Programme:

08:30
Registration - coffee - networking
09:00
Chair's opening address
  • Security in Europe 2017: legislation, data protection and cyber threats
  • The growing risks and costs of cybercrime to businesses
  • The importance of cyber skills and strategies
09:05
Reducing business vulnerability to cybercrime

Rob Wainwright

In this Keynote presentation Rob Wainwright will discuss how the role of the European Cyber Crime Centre provides a platform for national agencies to cooperate on cross-border investigations.

09:25
“The future impact of AI in cybercrime”

The risks from the digital era have changed; intellectual property and financial theft have been a frustration, but we should now expect attacks on enterprise physical assets as well as the deliberate undermining of data-driven strategic decisions aimed to cause damage in the long term. AI and machine learning developments offer new opportunities for resilience across the whole digital business but will how will these same developments by used by digital criminals?

09:40
Our future digital world: Held Hostage

Raj Samani

Focusing on the emerging growth of ransomware, and the growth of IoT.  What are the issues we are likely to face without security and privacy controls to govern the use of such devices.

10:00
“The Internet of Theft – IOT & Swimming in the Tsunami of Data - Industry Trends and disrupting the adversary

A look back at security developments over the course of the year serves an important purpose for those charged with shaping enterprise security responses and strategies. In the wake of the significant breaches during 2016 and the ever changing threat landscape, we at Hewlett Packard Enterprise Security believe it’s even more important than ever that our cyber security research continues to provide an elevated perspective on the overall trends in the marketplace. Tim and ex CIO and CISO himself, highlights some of the key findings from the Ponemon Global Costs of Cyber Crime,  HPE 2016 Cyber Risk Report & State of Security Operations Report 2017 and gives a unique perspective on how to fight the bad guys based on his own experiences when he was in the seat.

Tim also focus on the Business of Hacking and how the adversary is becoming more specialized and focused to steal enterprises critical assets as well as touching on how the New EU GDPR impacts organizations in Europe and what CIOs and CISOs need to do to prepare for the new regulations. What the regulations are; how they can affect you; how to gain buy in from your senior management; legal implications; and, how to address the compliancy challenge.  The emphasis will be on how GDPR can help rather than hinder; and included in this session will be guidance on what steps to take and advice on what a roadmap to ‘GDPR Effectiveness’ could look like.

10:15
Coffee and networking
10:45
The art of detection, in a world of crime that hides in plain sight.

Most of the time, attackers are able to roam around unnoticed. The art to hiding in plain sight isn't a matter of trying to be completely invisible, but inconspicuous. If you hide yourself within billions of pieces of data, it will help you blend in as well as any camouflage. As a defender having the capability to connect the dots, being able to analyze this diverse set of information of discrete data allowing us to build the picture and reveal where the malicious infrastructure is hidden and where the attacks are staged. This turns the table of your traditional security with a new approach where the defender takes the upper hand on the attacker, being able to pivot through the criminal infrastructure.

                                                                        

11:00
Responding to the UK Government’s National Cyber Security Strategy

Cyber security is one of the greatest threats to business around the world. The global cost of crime in this area is $445bn, according to the World Economic Forum’s 2016 Global Risks Report.

As the attack surface grows, the Government’s National Cyber Security Strategy has set out plans to make the UK more secure and resilient. Doubling its funding commitment to £1.9bn, the strategy outlines how the UK will safeguard citizens and businesses against growing cyber threats.

This panel will discuss the principles of this strategy, asking to what extent its aims can be achieved, including:

  • Using automated defences to support the UK’s security industry
  • The skills shortage: What can be done?
  • The attack surface: Which type of business is most at risk?
  • Legacy IT and the risks
  • Is it really possible to deter cyber criminals as the Government suggests?
  • The importance of partnerships with industry and academia 
11:35
"Let’s play a game"

Cal Leeming

"Cal Leeming and Darren Martyn provide a unique insight into the underground world of hacking, looking at commoditisation of cyber crime and the culture/ecosystem that it exists within.

Cal is a security advisor and the UKs youngest convicted hacker.

Darren is a security engineer and previously arrested for his involvement with hacking group LulzSec in 2011.

