Programme @

CYBERGOV

National Cyber Security Strategy Confex

15 October 2024

Victoria Park Plaza Hotel, London

Programme @ CYBERGOV

Morning Session

defending the state, working with our allies, and ensuring the UK is safe and secure

Delivering the UK’s national cyber-security strategy

  • Measuring digital Britain’s defences in the cyber offensive age
  • Defending the UK government workforce – from the pandemic and beyond
  • Securing the UK’s critical national infrastructure
  • Strengthening the UK’s cyber resilience
  • Addressing the challenge of IAM in government
  • How to stop cyber criminals using ransomware to attack public services

08:00 (BST)

Registration and Exhibition Opens

09:15 (BST)

Conference Chair's Opening Address

Jessica Figueras
Founder, Hither Strategy
view profile

Jessica Figueras, Founder, Hither Strategy

09:25 (BST)

Defence’s vision to build a stronger, cyber-resilient Defence

Hugh Tatton-Brown
Head of Cyber Strategy & Architecture, MoD
view profile

Hugh Tatton-Brown, Head of Cyber Strategy & Architecture, MoD

This presentation outlines the recently published Cyber Resilience Strategy for Defence, covering how we will achieve the vision “to build a stronger, cyber-resilient Defence”.

The strategy is about driving focus and coherence to address cyber defence and building cyber resilience over the next 5 years and is aligned with the National and government cyber strategies.

It sets out the imperative in clear terms and outlines the challenges and scale of the problem. Also highlighted are some of the critical successes to date, and a high-level look at how Defence intends to deliver the vision.

The audience will:

• gain a clear understanding of the urgency and scale facing Defence’s cyber resilience
• see how the problem spans all aspects of Defence from the back office to the front line
• be shown how input from across Defence’s business units is required in order to effect the change
• see that Defence’s people and culture will play a large role in achieving the vision, as well as fundamental technical challenges

09:40 (BST)

To Protect & Trust: How to be Cyber Resilient

Baldeep Dogra
Senior Director, Product Marketing, BlackBerry
view profile

Baldeep Dogra, Senior Director, Product Marketing, BlackBerry

In these uncertain times with increasing threats to an ever-increasing attack surface, organisations are becoming more and more exposed to major disruptions to their operations. Being resilient to these threats is critical to not just maintain continuity of operations but also to protect users and data while ensuring costs are minimised through effective impact tolerance. Legacy and ineffective solutions coupled with a dearth of skills is making this transition difficult.

The balance between technology and people is vital to protect information and remain resilient, and the key to this is trust, zero trust. With a growing attack surface it is critical to establish and maintain zero trust at the attack surface layer using a predictive approach and augmenting security operations with tools and skills to ensure visibility.

09:55 (BST)

What can we learn from Muhammed Ali to improve our cyber security culture?

Sarah Janes
Founder and CEO, Layer8
view profile

Sarah Janes, Owner and CEO, Layer 8

When we hear the words ‘the UK’s national cyber-security strategy’ our mind naturally migrates to technology, complexity, and possibly an image of a cyber-criminal mastermind.

We know that people are critical to a resilient business, but just how do we get people to move from knowing to doing?

In this talk we will look at:

• Developing a risk and data driven approach to security culture strategy
• Reframing our approach from blame to collaborate
• A case study on using conversation as the catalyst for behaviour change

10:10 (BST)

Why traditional IAM strategies are failing in the modern threat Landscape

Alan Radford
EMEA Technology Strategist, One Identity
view profile

Alan Radford, EMEA Technology Strategist, One Identity

It is known that organizations considered to be “in compliance” nevertheless suffer significant cybersecurity incidents.  In this session we will review some of the reasons for this paradox and strategies to resolve it. In particular we will focus on the role of identities and users and especially privileged accounts which are the number one target of cyberattacks. Why? With these accounts’/users’ extensive access, hackers can use them to do the most harm to your organization. So, here’s the question: How confident are you that your most privileged users are safe and under control?

