Close
REGISTER NOW
See Who's Attending

Agenda

10th November 2021

9:20 am
Chairs Opening Remarks
Phil Cracknell
Phil Cracknell
Breach Specialist and CISO
Confirmed
9:30 am
Prepare, Respond and Recover: Managing Risk and Business Continuity in the Public Sector

Cyber resilience is more than about securing technology. It encompasses preparedness for risks, continuous efforts to deter and defend against cyber-attacks, and remediating from crises.  Our panel session explores:

  • Government guidance, tools and resources to identify, mitigate and manage risks 
  • Implementing preventative measures which take account of services, people, technologies and processes 
  • Responding to cyber incidents through immediate and long term remedial actions 
  • Business continuity management and recovery mechanisms to lessen disruptions and maintain critical services 
  • Raising the profile of cyber security at strategic levels to ensure it is given high recognition, focus and resources
Geoff Connell
Geoff Connell
Director of IMT & Chief Digital Officer
Norfolk County Council
Confirmed
Pete Cooper
Pete Cooper
Deputy Director for Cyber Defence
Cabinet Office
Confirmed
10:00 am
Developing the Cyber Security Profession

According to the Department for Digital, Culture, Media & Sport, 37% of all vacancies for cyber roles have been hard-to-fill with many businesses struggling to recruit employees with the necessary technical skills. The sector has made strides in diversity; the NCSC published its ‘Decrypting Diversity’ report in 2020 to benchmark and track levels of diversity and inclusion states that “improving diversity and inclusion will be crucial to the cyber security industry’s ability to address its well-documented skills gap.” Hear from industry insiders about: 

  • Building a talent pipeline that reflects the diversity of Britain 
  • Upskilling, measuring and improving cyber resilience with hands-on training for existing employees 
  • Benefiting from a more distributed workforce 
  • Non-traditional routes into the cyber security profession 
  • Standards and certifications, including the newly set up UK Cyber Security Council’s role and how it aims to become the ‘voice of the profession’ 
Dr Claudia Natanson
Dr Claudia Natanson
Chair
UK Cyber Security Council
Confirmed
10:20 am
Break, Virtual Exhibition Networking and Live Delegate Meet Ups 
Fireside Chat

During this break why not join one of our Fireside Chats & Roundtables

Our fireside chats and roundtable sessions are open to all attendees. The sessions will allow attendees to drive their own learning and share experiences with others on a number of different subject areas

Digital Identity and Government

This talk will consider the key aspects of a good online identity scheme: 

  • The purpose of a scheme 
  • Who is it for and ease of use 
  • How strong identity assurance needs to be to meet the purpose 
  • Who will pay for it, own the liability and offer redress  
  • Interoperability, sharing and updating identity  
Dr Louise Bennett
Dr Louise Bennett
Director, Digital Policy Alliance
Co-Chair of the Privacy and Consumer Advisory Group
Confirmed
10:40 am
How the National Cyber Security Centre is Tackling Emerging Threats

Exploring ways in which the National Cyber Security Centre is leading the response to the Covid19 pandemic, building a resilient nation, proactively engaging and partnering with key public sector bodies and driving cyber skills and innovation.

Ian McCormack
Ian McCormack
Deputy Director for National Resilience & Strategy
National Cyber Security Centre (NCSC)
Confirmed
11:00 am
Navigating the Ransomware “perfect storm” with a Deep Learning-Driven Prevention First Approach

Public sector organizations face challenging times:

  • 57% see unknown malware as the primary factor limiting threat prevention
  • Over 50% quote the sheer volume of unknown malware as the biggest barrier to detection
  • 24.4 hours is the average time to respond to a security incident – over 3 working days
  • Traditional AV technologies missed nearly 75% of Q1 2021 malware
  • Critical infrastructure, healthcare and government offices are seen as high impact targets

This session looks at ways to address this “perfect storm” of increasing attack volumes, expanded threat vectors and a targeted focus on public sector bodies. It highlights the opportunities deep learning brings to prevent ransomware and other malware in <20 ms, before an attacker can gain persistence.

Cyril Goonan
Cyril Goonan
Regional Sales Manager
Deep Instinct
Confirmed
Justin Vaughan-Brown
Justin Vaughan-Brown
VP Product Marketing
Deep Instinct
Confirmed
Matt Logan
Matt Logan
Cyber Security Sales Engineer
Deep Instinct
Confirmed
11:20 am
Protecting the Physical and Digitally Engineered World

The session will show the range of malicious threats facing the public and private sectors and the vulnerabilities of initiatives such as Building Information Modelling (BIM), Open Data and Smart City/Connected Places that can be mitigated by forethought and proportionate countermeasures that enable rather than inhibit the desired innovation. 

 The Centre for the Protection of National Infrastructure (CPNI) is the UK Government’s National Technical Authority for Physical and Personnel protective security advice.  CPNI are part of the National Security apparatus and they have a long history of providing advice on securing critical infrastructure, sensitive technologies, digital engineering, open data initiatives, advanced manufacturing processes, automotive and intelligent transport system security and managing the security of smart city initiatives. 

Head of Physical Security
Head of Physical Security
CPNI
Confirmed
11:50 am
Seminar Announcement
Phil Cracknell
Phil Cracknell
Breach Specialist and CISO
Confirmed
11:55 pm
BeyondTrust
Tenable
2022: Privilege Access Management Realities for the Public Sector 

Public Sector organizations planning for 2022 are looking, more than ever, to embrace their new normal. A significant element of that is to ensure that the changes made over the past year or so didn’t send them one step forward and two steps back in terms of security, compliance and usability. We have found that many Public Sector organizations are reviewing security gaps and identifying improvements that can be implemented to their technology and processes to achieve a more unified, secure security status moving forward.  

The security threats that were apparent a couple of years ago have not changed or gone away. If anything, the attack surface that Privilege Access Management (PAM) tools help secure has become even larger. Threats are more difficult than ever for organizations to manage with native tools, and the traditional desktop and server estate has become a thing of the past. 

Join this session to learn how Secure Remote Access and Privilege Management solutions can be implemented to solve PAM challenges quickly, across entire estates. You will also find out how to provide your users (and third parties) with a secure, compliant platform from which to work remotely – via an on-premises or SaaS deployment – in just weeks, not months or years. 

Max Berg
Max Berg
Senior Solutions Engineer
BeyondTrust
Confirmed
Active Directory Security: Why Do We Fail and What Do Admins and Auditors Miss?

Everyone knows Active Directory (AD). It is a seasoned IAM, not to mention one that nearly every organization in the world uses. As AD is responsible for controlling access to most corporate assets, it is the target of most attacks. After 20 years of being overlooked, Active Directory is riddled with vulnerabilities. In this security workshop, a 16x Microsoft MVP will give you direct actions that you can take to reduce your AD security risk.

  • Learn where threats against AD originate
  • Understand why there are so many vulnerabilities in AD
  • Master the rules of Active Directory security
  • Discover how to detect specific AD attacks used by ransomware
  • Define what steps to take to reduce AD security risk
Sylvain Cortes
Sylvain Cortes
Security Strategist
Tenable
Confirmed
12:40 pm
Break, Virtual Exhibition Networking and Live Delegate Meet Ups 
Fireside Chat

During this break why not join one of our Fireside Chats & Roundtables 

Our fireside chats and roundtable sessions are open to all attendees. The sessions will allow attendees to drive their own learning and share experiences with others on a number of different subject areas

Industrial Control Systems and Emerging Technologies
  • Risks from cybersecurity to safety and security of supply critical to national infrastructure 
  • Issues for managing risks from cybersecurity: proportionality, managing supply chain, creating the right culture, incident management and recovery 
  • Emerging applications using machine learning in safety applications 
  • Identifying and managing risks: determining ‘trustworthiness’ 
Sarabjit Purewal
Sarabjit Purewal
Cyber Security and Emerging Technology Lead
Health and Safety Executive (HSE)
Confirmed
1:40 pm
Cybereason
OneTrust
ThinkCyber
Revil: Pick Your Path
  • Todays Ransomware actors are operating to devastating effect as evidenced by the Colonial Pipeline and JBS attacks, showing that a successful attack can disrupt any business
  • We will work your organization through the steps and effects of the REVIL ransomware attack as it if were on your infrastructure
  • Learn how these attacks can be identified, mitigated and stopped
Adrian Culley
Adrian Culley
Senior Sales Engineer
Cybereason UK Ltd
Confirmed
How Good IT Asset and Risk Management Can Protect You From Ransomware

IT complexity is rapidly increasing as organizations continually adopt new tools and technology.  While IT assets are a necessity to increase productivity and performance, they can become hard to keep track of, resulting in IT security vulnerabilities for enterprises. ​

Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes, and ransomware is the latest hot topic due to recent highly publicized attacks in the US.  In this session, we’ll use the Colonial Pipeline as a case study.  Discussing what went wrong to understand how you can improve your IT asset and risk management practices to proactively protect your organization from ransomware. ​

KEY TAKEAWAYS:

  • Analyse tactics to strengthen IT asset management as well as risk & controls management.​
  • Discuss considerations for assurance over third-party risk.​
  • Review how technology can help you mature your IT asset and risk management programs​
Chris Cassell
Chris Cassell
Solutions Engineer
OneTrust
Confirmed
Security Awareness Needs to Adapt: A Behavioural Science Perspective

The shift to working from home and then to hybrid working have had a significant impact on security posture. But it’s not just new threats, it’s the change of “context” – who would have thought in 2019 that security awareness training should warn people about being overheard when by your neighbour when working at home!? Traditional awareness, with typical quarterly or yearly content cycles, has been too slow to adapt. Phishing tests risk alienating staff. In this talk, ThinkCyber explores the behavioural science of helping people adapt to changing risk contexts, driving secure behaviours and empowering users to protect themselves against cyber threats that target the human user. This talk will offer real-world examples and ways that all organisations can apply the theories to adapt their approaches.

