new norm. Despite the volume of cyber attacks, we are experiencing low attacker capability. Alongside this, many organisations are trying to understand how the Internet of Things can be used to increase productivity and reduce costs. As attacks evolve, what happens when we add IoT to the mix? What will future attacks look like and how can we defend against them?

by Paul Heffernan, Group CISO, Unipart Group Show Profile


Refreshment Break & Networking





CASB – Your New Best Friend For Safe Cloud Adoption and a Pathway Towards Cloud Data Compliance?

The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots. Forcepoint’s session examines at the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk including:

–       Identify and assess risk from your cloud supply chain

–       Help maintain data residency and sovereignty

–       Protecting cloud user identities by identifying high-risk user behaviour

–       Managing the flow of personal data

–       Control how sanctioned cloud apps are used (O365, Salesforce,      Dropbox etc), so you can prevent the loss of critical data and intellectual property

by Mike Smart, Director Products and Solutions, Forcepoint EMEA Show Profile


Incident response and artificial intelligence, a tabletop workshop

Can you truly know if your organization has been compromised? How easily can you identify the extent of the breach? We’ve all heard of the nightmare scenario of an attack already in the environment – spreading out and waiting to exfiltrate data from the network. This discussion will focus on an arms race between indicators of compromise with a limited half0life and an attacker looking to bypass technologies and hunt teams.

Cylance believes artificial intelligence (AI) can be a great force multiplier. This session will break attendees into groups to walk them through key parts of a simulated security incident. Participants will discuss their ideas of a course of action at each stage in groups facilitated by Cylance practitioners, who will in turn, provide insight into how the Cylance® Consulting uses machine learning and AI to search for behavioural indicators of compromise at a scale, while maintaining smaller human resourcing requirement.

by Luke Hull, Director, Cylance Show Profile


Lunch & Networking



The TEISS Peer Award Shortlist Showreel

Conference delegates will be given a first glimpse of a selection of the innovative nominated entries


KEYNOTE: The next generation of online security

  • Protecting online identities in an increasingly connected world: what are the major risks and how can you mitigate them?
  • Moving away from the old methods: what will tomorrow’s security look like, and what standards will they have to meet?

by Jerrod Chong, SVP Product, Yubico Show Profile


KEYNOTE: Outlining the impact of different cyber threats on the global economy

by David Nordell, Senior Vice President, International Strategy, Policy & Law, Centre for Strategic Cyberspace & Security Science Show Profile


Incident Response War Stories

Real life hacking case examples from the front line of incident response and investigations into data breaches. Benn will take you through the findings of his more interesting forensic incident response investigations to help you learn from others’ mistakes, and give you some tips to hopefully keep the hackers away from your data or at least help you react more efficiently if you’re faced with responding to a computer incident.

by Benn Morris, Founding Partner, 3B Data Security Show Profile


Closing Remarks

16:00 Close of Conference
back to top

Copyright © Lyonsdown Ltd. 2018. All rights reserved. TEISS® is a registered trademark of Lyonsdown Limited.