Taking a joined-up national response to secure technology, data and networks

9:00 am -

Coffee and registration in the exhibition area

9:40 am - 9:45 am

Chairman’s opening remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum

9:40 am - 9:45 am

Chairman’s opening remarks

Scott Sammons
Information and Records Management Society (IRMS)

9:45 am - 10:15 am

Opening keynote: A look at the evolving nature of the cyber threat

  • Communication – A look at the disconnect between the CISO and the board
  • An analysis of the changing face of the cyber threat over the past 5 years
  • A look at the geopolitics of cyber security: What have we learnt in 2018 and what can we expect in 2019?
Misha Glenny
Journalist, award-winning writer and broadcaster and leading expert on cyber crime.

9:45 am - 10:10 am

Analysing the latest trends in cyber-attacks – A look at the risk landscape for 2019

  • An in-depth look at the motivations, behaviours, tactics and techniques of the cyber criminal
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat
  • Understanding why AI and machine learning are crucial to your 2019 IT strategy
Hasan Al-Saedy
Professor of Cyber Security
British Institute of Technology

9:45 am - 10:00 am

The first 6 months of GDPR: The view from the ICO

Peter Brown
Group Manager (Technology Policy)
Information Commissioners Office (ICO)

10:00 am - 10:45 am

Panel discussion: A look at the first 6 months of GDPR – Implementation insights

  • Deep dive into the implications of the EU data economy for a long-term GDPR implementation strategy
  • What’s GDPR got to do with a “risk based approach/risk management”
  • Global implications: How GDPR has affected organisations outside of the EU
Jeremy Lilley
Policy Manager - GDPR
Rhiannon Lewis
Senior Region Counsel, Privacy & Data Protection
Stephen Latham
Data Protection Programme Manager
Peter Brown
Group Manager (Technology Policy)
Information Commissioners Office (ICO)
Richard Merrygold
Director of Group Data Protection

10:15 am - 10:45 am

Morning keynote: Safeguarding the nation – The NCSC vision for a more secure Britain

Senior Representative


10:30 am - 10:45 am

National Cyber Security Strategy – The view from the UK Government

10:45 am - 11:15 am

NHS keynote: Cyber security – Responding to the threat to the UK health service

  • What can government, businesses and the NHS do to enhance cyber security?
  • The impact of GDPR and NIS on data security in the NHS
  • What are the predicted cyber security threats to health and care services in 2019 and how are they evolving?
  • The strategic framework for managing cyber at board level
Will Smart
NHS England

10:45 am - 11:00 am

The UK’s approach to GDPR: an international perspective

Rory Munro
Head of Engagement for the EU Exit Data Protection Negotiation Hub
The Department for Digital, Culture, Media & Sport (DCMS)

11:00 am - 11:20 am

GDPR six months later: Top 10 lessons learned in the new privacy era

  • Now that the GDPR is here, what’s next for data privacy?
  • How will regulators assess accountability?
  • Will we see massive fines? And what about ePrivacy Regulation?
  • A look at top predictions and practical advice for an ongoing GDPR program.
David Sinclair
Privacy Solution Consultant

11:15 am - 11:45 am

Morning coffee and networking in the exhibition area

11:20 am - 11:45 am

Morning coffee and networking in the exhibition area

11:45 am - 12:15 pm

Data protection insights: The size of your company does not matter to data thieves

  • Addressing data protection challenges for SMBs as well as enterprises
  • Reducing risk by controlling the data that matters most to your company
  • Implementing a simplified approach to data protection
Kris Lahiri
Co-founder, Vice President of Operations and Chief Security Officer
Jeff Sizemore
Vice President of Governance and Compliance

12:15 pm - 12:40 pm

How DPAs conduct technical investigations: A practical example from the Bavarian DPA

  • Analysing how DPAs select companies and how the Bavarian Data Authority conduct audits
  • A look at the technical equipment and laboratories available to the Bavarian DPA
  • An insight into results and conclusions by the Bavarian DPA
  • Helpful “tips and tricks” on how to deal with DPAs in general
Dorit Buschmann
Department for Cybersecurity and Privacy Engineering
Bavarian Data Protection Authority

