Security awareness too often becomes background noise. Posters fade into the walls, mandatory training is completed and forgotten, and the behaviours you hoped to influence remain unchanged. For many teams, this leads to a familiar frustration: plenty of effort invested, but how confident are you that anything has shifted? This session focuses on practical ways to move beyond compliance and embed better security habits into everyday work. Drawing on behavioural science and models such as MINDSPACE, we will explore how small, well-designed nudges can influence decisions at the moments that matter, without adding more training or increasing fatigue.

These are techniques grounded in how organisations really function, rather than abstract theory. Changing behaviour is only half the story. Being able to demonstrate that change has taken place is just as important. We will examine ways to measure impact that go beyond surface-level metrics and stand up to scrutiny from senior leadership and the board.

The emphasis is on evidence that feels meaningful and credible. If you are responsible for security awareness and feel your current approach is not getting the traction it should, this session offers a clear and practical way forward. You will leave with ideas you can apply quickly, greater confidence in how to influence behaviour, and a clearer sense of how to build changes that last.

What happens when a cartoon company embraces AI without thinking it through? Road Runner hacks ACME, and everything goes up in smoke. In this fast-paced, story-driven talk,

Glenn explores the real security risks facing organisations using GenAI and large language models, told through the absurd but oddly familiar lens of ACME’s AI transformation. The session blends humour, visual storytelling, and technical clarity to show what can go wrong when teams rush into GenAI without understanding the risks. Fun story. Serious risks.

Identity threats now span humans, AI agents, and service accounts. This blueprint covers the four pillars protecting human identities (ISPM, ITDR, IGA, PAM) and how the same principles apply to non-human identities. Discover how unified governance reduces MTTR, improves audit readiness, and transforms identity from compliance checkbox to active defense.

Compliance shouldn’t feel like speed dating for security standards, yet most organisations are juggling ISO 27001, Cyber Essentials, NIST, SOC 2, PCI, and whatever new acronym appeared last Tuesday. The result? Confusion, duplicated effort, and a security team quietly questioning their life choices. In this talk, we cut through the chaos. I’ll show you how all these standards overlap far more than they admit, how to stop treating them like Pokémon you have to collect, and how choosing one well designed framework can simplify everything. You’ll leave with a clear, practical method for mapping requirements, reducing workload, and building a security baseline that actually works, without needing a second coffee just to read the guidance.

From Script Kiddie to Cyber Kingpin: How do we break the cycle of teenage cybercrime?

"In this keynote, Tidy deconstructs the alarming evolution from adolescent ""script kiddie"" antics to high-stakes cyber racketeering. Using the infamous Vastaamo hack and the conviction of Julius Kivimäki as a primary case study, he examines the psychological and systemic triggers that fuel this progression.

Attendees will gain a deeper understanding of:

• The transition points where hobbyist hacking turns into serious criminality.

• The societal and security failures that allow these cycles to persist. • Actionable insights on how to intervene and disrupt the ""predictable"" path to cyber-extortion."

If your compliance team is being asked to do more with less, you’re not the only ones strategizing a better way to achieve your compliance goals. Although 99% of organizations agree that consolidating their audits would save time or money according to A-LIGN's 2026 Compliance Benchmark Report, they’re just not sure where to begin. According to the report, 27% of organizations don’t know how to start the process, and 24% cite limited time as a major obstacle. Join us to explore the audit harmonization process and how it can help your organization drive efficiencies across audit cycles.

We talk about human risk all the time. It shows up in breach reports, board slides and strategy decks. We say people are the biggest vulnerability in cybersecurity. But if that is true, why is the human side so often the least invested?

In many organisations, compliance becomes the goal. Annual training is delivered. A phishing simulation is run. A dashboard is updated. Box ticked. Job done. But compliance is a baseline, not a strategy.

It keeps you out of trouble. It does not build culture. At the same time, we place huge trust in tooling and vendor promises. We automate. We measure. We buy platforms that claim to “solve” human risk, while the real work, communication, trust, clarity and empathy, is often left to a single awareness practitioner trying to influence thousands with limited support. That is the blind spot. This session challenges leaders to rethink how they resource and value the human layer of security. It is a call to move beyond compliance and stop outsourcing responsibility to tools. Security culture requires better communication, stronger storytelling, more empathy and a little more marketing mindset inside our teams. If human risk is real, then engaging humans properly has to be real too.

Attackers no longer hack the vault—they exploit the trust surrounding it. This session explores the revival of traditional deception techniques, now enhanced by modern identity systems and intricate third-party ecosystems. By examining how adversaries target the "cash cow" through people, partners, and misplaced trust, it challenges conventional security thinking and reframes cyber defense around resilience rather than prevention.

Traditional backup is no longer enough; in an era of aggressive ransomware, organisations need rapid recovery and absolute confidence. In this session, Druva explores the critical shift from legacy backup to true cyber resilience. We can demonstrate why on-premise tools struggle to protect modern hybrid environments and how a 100% SaaS, cloud-native approach eliminates hardware complexity while ensuring immutable, air-gapped security. Discover how to unify protection across cloud workloads, SaaS applications like Microsoft 365, endpoints, and data centres- empowering your team to focus less on managing infrastructure and more on delivering clean, rapid recovery when it matters most.

Why do so many cybersecurity and technology transformation programmes fail? Not because of the tools. Not because of the people. But because change isn’t managed properly.

Cyber transformation is rarely a technology problem. It’s a change management challenge. In this high-energy keynote, Gurps Khaira draws a powerful and unexpected parallel between fitness modelling and implementing cyber technologies and large-scale transformation programmes through disciplined, structured change. Just as real physical results aren’t built through crash diets, sustainable cyber change isn’t delivered through one-off training sessions, policies, or awareness campaigns. Lasting transformation comes from clear direction, consistent leadership, structured frameworks, and repeatable routines. Blending lessons from the gym, global banking, and complex enterprise change programmes, this keynote introduces Gurps’ 4D Delivery Discipline: Decide, Define, Do, Done, a practical approach that helps leaders move from intent to execution, embed new ways of working, and sustain momentum across cyber and technology initiatives.

Packed with humour, real-world stories, and practical takeaways, this keynote treats cyber transformation like a training programme, building stronger habits, disciplined execution, and measurable results one rep at a time. Gurps will also surprise attendees with a ready-to-use toolkit of proven tools and templates to help them stay on track, measure progress, and deliver results long after the session ends.

!