 

Key Takeaways

  • Changing threats and changing context means approaches to security awareness need to adapt
  • We need to go beyond just awareness and start to drive measurable secure behaviour change
  • Behavioural science theories offer key insights as to how to shape your programme to engage staff and change behaviours
  • Real-world examples and a clear methodology presented in the talk can be applied by any organisation to empower their staff to protect themselves.
Tim Ward
Tim Ward
Director
Think Cyber Security
Confirmed
2:10 pm
Best Practices for Effective Third Party Risk Management

To be compliant with GDPR, organisations must take necessary steps to protect the data in their care, including data that is shared with third parties such as contractors, partners, suppliers and service providers. This session looks at effective strategies for managing third party risks, common gaps in contract management, and maturing your organisation’s security postures. 

Daniel Bagley
Daniel Bagley
Information Security Officer
National Church Institutions of the Church of England
Confirmed
Madi McAllister
Madi McAllister
Information Governance and Data Protection Officer
National Church Institutions of the Church of England
Confirmed
2:40 pm
Cyber Security
DevSecOps
Procurement Approaches to Building and Transforming Cyber Capability
  • What is cyber transformation? 
  • The challenges faced by the public sector 
  • Key benefits 
  • The steps to implementing an effective cyber security transformation
  • Common pitfalls and mitigations 
Elizabeth Giugno
Elizabeth Giugno
Head of Category - Cyber Security
Crown Commercial Service
Confirmed
How DevSecOps Helps Government to be Secure by Design

DevSecOps involves building security as a culture with continuous and flexible collaboration between security and developer teams. For most organisations, DevSecOps does not happen all at once since it is iterative process that relates to a culture of change. We discuss: 

  • Key tools, what they are, how they can be introduced and matured 
  • Building a culture of shared responsibility in software development lifecycle 
  • Automation and building machine capabilities 
  • DevSecOps best practice for continuous improvement
Mahbubul Islam
Mahbubul Islam
Chief Information Security Officer
HM Courts & Tribunals Service (HMCTS)
Confirmed
3:00 pm
Break, Virtual Exhibition & Networking

During this break why not join one of our Fireside Chats & RoundtablesOur fireside chats and roundtable sessions are open to all attendees. The sessions will allow attendees to drive their own learning and share experiences with others on a number of different subject areas 

3:20 pm
Managing and Responding to Cyber Incidents
  • Developing and updating incident plans for better preparedness  
  • Risks of legacy systems amid growing cybersecurity concerns 
  • Technical guidance for analysing, containing/mitigating, remediating and recovering from breaches 
  • Digital forensics analysis and investigations 
  • Legal and regulatory requirements, working with relevant government bodies to navigate data protection during and post-crises 
  • Post-incident reviews and lessons learned 
David Cowan
David Cowan
Head of ICT
Copeland Borough Council
Confirmed
Iain Harrison
Iain Harrison
Information Governance & Risk Manager
Leicester City Council
Confirmed
3:40 pm
Cyber Security
Case Studies
Panel Discussion: Keeping NHS Data Safe
  • Defending against cyberattacks  
  • Protecting sensitive and confidential information such as patient data, healthcare records and IT systems 
  • Security and data protection in health and care services, local authorities, and clinical commissioning groups 
  • The Data Security and Protection Toolkit (DSPT) and Better Security, Better Care programme 
Alex Harris
Alex Harris
Head of NHS and Social Care Cyber Risk
NHSX
Confirmed
Cyber Security - Being Everything New Under the Sun: How Universities Can Nurture Innovation in the Cyber Security Sector

A Cyber Security Ecosystem has evolved across Greater Manchester nurtured and grown through activities without boundaries and across disciplines. At the heart of this are Manchester’s Universities living the Turing legacy bringing innovation to underwrite a bright Digital Future. Professor Danny Dresner will explain:

  • How the Greater Manchester Cyber Foundry has changed cyber security to be a catalyst for growth
  • How the Centre for Digital Trust and Society is bringing people and technology together,
  • How the Digital Innovation Security Hub is set to launch at the centre of the cyber community.
Professor Daniel Dresner
Professor Daniel Dresner
Professor of Cyber Security
University of Manchester
Confirmed
4:00 pm
Securing Innovation and Future Technology
  • Balancing innovation and adoption of emerging technologies with security, risk management, and data protection 
  • Reviewing top use-cases of emerging technologies, including IoT security 
  • Ethical and legal considerations around the use of IoT, AI, Machine Learning 
  • Evaluating the role of the UK as an emerging hub for innovation in technology 
Chris Ensor
Chris Ensor
Deputy Director for Cyber Skills and Growth
National Cyber Security Centre (NCSC)
Confirmed
Neil Sinclair
Neil Sinclair
National Cyber Lead
Police Digital Security Centre
Confirmed
Saj Huq
Saj Huq
Director of Innovation
Plexal
Confirmed
Vivian Dufour
Vivian Dufour
Co-founder
Meterian
Confirmed
4:40 pm
Chairs Closing Remarks and The End Of The Conference
Phil Cracknell
Phil Cracknell
Breach Specialist and CISO
Confirmed