There’s also a fun surprise at the end. :)"

12:00
Lunch and networking
13:00
Stream Sessions

Choice from three seminars can be found HERE

14:00
Chairs Opening Address
14:05
Shaping the future of Application Security

In an ideal world, security involvement should start early in the Agile process (e.g. part of the initial Portfolio Kanban) when decisions on product design are being made. Application security team should also be important part of release planning (e.g. SAFe) and fully aware of all the key events throughout the process. As this might be possible for some large organisations, small and medium-sized businesses are usually struggling with resources and lack of necessary security skill-set to provide valuable input into these patterns of core software development stages. 

When developing an MVP (Minimum Viable Product) it is crucial that proper security assessments are conducted regardless of the customer set that it will be tested with and all the findings are remediated properly prior to release. One of the ways to cope with modern challenges is by adopting crowdsourced approach. This enables extremely flexible methodologies with endless skill-set pools to integrate into various stages of SDLC cycle (awareness, design review, source code analysis, threat modelling, penetration testing, risk workflow tracking etc.) in order to cope with today's ever-evolving threats.

As the author has been involved into all of the mentioned agile phases and processes from two, completely different perspectives (as a CISO and as a crowdsourced security researcher). Experiences will be shared and various questions and theories discussed about future of application security and how to address ever-evolving threats in the field..


Some of the key topics:

-    Early Delivery Security Challenges
-    Cyber Security Economics
-    Internal Process Posture Analysis
-    Getting business lines engaged
-    Why‘s and How’s of crowdsourcing and Agile
-    Key real-life takeaways from crowdsourcing experience
-    Future of secure software development 

14:15
The Enemy Within: Detecting and Mitigating Insider Threats

Ransomware is both scourge and savior. While it’s not typically considered an insider threat, it acts from the inside, using insider identities, encrypting files these insiders have access to on endpoints and file shares. Learn how organizations are using ransomware to identify and confront vulnerabilities that expose them to rogue employees, abusive administrators, and hackers.

Learn about how ransomware might actually save you from other insider threats, like rogue employees, abusive administrators, hijacked accounts, and hackers.

14:30
GDPR: The Little Things That Matter...

No. Not yet another GDPR presentation... Worry not! This session will examine real trends and hot topics that are not often highlighted when thinking of the GDPR, whilst busting some myths in the process... Considered Data Quality? Or the implications of the e-Privacy directive? Or why you should really be looking at the Recitals? Or the implications of increased use of Artificial Intelligence? Or the way you communicate in the enterprise? Or why DPOs are really superhuman? And just don’t get me started on consent...

14:50
'Machine learning and the Insider Threat’

Join us for the latest ZoneFox thinking for insights around

  • Why machine learning has taken centre stage in 2017 (what it promises and whether it can deliver)
  • Do you really need machine learning to protect sensitive data? (how machine learning works - it’s capabilities and limitations)
  • SIEM, DLP and the 'old ways' - are they enough?
  • What a good machine learning solution needs to be able to do to support your security posture and defend against threats

The future of machine learning as the threat landscape evolves faster than we can keep up  

15:15
Defending Your Organisation Outside The Firewall

In the age of digital channels, Enterprises are continually growing their digital footprint; public facing digital assets including websites, mobile apps and social media accounts. Attackers have noticed this and instead of direct attacks on heavily protected networks, they look for elements of the digital footprint that are easy to impersonate or less secure and easier to breach.

Securing these assets and defending the brand in the vastness of the internet represent some of the biggest challenges faced by security teams today. This session will look at these issues in more detail and offer practical steps to addressing them.

15:40
Coffee and networking
16:10
Solving the Cyber Security Skills Challenge

Advertised cyber security jobs in Britain have risen 32% in just two years. Yet the number of candidates is failing to keep pace. This is a gap that potentially puts your business at even greater risk of a cyber attack. 

Hear how organisations are turning to on-demand learning platforms to to close their technology and security skills gap and develop their incumbent talent pool.  Discover the practical steps you can take to address this challenge and protect your organisation from the hackers!

16:25
NIS, GDPR and Cyber Security: Convergence of cyber and compliance risk

•                Today's cyber threat environment

•                Key requirements for General Data Protection Regulation (GDPR) compliance, data breaches and notifications

•                The technical and organisational measures that organisations need to adopt to comply with The Network and Infrastructure Directive

•                Cyber resilience, the role of international standards and the Cyber Essentials scheme

16:40
Event close

Supported by: