Programme @


National Cyber Security Strategy Confex

15 October 2024

Victoria Park Plaza Hotel, London

Programme @ CYBERGOV

Morning Session

defending the state, working with our allies, and ensuring the UK is safe and secure

Delivering the UK’s national cyber-security strategy

  • Measuring digital Britain’s defences in the cyber offensive age
  • Defending the UK government workforce – from the pandemic and beyond
  • Securing the UK’s critical national infrastructure
  • Strengthening the UK’s cyber resilience
  • Addressing the challenge of IAM in government
  • How to stop cyber criminals using ransomware to attack public services

08:00 (BST)

Registration and Exhibition Opens

09:15 (BST)

Conference Chair's Opening Address

Jessica Figueras
Vice Chair of Trustees, UK Cyber Security Council
view profile

Jessica Figueras, Vice Chair of Trustees, UK Cyber Security Council

09:25 (BST)

Defence’s vision to build a stronger, cyber-resilient Defence

This presentation outlines the recently published Cyber Resilience Strategy for Defence, covering how we will achieve the vision “to build a stronger, cyber-resilient Defence”.

The strategy is about driving focus and coherence to address cyber defence and building cyber resilience over the next 5 years and is aligned with the National and government cyber strategies.

It sets out the imperative in clear terms and outlines the challenges and scale of the problem. Also highlighted are some of the critical successes to date, and a high-level look at how Defence intends to deliver the vision.

The audience will:

• gain a clear understanding of the urgency and scale facing Defence’s cyber resilience
• see how the problem spans all aspects of Defence from the back office to the front line
• be shown how input from across Defence’s business units is required in order to effect the change
• see that Defence’s people and culture will play a large role in achieving the vision, as well as fundamental technical challenges

09:40 (BST)

To Protect & Trust: How to be Cyber Resilient


In these uncertain times with increasing threats to an ever-increasing attack surface, organisations are becoming more and more exposed to major disruptions to their operations. Being resilient to these threats is critical to not just maintain continuity of operations but also to protect users and data while ensuring costs are minimised through effective impact tolerance. Legacy and ineffective solutions coupled with a dearth of skills is making this transition difficult.

The balance between technology and people is vital to protect information and remain resilient, and the key to this is trust, zero trust. With a growing attack surface it is critical to establish and maintain zero trust at the attack surface layer using a predictive approach and augmenting security operations with tools and skills to ensure visibility.

09:55 (BST)

How do we improve our cyber security culture?


When we hear the words ‘the UK’s national cyber-security strategy’ our mind naturally migrates to technology, complexity, and possibly an image of a cyber-criminal mastermind.

We know that people are critical to a resilient business, but just how do we get people to move from knowing to doing?

In this talk we will look at:

• Developing a risk and data driven approach to security culture strategy
• Reframing our approach from blame to collaborate
• A case study on using conversation as the catalyst for behaviour change

10:10 (BST)

Why traditional IAM strategies are failing in the modern threat Landscape


It is known that organizations considered to be “in compliance” nevertheless suffer significant cybersecurity incidents.  In this session we will review some of the reasons for this paradox and strategies to resolve it. In particular we will focus on the role of identities and users and especially privileged accounts which are the number one target of cyberattacks. Why? With these accounts’/users’ extensive access, hackers can use them to do the most harm to your organization. So, here’s the question: How confident are you that your most privileged users are safe and under control?

Join us to discover:

  • Current security risks and trends
  • How to mitigate the security exposure to protect the most sensitive accesses in your IT landscape
  • Why privileged accounts and users must be governed properly

10:25 (BST)

Questions to the Panel of Speakers

10:45 (BST)

Refreshment Break Served in the Exhibition Area

11:15 (BST)

Welcome to Session Two

11:20 (BST)

Developing a Cyber Security Strategy across the health and care sector - how to set a strategy that is meaningful for all.


The future of the NHS and social care relies on using digital technology to provide safer, more efficient, and more personalised care.

The opportunities are immense.

However, the more we digitise and connect the health and social care system, the larger the value of its data and the greater the opportunity for cyber-attacks.

Strong cyber security is integral to the digital transformation agenda and the two must go hand in hand.

213 NHS Trusts, 6559 GPs, 27,000 Adult Social Care providers and over 27,000 dentists, community pharmacies and opticians combined – the health and care sector is immense and complex with different requirements and operating in slightly different contexts.

How do we set a Cyber Security Strategy that is meaningful for all?

11:35 (BST)

Effective secure by design into live security assurance


A canter through a live example of implementing secure by design into security assurance in live operations, providing confidence to internal and external stakeholders that good security is built in and it’s working well.

