Programme @

ECS uk


21 September 2021

Brought to you by Whitehall Media

Programme @ ECS uk

Session One

building back better

  • People, process, and technology: securing your digital transformation
  • CISO talk: communicating risk to the board
  • Third party risk: assess, exchange, monitor
  • Cybersecurity ROI: counting the cost of inaction
  • Cybersecurity talent strategy: is it a gap or a shortage?
  • Defending the cloud
  • Cyber resilience: adopting a more muscular approach to security

09:15 (BST)

Conference Chair's Opening Address

Dr Gilad Rosner, Founder, Internet of Things Privacy Forum

09:25 (BST)

CISO Talk: Communicating Risk to the Board

Ray Stanton
Executive Partner, IBM
view profile

Ray Stanton, Executive Partner, IBM

Understanding the needs of the board of directors, audit, risk committees and your most senior executive management teams is critical to shaping how you deliver your risk and security programme; its articulation and how it drives and manages the company security risk and capability maturity profiles. More importantly, showing how these are intrinsically linked and how these risks are managed and reported.

Knowing what is important to these groups, how and what sort of questions should be expected from them, ensures good preparation and support beyond robust discussions and reporting. This session gives small insight from an individual who has experience of this across a number of large international enterprises and roles as a Non-Executive Director.

09:40 (BST)

Risk Based Investment: supporting the business strategy while improving cyber security posture

Hugh Gilmour
Global Compliance & Security Architect, Compass Group
view profile

Hugh Gilmour, Global Compliance & Security Architect, Compass Group

In a heavily federated business model, how do you effectively communicate risk to the Board to generate appropriate investment in cybersecurity, and demonstrate an ROI on that investment?

Being able to link investment in cyber security with the broader technology strategy, itself designed to support the business strategy, is key.

We address:

• Framing risk through a business lens
• Using security to enable business strategy
• Understanding your drivers of cost
• Capturing the return on investment

10:00 (BST)

Universal Privilege Management – A Modern Approach to PAM

Karl Lankford
RVP Solutions Engineering, BeyondTrust
view profile

Karl Lankford RVP Solutions Engineering BeyondTrust

Virtuallyevery cybersecurity breach todayinvolvesthe exploitation of privileged access.Privileges are initially exploited to infiltrate an IT environment;oncecompromised bythreat actors,privileges arefurtherleveraged tomove laterally, access assets,install malware,andinflict damage. In this session,learnthe key steps involved in achievingUniversalPrivilegeManagement, and how it isused tosecureevery user, session, and asset acrossyour ITenvironment.

Topics covered include:

– Whyrelying onpassword management aloneleavesdangerous gaps in protection

– Disrupting the cyberattack chain with privileged access security controls

– Essential steps to achievingrapid leaps in risk reduction

– Keys to a frictionless PAM solution that is invisible to end users

10:15 (BST)

Questions to the Panel of Speakers

10:30 (BST)

Networking Break

Session Two

  • When disaster strikes: detect, deter, respond
  • Cybersecurity assurance: secure your systems
  • Detect threats in real-time: cloud native cybersecurity monitoring
  • Understanding IoT risk
  • Protecting your mobile workforce: remote working in the age of COVID
  • Winning the war against Phishing attacks

10:45 (BST)

Intro To Session 2

10:50 (BST)

The Neighborhood Watch: Using Continuous Monitoring To Increase Visibility and Effectiveness Of TPRM Programs

Jonathan Ehret
CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon
view profile

Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon

Visibility into our vendors’ security controls and the effectiveness with which they are operating have been and continue to be some of the major challenges in the world of third party risk.

This discussion will cover those struggles, the inherent limitations of the security questionnaire as well as how continuous monitoring tools can be utilized to shed light on the effectiveness of a vendor’s security controls.

11:05 (BST)

Operationalising MITRE ATT&CK Framework

Daniyal Naeem
Cyber Threat Intelligence Manager, BT
view profile

Daniyal Naeem, Technical Intelligence Research Unit Manager, BT Group

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The Protect BT mission uses the ATT&CK knowledge base as a foundation for the development of specific threat models for cyber adversary behaviour,
reflecting on the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

Topics covered include:

– MITRE ATT&CK Overview
– Contextualising MITRE ATT&CK within the Enterprise
– Demonstrating the Use of MITRE ATT&CK in action within BT

11:20 (BST)

Silver Linings: Immune System Technology for Cloud & SaaS

Mariana Pereira
Director of Email Security Products, Darktrace 
view profile

Mariana Pereira, Director of Email Security Products, Darktrace

Cloud and SaaS platforms have created digital environments where businesses can innovate, collaborate, and share more than ever before. However, this is often at the cost of visibility and control. Join Mariana Pereira, Director of Email Security Products, as she discusses the challenges of securing cloud and SaaS applications, and learn why self-learning AI is best-in-class in protecting organizations’ dynamic workforces and constantly-changing digital infrastructure.

