Registration and Networking
Chair's opening address

Security in 2024

  • The changing face of cyber crime: 2024 cyber threats and new methods to protect against them
  • The risks and costs of cybercrime to businesses
  • Cyber skills: The importance of education and hiring the right people
  • Outlooks on AI & IOT
Software Supply Chain Security and a Spherical Chicken in a Vacuum

Imagine a chicken in a vacuum, perfectly spherical. Physicists use this joke to describe the effects of simplifying external factors. Removing them may make a problem easier to solve, but the solution has to work in the real world. The goal for a physicist is to build a model of the real world which works to solve the problem it was designed to address.
So, how does this relate to software supply chain security?    
Discussions around how to secure the supply chain often overlook real-world practicalities, instead considering an ideal world. But oversimplification can lead to oversight. Or worse, tedious manual work no reasonable developer would agree to undertake. Chickens aren't spherical and don't exist in vacuums. And software supply chains operate in complex, real-world environments. By focusing on these critical external factors, we can build a realistic software supply chain security program. One that will work for the real world - without requiring placing any spherical chicken in a vacuum.

 Join Grant Robertson as he discusses the realities of software supply chains. As well as the practicalities of how to secure them. In this talk, he will discuss: 
• How to practically address software supply chain vulnerabilities through automation,    
• How to navigate the legislation and regulations landscape,     
• How to think like a physicist and focus on addressing the key elements of software supply chain risk.

Beyond Machine Learning: Cybersecurity in the era of Generative AI

Sam Hector

IBM are spearheading the enterprise adoption of trustworthy AI. With the emergence of Foundation Models, cybersecurity strategies must adapt. These models not only present a new attack surface, but also offer innovative defensive opportunities. This talk will discuss the cutting-edge of security AI today, and future enhancements that promise to fortify security operations and bolster resilience.

How to train your dragon

Daniel Selman

In this session Daniel will explore the challenges of implementing a successful Data Protection Programme, how you identify what needs to be done and gain the support of leadership and the organisation to deliver the necessary changes.

Is SASE the future of distributed security?

William Holmes

The ever-expanding attack surface is giving rise to more complexity, operational cost and loss of data
through successful attacks on UK PLC. Will Secure Access Service Edge (SASE) provide that often allusive
single-pane control to enable us to better secure and manage our data across all our disparate edges?

Cyber Security in Outer Space: The Final Frontier?

Amanda Crossley

A quick introduction into cyber security in outer space before flying off to discuss what is happening within this increasingly expanding industry and why we should all look up to the stars more.

Developing Cyber Capability Within Your Organisation.

Amanda Finch

This session will explore means of growing your teams, and how to develop your people to ultimately retain talent and develop cyber capability throughout your organisation. Amanda Finch, CEO of the Chartered Institute of Information Security will talk through the CIISec Skills Framework to show you what you need to do to get to where you want to be, and how to harness your skills to create opportunities and empower other people in your organisations.
Key takeaways:

• Learn how to build your teams capability with your organisation
• Understand how to retain talent
• Learn more about how to create opportunities to empower employees to build their skills
• Hear about the CIISec Skills Framework in more depth from our CEO, Amanda Finch

You can’t stop what you can’t see. Prepare yourself for now and the future.

John Wilkinson

Year after year, cyber security teams made considerable strides forward with technology and individual
capabilities. Today, we are more interconnected than where data is accessible and stored everywhere and
anywhere. Still, we have some of the most talented individuals protecting our organizations from attack, so
what could be the problem? Well, you can’t stop what you can’t see.
Join our session, where we will take you through a ransomware attack in under 5 minutes and show you
both perspectives – the attackers and the victims. Come away with a complete understanding of how to
effectively prevent future occurrences by having a solution that can unravel the steps carried out by the
advanced attack and show you how to prevent them from occurring in the first place.

Coffee and Networking
Choose from one of three Seminar Sessions

Click HERE to view stream options

Lunch and networking
Choose from one of three Seminar Sessions

Click HERE to view stream options

Chairs opening address

Colonel (Retd) John Doody FBCS FCMI CITP IISP MIOD

Outrunning the Grizzly - Reducing your attack surface

Marc Lueck

The discussion today revolves around that ancient joke - how fast do you have to run to outrun a grizzly? Only faster than someone else! Attack surface is much the same argument. By reducing your external and internal attack surfaces, we can reduce our exposure to attacks who will likely pick easier targets. This means we are no longer playing the attacker's game.

Why Cyber Security Fundamentals Are So Critical

When we think about IT security and threat actors, we might imagine highly skilled IT experts that run complex and sophisticated attacks to break into computer networks. What many people don’t know is that many of the most notorious breaches are due to a neglect in fundamental cyber hygiene. In this presentation we will shed light on how unified endpoint management platforms such as NinjaOne help you to manage the fundamental aspects of cyber security in an efficient way. IT teams from mid-market companies can free up time by simplifying and automating fundamental but critical device hardening and focus their attention more on strategic and high impact projects in the realm of cyber security and elsewhere

It's more than phishing - how to supercharge your security awareness program

Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple.

In this session, Javvad Malik, Lead Security Awareness Advocate for KnowBe4, will explain how to take your security awareness to the next level and prevent it from going stale. Changing behaviours and creating a culture of security can only be achieved by adopting the right mindset and techniques.

In this session you will learn:
● Why you need to brand the security department the right way
● The psychological approach to getting your message across
● Practical advice on building a strong security culture

In the moment nudges – What? How? Applying nudge theory to awareness

Lucy Finlay

What would it be like to be “there”, just when you were needed, to offer a tap on the shoulder and steer your colleagues in the right direction when they were about to do something risky? Click a link, plug in a USB, upload a file, and give away their credentials…? This takes nudge theory to its logical conclusion – timely, in the moment and even measurable. In this talk, Lucy will touch on why we should be looking at nudge theory, what makes a good nudge and why, how to run a campaign to steer behaviours, and the potential impact this approach can have. Lucy will share her 8+ years as a practitioner offering some takeaways on how to apply nudge theory, behavioural and learning science to your awareness campaigns as you build up towards real-time nudges.

Risky Business - The prejudices and pitfalls of cyber risk planning.

Jonathan Mattey

A talk on the psychological considerations required when assessing the likelihood and impact of cyber risk, how to avoid common fallacies associated with qualitative assessments, and using financial quantification to more effectively reduce business uncertainty and improve board communication.

How much trust is too much trust? The rise of the super malicious user

Sarah Armstrong-Smith

In this session, Sarah Armstrong-Smith will examine the people inside your very own organisation that know how to exploit all the loopholes in your IT and business processes, and how to counteract it 

Risk Prioritisation and the Evolution of Pen Testing

Rahim Jina

Finding and fixing vulnerabilities can be seen as one of the basic tenants of a modern security function. While supposedly basic, given the ever-increasing frequency of data breaches, managing vulnerabilities across an organisation is far from straightforward. How organisations approach vulnerability management and penetration testing in the past simply does not work with today’s technology stack and development methodologies.

Organisations face a minefield of vulnerabilities with limited resources, where does one even start! We delve into risk prioritisation, with a focus on more practical metrics such as exploitability and also explore vulnerability triaging. We look at why metrics of the past may have meant that we have been focusing on and fixing the wrong issues.

Coffee and Networking
Live ‘Fireside Chat’ Q&A with Dara O Briain



Chairs Closing Remarks

Colonel (Retd) John Doody FBCS FCMI CITP IISP MIOD