12:20 pm - 12:40 pm

The cyber security evolution: Why being ‘secure’ is not enough

  • Uncovering how to raise threat awareness
  • Unlocking the value of your existing IT security investments and continuing to improve your security posture
  • A look at the distinction between being ‘secure’ and ‘safe’
  • How the approach to cyber security needs to evolve to ensure that you are fully remediated against the impact of any future attacks, while allowing for business continuity when they happen
  • Practical advice, using the ‘assess, plan, build, run and improve’ (APBRI) model
Nicholas Griffin
Senior Cyber Security Specialist - Cyber Defence
Elad Sherf
Head of Cyber Defence

12:40 pm - 1:00 pm

The need for an international approach to cyber resilience in an increasingly connected world

  • Financial business has a greater global presence than ever before.
  • Firms must establish, maintain and develop a global risk model that meets the threat faced by each of their businesses.
  • A strong cyber resilience posture is needed across a global marketplace.
  • Firms must build a security culture that protects their business.
  • Firms must work together to defend themselves.
  • Regulatory authorities must work together to promote cohesion across industry sectors and jurisdictional borders.
Robin Jones
Head of Technology, Resilience & Cyber Specialist Supervision
Financial Conduct Authority (FCA)

12:40 pm - 1:00 pm

Understanding your threat landscape and protecting vulnerabilities around data as your core asset

  • Managing the operational risk and technical safeguards that surround your most important asset
  • Reviewing the risks of implementing new technologies notably IoT
  • How to provide assurance when it’s in the cloud
  • Understanding the legal issues surrounding breaches, data privacy and protection

12:40 pm - 1:40 pm

Lunch and networking in the exhibition area

1:00 pm - 2:00 pm

Lunch and networking in the exhibition area

1:29 pm - 1:55 pm

Protecting your data from third party risk

  • Reducing the risk that your data will be lost, corrupted, or misused by implementing robust governance, standards and controls over third party suppliers
  • Developing an effective strategy to mitigate third party risk: What to do

1:40 pm - 2:00 pm

Implementation of GDPR within a unitary local authority: The challenges faced in the first 6 months

  • Leicester City Council and the impact of GDPR
  • An analysis of the key changes required as a unitary local authority needed and the changes made by Leicester City Council
Iain Harrison
Information Governance and Risk Manager
Leicester City Council

2:00 pm - 2:25 pm

The cloud challenge: The changing role of corporate IT Security teams

  • Cloud computing brings advantages and challenges to the IT Security team. A good cloud computing service provider lifts the burden of a lot of routine cyber hygiene actions. But you cannot outsource liability – you still have to take care!
  • A look at how careful consideration is needed to make sure that the system owner is clear about the remaining responsibilities for security patching and vulnerability management: not all cloud options have the same ITSEC implications
  • Analysing why the cloud service needs to be set up to perform when bad things happen


Ken Ducatel
Director, DG DIGIT
European Commission

2:00 pm - 2:30 pm

”How to DPO like a boss” – Integrating the role of the DPO into your business

  • Who should be the DPO?
  • Understanding the duties, obligations and liabilities of the DPO
  • Elevating the role within the organisation
  • Creating an effective reporting structure; ensuring all privacy risks (including data breaches) are reported to the DPO immediately to facilitate an effective and adequate response
Samantha Simms
Senior Principal and Founder
The Information Collective

2:25 pm - 2:55 pm

Management view from the board – A case study by HSE

  • Protecting and exploiting precious assets
  • Leading the way – governance and culture
  • Understanding the landscape: Threats, vulnerabilities and actions
  • Management information and assurance
  • Legal and regulatory responsibilities
  • Stimulating innovation
Martin Temple
HSE (Health and Safety Executive)