Join us to discover:

  • Current security risks and trends
  • How to mitigate the security exposure to protect the most sensitive accesses in your IT landscape
  • Why privileged accounts and users must be governed properly

10:25 (BST)

Questions to the Panel of Speakers

10:45 (BST)

Refreshment Break Served in the Exhibition Area

11:15 (BST)

Welcome to Session Two

11:20 (BST)

Developing a Cyber Security Strategy across the health and care sector - how to set a strategy that is meaningful for all.

Dr Bettina Mavrommatis
Cyber Security Strategy Lead, NHSX
view profile

Dr Bettina Mavrommatis, Cyber Security Strategy Lead, NHSX

The future of the NHS and social care relies on using digital technology to provide safer, more efficient, and more personalised care.

The opportunities are immense.

However, the more we digitise and connect the health and social care system, the larger the value of its data and the greater the opportunity for cyber-attacks.

Strong cyber security is integral to the digital transformation agenda and the two must go hand in hand.

213 NHS Trusts, 6559 GPs, 27,000 Adult Social Care providers and over 27,000 dentists, community pharmacies and opticians combined – the health and care sector is immense and complex with different requirements and operating in slightly different contexts.

How do we set a Cyber Security Strategy that is meaningful for all?

11:35 (BST)

Effective secure by design into live security assurance

Andy Wall
Chief Security Officer, Office for National Statistics
view profile

Andy Wall, Chief Security Officer, Office for National Statistics

A canter through a live example of implementing secure by design into security assurance in live operations, providing confidence to internal and external stakeholders that good security is built in and it’s working well.

Key points of the end-to-end approach are:

  • What the business really wants
  • Governance and technical security
  • Threat informing security measures
  • Key design and assurance aims
  • Risk and mitigation choices

11:50 (BST)

Questions to the Panel of Speakers

12:05 (BST)

Delegates move to the Seminar Rooms

12:15 (BST)

Seminar Sessions

13:00 (BST)

Networking Lunch Served in the Exhibition Area

Afternoon Session

detect, deter and defend against new and emerging threats

Sourcing, harnessing and managing the tools, technologies and processes needed to secure the UK

  • The role AI can play in safeguarding government data
  • A blockchain-based digital government – secure by design
  • Big data, dark data privacy, security, integrity, and survivability issues
  • Threat & response in a cloud-enabled frontline workforce
  • Improving data and cyber security across government
  • Improving threat intelligence collaboration across the public sector

14:00 (BST)

Conference Chair’s Afternoon Address

Jessica Figueras
Founder, Hither Strategy
view profile

Jessica Figueras, Founder, Hither Strategy

14:05 (BST)

How North Devon Council protects citizen services with Arcserve

Anthony Parry
Partner Account Manager, Arcserve
view profile

Anthony Parry, Partner Account Manager, Arcserve 

Data resilience plays a vital role in protecting and enhancing an organisation’s reputation, yet explosive growth in data and new ever-evolving threats to its inviolability are challenging organisations. More data to store. More data to manage. More data to protect.

This session talks about the challenges faced by North Devon Council and why they need to ensure the safety of its data, and have a DR plan in place that minimises the risk of disruption to service.  Like all organisations, councils must ensure the safety of its data, and be able to recover it as quickly as possible should an incident such as an equipment failure, datacenter flood or ransomware attack occur.

With Arcserve they have protected 50TB of council data, including critical financial systems and the electoral register. The council now has peace of mind that it can maintain business continuity even if a ransomware attack or hardware failure occurs, and the ICT team has more time for strategic activities.

14:20 (BST)

Do Your KPIs Reflect Your Risk: Secure by Design and Zero Trust

Robert di Schiavi
Head of Cyber Security, Civil Service
view profile

Robert di Schiavi, Head of Cyber Security: Parliamentary & Health Service Ombudsman

The state of the external threat is now fully understood.

