Enterprise Cyber Security

24 September 2019

Victoria Park Plaza, London




Session ONE – Securing your Enterprise

  • Securing Digital Transformation and innovation
  • Communicating with senior managers and executives about security
  • Building a strong security culture
  • Creating frameworks that allow secure software development
  • New threats, and creative solutions to tackle them
The Conference Chair’s Opening Remarks

Dr Gilad L. Rosner, Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Securing your cyber-security supply chain management

Senior Representative, NCSC {confirmed}

In our opening address, we explore the 12 principles which are designed to help you establish effective control and oversight of your supply chain, the value of the investment and how best to implement.

  • Improve your awareness of supply chain security
  • Improve your overall resilience
  • Reduce the number of business disruptions you suffer
  • Demonstrate compliance with GDPR
  • Help you win new contracts with proven trust
Demystifying the Dark Web: How it works and why you should care

Michael Aminzade, MD Cyber, 6point6

When it comes to effective cyber protection, knowledge is power. Whilst the Dark Web is a term known to the majority of people, what it is in practice and how it is used by cyber attackers, is more the stuff of legends.

This informative session is a whistle-stop tour with a live demo designed to explain how the Dark Web works and why you should care about it. Our ethical hackers will demonstrate how this secret, parallel internet works.

  • What the Dark Web is
  • How it is accessed and used by attackers
  • Examples of what is available on there
  • Demonstration of the Dark Web in practice
  • Some of the failings of the Dark Web
  • The positives that can be derived from it
How CISOs Need to Communicate Risk to the Board

Ian Brown, Head of Information Security, British Heart Foundation

This presentation tackles the key ways CISOs and senior security managers can better communicate risk to the board, by:

  • Creating useful metrics so the board can properly evaluate your organisation’s security posture
  • Communicating technicalities in easy-to-understand business terms
  • Setting realistic goals and expectations
  • Moving beyond handling incident response, from reactive to proactive defence
When Big Data Means Big Risk: How to Protect Sensitive Data in Big Data Analytics

Anna Russell, EMEA VP of Enterprise Sales, comforte AG

The insights gained from Big Data Analytics can be incredibly valuable, however every new data stream constitutes a new potential attack vector, which makes classic perimeter defenses obsolete and can leave your organization vulnerable. In the past, data security executives and data scientists had to compromise between being able to use the data freely and properly securing it from potential threats. I there a way to secure your data and analyze it too? Learn more about data-centric security, and why there\’s no need for compromise.

Why User Engagement Matters

Denise Beardon, Head of Information Security Engagement, Pinsent Masons

While phishing tests and online guidance are the first steps towards building a better security culture, the most effective way to truly change behaviours is through personal training and engagement.

Join this presentation as we cover ways in which you can:

• Democratise access to ensure security belongs to everyone
• Introduce better lines of communication
• Deliver effective training
• Meaningfully measure engagement

Why Understanding Your Attack Surface Matters

Etienne Greeff, CTO & Co-Founder, SecureData

Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Mitigating Social Engineering Threats in the Enterprise

Professor John Walker, Visiting Professor, School of Science and Technology, Nottingham Trent University

For all the discussions of technology, the fact remains that human manipulation is normally the easiest and most effective way to breach corporate defences, especially when used in conjunction with technical expertise.

  • How can you prepare your employees against evolving risks?
  • How can you implement frameworks to mitigate the worst effects of social engineering?
  • What are some ways you can test and measure your defences?
Implementing Continuous Security Across the Development Lifecycle

We tackle how you can introduce the concept of continuous security into your development process. We will explore the ways you can ensure risk is understood at every stage of development, how to instil good practices around security and create a framework that automates several aspects of the continuous security programme.

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Establishing Innovative Defences in an Evolving Risk Landscape

  • Securing new enterprise IT architectures and Complex Industrial Systems
  • Understanding risk, through threat intelligence and hunting
  • Incident response and DFIR
  • Improving on the resilience of your infrastructure
  • Understanding adversary behaviour
  • Using new techniques to strengthen your defences
The Conference Chair Opens the Afternoon Session
All-source threat intelligence

Vladimir Krupnov, Lead Threat Intelligence analyst, Revolut

In Revolut, we have a culture of building our own in-house solutions instead of relying on the third parties. Same relates to our CTI programme.

The presentation will take you through the process of building a cyber threat intelligence programme from scratch based on cloud infrastructure, identifying sources of collection, extracting valuable data and converting it to the actionable insights – all in the high-growth environment of the fin-tech company.

By combining manual and in-house built automated techniques we are doing our best to identify and counter the threats surrounding Revolut and our customers.

• Why CTI is needed even if there is no internal network?
• Tackling the threats – monitoring trends, crooks and *web
• Empowering the company with threat intel insights

Security for the Future: Work Smart and Stay Safe

Helen Hosein, Customer Engineer, Google

For organisations today, cybersecurity can feel like a moving target. As IT teams look to step up their endpoint security strategy, a managed web browser can offer multiple layers of protection that help reduce the risk of malware, ransomware and other exploits that often target your users. In this session, a Google expert will help IT leaders identify key ways to improve their current web browser security, while still empowering users to access the web and be productive.

Building and Growing an Agile Security Team

Tom Hoyland, Agile Delivery Lead – Login Squad, Sky Betting & Gaming

How would you build a security team from scratch? What techniques would you use? What metrics should you respond to?

In this talk, you’ll see how we assembled a team, embedded agile values, a DevOps mindset and a clear purpose to create a squad with an infectious, high performing culture.

We’ll demonstrate the coaching and visualization techniques we used to reduce batch size and improve quality. You’ll see how to reveal ‘hidden’ product backlogs, make the invisible visible, and use a domain-driven design, theory of constraints and language to optimize team resilience.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Do You Need a Threat Hunting Programme?

Simon Cross, Senior Enterprise Architect, Lloyds Bank

This presentation discusses whether you need a threat hunting programme in your organisation – to reduce hacker dwell times and seek out potential attackers before an incident appears.

We cover:

• Why and how to implement threat hunting
• Identifying business environments best suited to threat hunting
• Successful deployments and common challenges

Boosting IT Infrastructure Resilience to Respond to Widespread Threats

If your systems are seriously comprised, how long would it take you to respond and restore your infrastructure?

If the answer is too long, you’re not alone.

We deep-dive into how one organisation improved its own IT resilience thorough improved risk management frameworks, classification of essential services and comprehensive drills.

New Techniques to Exploit the Potential of OSINT (Open-Source Intelligence)

There’s a rich source of intelligence out there on employees, privileged account holders, and senior managers that can be used to exploit corporate defences.

To protect it and prevent it falling into the hands of potential hackers, InfoSec professionals need to utilise the newest OSINT tools and methods to stay ahead.

In this presentation we test some of the search engines, unlikely sources of data and useful techniques to improve on OSINT capacity.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.