2:30 pm - 2:55 pm

Understanding what a good data compliance culture looks like

  • Investing in a programme of staff training and making the case for greater investment
  • Creating awareness of data protection and its significance to your organisation
  • Addressing internal risk factors and what measures should be taken to avoid internal data breaches
  • Raising awareness among your organisation’s management to set the appropriate ‘tone from the top’
  • Identifying the personal information your organisation holds about employees, customers and suppliers and the level of risk associated
  • Checking your use of data is compliant and overcome misinformation concerning the requirement for consent
Brian Shorten
Charities Security Forum

2:55 pm - 3:20 pm

A look at the importance of content protection and content security from the perspective of the film and TV industries and what other industries can learn

  • Looking at acts of content piracy as a prelude to future major cyber security issues within the entertainment industry
  • Understanding the different types of content piracy threats
  • Addressing the need for proactive content security to counter threats
  • What are the most popular and most effective content protection strategies?
  • De-bunking the myths about pirates and anti-piracy when it comes to content protection and content security
  • Content protection as a business intelligence tool and getting the right return on investment when implementing anti-piracy remedies.
Pascal Hetzscholdt
Director of Content Protection for Europe and Africa
21st Century Fox

2:55 pm - 3:30 pm

Afternoon tea and networking in the exhibition area

3:20 pm - 3:50 pm

Afternoon tea and networking in the exhibition area

3:30 pm - 3:55 pm

Data mapping: What needs to be done to comply with GDPR

  • Maintaining accountability of the data for the full data life cycle
  • Providing evidence that your data is protected in its full cycle and kept in adherence to the rules of GDPR to submit to the regulatory and supervising authorities
  • Understanding consent under GDPR – assessing your current consent procedures
Rowenna Fielding
Data Protection Lead

3:50 pm - 4:00 pm

Tussell’s analysis of trends in public sector cybersecurity contracting

  • A look at the biggest contracts
  • Who are the most active buyers and suppliers
  • What are the most valuable contracts due to expire in the near future


Gus Tugendhat

3:55 pm - 4:20 pm

Using ISO 27001 to achieve GDPR compliance

  • Implementing ISO 27001 Information Security Management System (ISMS) within your organisation
  • Putting processes in place that protect all information assets, not just customer information or information that is stored electronically
  • Setting a realistic scope to improve the chances of success
Bridget Kenyon
Global CISO
Thales eSecurity

4:00 pm - 4:30 pm

Security regulation – An outcome-focused approach to cyber risk exposure

  • Evidencing effective security plans and regimes that address the risks that effect the most important assets
  • Getting the best value from intelligence
  • What is it like to have outcome based as opposed to forced based regulations?
  • Understanding and addressing supply chain risk: Are you at risk from your own suppliers?
Tom Parkhouse
Head of Nuclear Cyber Security Regulation
‎Office for Nuclear Regulation
Sarabjit Purewal
Principal Specialist Inspector

4:20 pm - 4:40 pm

What are the risks of IoT to your organisation?

  • Effectively detecting automated bot attacks as newer and more sophisticated generations of bots are getting launched by attackers
  • How will consumer data be used and by whom? – The issue of privacy
  • Software security and privacy of IoT and mobile devices in the workplace
  • Implementing regular training to your staff to ensure they are able to spot attacks when they happen
  • Understanding the challenges associated with managing and keeping secure the expanding network of connected devices
  • Warning indicators that could set off a red flag
  • Preventing and recovering from serious attacks, protecting private and confidential data, and the emerging dangers that organisations face

4:30 pm - 4:50 pm

Utilising AI effectively to stay ahead of cyber security threats

  • Is AI the ‘saviour’ it is made out to be?
  • Using AI and machine learning to detect threats: Pipe dream or the future of combating cyber security threats?
  • Harnessing AI to be in the position of planning forward strategically to counter future cyber risks, not reacting to the past.
  • Discover how AI will shape the future of cyber security (in terms of both cyber defence and cyber offence) and will it replace cyber security experts?
Charles Fox
Security Lead
Digital Catapult

4:50 pm - 5:00 pm

Chairman’s closing remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum

Check back regularly for further updates for the 2018 show.  For speaker and content enquires please contact [email protected] 

If you would like to sponsor the 2018 Summit please click here, email [email protected] or call 020 3770 6546.