Hackers have learned to achieve greater disruption by exploiting even the basics of misconfigured controls.

However, a truly defined understanding of Secure by Design appears lost in translation, only used as a ‘would like’ strategy.

In this presentation, I will draw out a plan to show how existing projects can be brought into the Secure by Design strategy by identifying key performance indicators against key risk indicators.

• Introduction to the five Laws of Cyber Security
• The fallacy of yet another strategy
• Key Risks indicators and Indicators of Compromise
• Reporting against the true environmental predictors
• Zero Trust and Zero tolerance

14:35 (BST)

Cyber security - from ancient to modern myth

Adrian Warman
Head of Security Policy, Awareness, Culture & Education (SPACE) Team, Ministry of Justice Security and Information Group
view profile

Adrian Warman, Head of Security Policy, Awareness, Culture & Education (SPACE) Team, Ministry of Justice Security and Information Group

Have you ever paused to think about the origin of the word ‘cyber’?

That simple question leads to some profound insights into realities and best practices as we try to secure the modern enterprise.

In this presentation, we explore ancient ideas and their connections to activities and approaches that are often taken for granted.

We use those insights to suggest more efficient and effective ways forward.

14:50 (BST)

Questions to the Panel of Speakers

15:05 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:30 (BST)

Welcome to Session Five

15:35 (BST)

Moving to the Cloud Securely with DevSecOps

Vincent King
Head of DevSecOps, Bank of England
view profile

Vincent King, Head of DevSecOps, Bank of England

Cloud technologies can bring great advantages from cost savings to resilience, but these benefits can come at a cost if we aren’t careful.

With products, services, and projects being pushed to the Cloud, efforts must be made to use Cloud carefully and in the correct way.

From lifting-and-shifting to using Cloud-native resources, we’ll talk about:

• DevSecOps – how it is, and how it should be
• Go, Move, Shift – Dealing with project pressures
• Can we move at speed and stay secure?

15:50 (BST)

Security Assurance in the DWP

Geoff Hodge
Lead Security Risk Assurance Manager, DWP
view profile

Geoff Hodge, Lead Security Risk Assurance Manager, DWP

We design security into all our systems and processes. We secure our data whether at rest, in transit or in use. We protect people and places. Or do we? We design security from the start but when deadlines approach, is security still a priority? Are those controls we put in place five years ago still working, or even appropriate anymore? The manual processes ensure security, but is anyone following it?

We address these challenges through a new 2nd line security assurance function:

• Alignment with principles of risks and corporate strategy
• Scoping it right
• Evidence is key
• What lies ahead

16:05 (BST)

The challenges facing law enforcement in cybercrime: how business can best support a judicial outcome

Chris P
Officer, Former National Cyber Crime Unit, NCA
view profile

Chris P, Former Officer, National Cyber Crime Unit, NCA

The presentation will cover the key challenges facing law enforcement in cybercrime. Although there are plenty, this presentation will focus on the balancing of needs between the private sector and law enforcement and identify ways the private sector can support law enforcement.

• Case Study
• What are the key challenges facing law enforcement investigating cybercrime?
• What are the desired outcomes for law enforcement and for the victims (focusing on UK businesses)?
• How can UK businesses support law enforcement activity?

16:20 (BST)

Questions to the Panel of Speakers

16:35 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras, Founder, Hither Strategy

16:45 (BST)

Conference Closes

17:00 (BST)

Extra Footrage - Why Legacy MFA is Not Good Enough for Modern Authentication Requirements

Dan Gadd
Senior Sales Engineer, Beyond Identity
view profile

Passwords: Are the top initial attack vector of security breaches

  • How can we resolve this? Issues with “Legacy MFA”
  • It’s simply not secure enough anymore
  • How Does Strong Auth Relate to Zero Trust?
  • Beyond Identity – Frictionless, Passwordless MFA

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.