Key points of the end-to-end approach are:

  • What the business really wants
  • Governance and technical security
  • Threat informing security measures
  • Key design and assurance aims
  • Risk and mitigation choices

11:50 (BST)

Questions to the Panel of Speakers

12:05 (BST)

Delegates move to the Seminar Rooms

12:15 (BST)

Seminar Sessions

13:00 (BST)

Networking Lunch Served in the Exhibition Area

Afternoon Session

detect, deter and defend against new and emerging threats

Sourcing, harnessing and managing the tools, technologies and processes needed to secure the UK

  • The role AI can play in safeguarding government data
  • Increasing Cyber Resilience in the Healthcare Sector
  • A blockchain-based digital government – secure by design
  • Big data, dark data privacy, security, integrity, and survivability issues
  • Improving data and cyber security across government
  • Improving threat intelligence collaboration across the public sector
  • Addressing the Cyber Security Skills Gap: A CISO’s Perspective
  • Banking on Burnout: A CTO’s Journey Through Crisis, Hospital and Recovery

14:00 (BST)

Conference Chair’s Afternoon Address

Jessica Figueras
Vice Chair of Trustees, UK Cyber Security Council
view profile

Jessica Figueras, Vice Chair of Trustees, UK Cyber Security Council

14:05 (BST)

Increasing Cyber Resilience in the Healthcare Sector

Michelle Corrigan
Programme Director - Better Security, Better Care, Digital Care Hub
view profile

Michelle Corrrigan, Programme Director, Better Care, Digital Care Hub

  • Understanding the escalating threat landscape across Health and Social Care
  • Building trust of integrated systems through cybersecurity 
  • Cybersecurity resilience – a whole business priority rather than a uniquely digital challenge

14:20 (BST)

Do Your KPIs Reflect Your Risk: Secure by Design and Zero Trust


The state of the external threat is now fully understood.

Hackers have learned to achieve greater disruption by exploiting even the basics of misconfigured controls.

However, a truly defined understanding of Secure by Design appears lost in translation, only used as a ‘would like’ strategy.

In this presentation, I will draw out a plan to show how existing projects can be brought into the Secure by Design strategy by identifying key performance indicators against key risk indicators.

• Introduction to the five Laws of Cyber Security
• The fallacy of yet another strategy
• Key Risks indicators and Indicators of Compromise
• Reporting against the true environmental predictors
• Zero Trust and Zero tolerance

14:35 (BST)

Addressing the Cyber Security Skills Gap: A CISO's Perspective

Heather Lowrie
Chief Information Security Officer, The University of Manchester
view profile

Heather Lowrie, Chief Information Security Officer, The University of Manchester

  • Effective recruitment and retention strategies in cyber
  • Building and maintaining effective teams


14:50 (BST)

Questions to the Panel of Speakers

15:05 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:30 (BST)

Welcome to Session Five

15:35 (BST)

Banking on Burnout: A CTO’s Journey Through Crisis, Hospital and Recovery

Andrew Barber
Head of Apps & Devices, Surrey and Sussex Police
view profile

Andrew Barber, Head of Apps & Devices, Surrey and Sussex Police

Recognising the Signs of Burnout:
Understanding the early indicators and warning signs to prevent reaching a critical state, based on my experience as a CTO in the banking sector.

The Importance of Seeking Help:
Highlighting the necessity of professional intervention and the benefits of taking time for recovery, drawing from my personal journey through crisis and hospitalisation.

Building Resilience and Sustainable Work Practices:
Implementing long-term strategies to maintain mental health and work-life balance, now applied in my current role supporting 10,000 staff in the police force.


15:50 (BST)

Security Assurance in the DWP


We design security into all our systems and processes. We secure our data whether at rest, in transit, or in use. We protect people and places. Or do we? We design security from the start but when deadlines approach, is security still a priority? Are those controls we put in place five years ago still working, or even appropriate anymore? The manual processes ensure security, but is anyone following it?

We address these challenges through a new 2nd line security assurance function:

• Alignment with principles of risks and corporate strategy
• Scoping it right
• Evidence is key
• What lies ahead

16:05 (BST)

The challenges facing law enforcement in cybercrime: how business can best support a judicial outcome


The presentation will cover the key challenges facing law enforcement in cybercrime. Although there are plenty, this presentation will focus on the balancing of needs between the private sector and law enforcement and identify ways the private sector can support law enforcement.

• Case Study
• What are the key challenges facing law enforcement investigating cybercrime?
• What are the desired outcomes for law enforcement and for the victims (focusing on UK businesses)?
• How can UK businesses support law enforcement activity?

16:20 (BST)

Questions to the Panel of Speakers

16:35 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras
Vice Chair of Trustees, UK Cyber Security Council
view profile

Jessica Figueras, Vice Chair of Trustees, UK Cyber Security Council

16:45 (BST)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.