08:00 - 09:15

Registration, Refreshments and Networking

09:15 - 09:20

Cyber Security Summit Chair's Opening Remarks


Peter Loomes, IASME Consortium 

09:15 - 09:45

Opening Keynote - NCSC


Senior Representative, NCSC

09:45 - 10:15

Headline Sponsor

09:55 - 10:00

Data Protection Summit - Chair's Opening Remarks

Catherine Easton

Catherine Easton,  Lancaster University, School of Law 

10:15 - 10:40

Spotlight on Leadership: Championing the Place of Cyber in Strategic Decision Making

  • Moving beyond mitigation by building a whole-team approach to business impact assessments
  • From Customers to the C-Suite – How HSBC has sought to embed and champion a security culture
  • Upholding the role of Cyber in HSBC’s engagement with disruptive transformation and emerging technologies and practices
Speaker Profile Picture - Rory Alsop, Head of Technology & Cyber Risk, HSBC

Rory Alsop, Head of Technology & Cyber Risk, HSBC

10:00 - 10:20

Opening Keynote – Protecting Information Rights in the Age of the Information Economy

  • Measuring maturity: The UK’s Culture of accountability for data protection and working with organisations to explore best practice and best tooling to move from a box ticking approach to a “data protection-first” mindset
  • Evaluating the threats and advantages posed by evolving technologies and working with the pioneers of these technologies to bake data protection in from the start
  • Pursuing stronger relations with the international information rights communities to place the UK at the forefront of global data protection

10:40 - 11:25

Morning Refreshments, Networking and Exhibition

10:20 - 10:40

Headline Sponsor

11:25 - 11:50

Modelling a National Approach to Data-Tight, Privacy-Driven and Threat-Agile Policing

  • In a time where data security is under a microscope, how is the NEP ensuring that forces have access to the right information at the right time?
  • Building Identity Access Management platforms and maintaining public trust in the storage and use of personal data
  • Responding to an ever changing cyber threat landscape through the creation of the National Management Centre designed to future proof police cyber capabilities
Jason Corbishley
Jason Corbishley, Chief Technology Officer, National Enabling Programmes

10:40 - 11:25

Post-GDPR Breach Response: Learning from Breach Scenarios

  • The crucial 72 hours – How have organisations structured their response within the reporting window?
  • How do we define impact and gravity to ensure that responses are measured?
  • What’s the role of the DPO post-breach and what varying approaches can be used to react and respond?

Stewart Room, Partner & President, PwC & National Association of DP and FOI Officers

Adrian Leung, Data Protection Officer, Equifax UK
Adrian Leung, Data Protection Officer, Equifax UK

11:50 - 12:15

Phishing Season: Developing the Right Approach to Socially Engineered Cyber Attacks

  • Building internal awareness through gathered insight into the HMRC tax rebate phishing phenomenon
  • Reducing spoof smashing scams by up to 90% through tag and terminate technology
  • Keeping ahead of the enemy by identifying vulnerable target groups such as students or the elderly
Clarence Odogwu - HMRC - Image
Clarence Odogwu, Chief Security Officer, HM Revenue & Customs

11:25 - 12:15

Morning Refreshments, Networking and Exhibition

12:15 - 13:00

Seminar Session 1

Seminar Session 2

Seminar Session 3

Seminar Session 4

13:00 - 14:00

Lunch, Networking & Exhibition

14:00 - 14:45

Seminar Session 1

Seminar Session 2

Seminar Session 3

Seminar Session 4

14:50 - 15:10

Fostering Cyber Heroes – In-Team and Across the Business

  • Putting the spotlight on soft-skills and reevaluating the role of all staff members in detecting, reporting and communicating cyber-attacks
  • Telling the story of what good looks like in nominating, training, tooling and multiplying Cyber Champions
  • Nurturing champions within your central cyber team and creating direct lines between the technical and non-technical 
Speaker Profile Image - Melanie Oldham
Melania Oldham, CEO & Founder, Bob’s Business & Yorkshire Cyber Security Cluster

14:50 - 15:35

Enabling Data Protection and Use with Privacy Enhancing Technologies

  • The Road towards PETs: How do you decide whether the technology is necessary and which approach is best for you?
  • Can PETs fulfil organisational needs including GDPR compliance and could they create new opportunities for your organisation?
  • The DPO perspective: What’s at stake when using PETs?
  • What’s next? What could regulators do to help/guide PETs adoption?
Natasha McCarthy photo

Dr Natasha McCarthy, Head of Policy – Data, The Royal Society

Francesca Hopwood Road

Francesca Hopwood Road, Head of RegTech and Advanced Analytics, Financial Conduct Authority

Flick March, Cyber Resilience, IBM
Emma Butler, DPO, Yoti

15:10 - 15:25

Sponsor Address

15:35 - 16:05

Afternoon Refreshments, Networking and Exhibition

15:25 - 16:00

Afternoon Refreshments, Networking and Exhibition

16:05 - 16:25

Data Protection and Staff Monitoring: Essentials and Implications

  • Defining monitoring and its legal basis and identifying practical problems in your current monitoring practices
  • The importance of a gap analysis and assessment of your needs before implementing monitoring tools
  • Justifying what you are doing, and gaining stakeholder buy in to build a sustainable monitoring programme
  • Documentation, documentation, documentation: Getting your documentation in place and the difficulties associated with this
Sarah Laws
Sarah Laws, Information Management Specialist, Camden Council

16:00 - 16:20

Recruitment and Retention in an Insecure Security Employment Market

  • Working with comms and HR to attract the right talent and bake security into the image of your company.
  • Obtaining the right balance between upskilling and work-life balance to incentivise and retain your security team
  • Learning from the experience of growing a security team at pace and the place of cyber in the story of TransferWise’s success
Shan Lee, CISO and DPO, TransferWise

16:25 - 16:45

The Delicate DPO Balancing Act: The Rights of the Data Subjects, the Needs of the Business and Legal Compliance

  • Mapping the difference in how businesses expect to use Personally Identifiable Information compared to how data subjects think their data is being used
  • Anticipating the data subject’s gap in knowledge between their data protection rights and what this translates into when making data requests
  • Convincing businesses of what is realistic, and tempering their data use appetite with lawful basis
Rhiannon Platt
Rhiannon Platt, Information Governance Manager and Data Protection Officer, Royal Devon and Exeter NHS Foundation Trust

16:20 - 17:00

The Next Wave of Cyber Solutions and Engaging the Start-up Ecosystem

  • Moving beyond the solution-focused mindset and how the UK’s start-ups succeed in the user-centric model
  • Signalling and end to the provider-buyer ideal through a more collaborative approach to tacking cyber threats through partnered innovation
  • Succeeding with the scale phase and the role of industry in the future of the UK’s Cyber Innovation Cluster
  • Cyber Security shift towards looking at cyber as an enabler for business growth rather than a layer in a software stack
Stephen Wray

Stephen Wray Director of Cyber Risk, Deloitte

Saj Huq - Bio Pic

Saj Huq, Programme Director, London Office for Rapid Cyber Advancement (LORCA)

Ken Pentimonti

Ken Pentimonti, Principal, Paladin Capital

16:45 - 17:45

Drinks Reception