Find out how self-learning AI thwarted:

– Developer misuse of AWS cloud infrastructure

– Attempted infiltration via an Office 365 account

– Threat actors targeting a vulnerability with Shodan

11:35 (BST)

Questions to the Panel of Speakers

11:50 (BST)

Networking Break

Session Three

12:05 (BST)

Intro To Session 3

12:10 (BST)

The Role of AI in a Changing Security Paradigm: Why Prevention Is Always Better than Cure

Baldeep Dogra
Director, Solutions Marketing, BlackBerry
view profile

Baldeep Dogra; Director, Solutions Marketing, BlackBerry

The security professional’s job has become an endless game of cat and mouse, with continual pursuits of invisible attackers that can out-think, outrun, and outsmart most security systems. To combat these attackers and other threats, enterprises are increasingly turning to endpoint detection and response (EDR) solutions that provide advanced levels of endpoint protection.

Attend this session so you can learn:

  • How AI-driven cybersecurity offers organisations a strong defense against both legacy and emerging threats.
  • How organizations can embrace a new approach to EDR that ensures their endpoints are not weak links against cyberthreats.
  • Discover how a new, revolutionary approach leverages a foundational math model built on artificial intelligence that prevents breaches.

12:25 (BST)

Creating a Global culture of privacy with Diversity & Inclusion in mind

Sukhdeep Randhawa
Global Privacy Transformation & ED&I Lead, Unilever
view profile

Sukhdeep Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

The presentation focuses on the importance of taking a risk-based approach to privacy when handling data

– What is Data Privacy?
– Why is it important?
– How to build a global legal data privacy programme?
– How to build a culture of Privacy?
– Why is Privacy important for diversity and inclusion strategy?

12:40 (BST)

Security is not a destination, it’s a journey

Neil Dover
Country Manager, HP Inc
view profile

Neil Dover, Country Manager, HP Inc

As the cyber world constantly transforms and evolves, so must cybersecurity. With cyber risks at the forefront of executives and boards minds, it is critical for enterprise ICT leaders to understand how the solutions landscape is adapting to these new threats.

In this session we will cover:

• How to build the distributed, hybrid workforce of the future, without exposing your enterprise to unprecedented levels of cyber risk

• Ways to ensure the safety of customers’ data and minimize future disruption

• How to prevent criminals from exploiting vulnerabilities in the changing workplace

• A new breed of end point security rooted in Zero Trust principles – HP Wolf Security

• The future of endpoint security secure-by-design

12:55 (BST)

Questions to the Panel of Speakers

13:10 (BST)

Networking Lunch

Session Four

13:45 (BST)

Seminars A - E

14:30 (BST)

Networking Break

Session Five

14:45 (BST)

Introduction to Session Five

14:50 (BST)

Security from Endpoint to Cloud - Securing Productivity from anywhere

Tom Davison 
Senior Director Mobile Security Threat Intelligence, Lookout
view profile

Tom Davison, Senior Director Mobile Security Threat Intelligence, Lookout

As we adapt to permanent hybrid working there is a need to keep employees productive on any device while they work with corporate data across multiple sources.

For many organisations this presents significant challenges and blindspots remain.

This session will look at the issues associated with hybrid working and show how to effectively move towards a Zero Trust model.

Topics covered –

– Trends in hybrid working models

– The risks and threats linked to public clouds and unmanaged endpoints – phishing, ransomware, data leakage

– How to enable ‘work from anywhere’ without compromising privacy

– How to effectively bridge security from endpoint to cloud.

15:05 (BST)

CTI: Challenging the Implementation of Cyber Threat Intelligence programs at any organization

Sarah Sabotka
Head of Global Cyber Threat Intelligence, Experian
view profile

Sarah Sabotka, Head of Global Cyber Threat Intelligence, Senior Manager at Experian

In this presentation, Sarah will discuss trial/error, what works and what hasn’t when it comes to developing and driving a successful Cyber Threat Intelligence program.

Areas to cover:

• You have no CTI program, where do you even begin?
• Do you really need all of those paid vendor intelligence tools?
• How do you scope intelligence collection and communication? Establishing Priority Intelligence Requirements
• CTI for Incident Response, SecOps, Red Team, Third-Party Risk, and more

15:20 (BST)

Providing Transparency on Every Relationship and Every Risk Across Your Digital Business Ecosystem

Stuart Phillips
Product Marketing Director- Cyber, Interos
view profile

Stuart Phillips, Product Marketing Director- Cyber, Interos

  • Supply Chain Cyber Security Challenges and Technology
  • Procurement and InfoSec Integration
  • Changing Role of the CISO


15:35 (BST)

Questions to the panel of speakers

15:50 (BST)

Networking Break

Session Six

16:05 (BST)

Intro to Session 6

16:10 (BST)

Cyber resilience: adopting a more muscular approach to security

Lee Webb
Group Head of Operational Resilience, Aviva
view profile

Lee Webb, Group Head of Operational Resilience, Aviva

What does it mean to be cyber resilient? Many organisations are focused on it as a key business goal without fully understanding what it means to be truly resilient.

By adopting a more muscular approach to cybersecurity, you can strengthen your architecture, identify what’s missing from your infrastructure, better support your workforce, and advance your knowledge and understanding of how to protect and recover vital assets should the worse happen.

Join us as we map out what you need to do in order to become a more resilient, robust, flexible, and dynamic organisation.

16:25 (BST)

Triumph of Data Protection: Neutralize Cyberthreats and Springboard to Data Empowerment

Alasdair Anderson
General Manager, EMEA, Protegrity
view profile

Alasdair Anderson, General Manager, EMEA, Protegrity

Instead of being a source of risk, or a hurdle to innovation, compliance can be a springboard to data empowerment. Effective data protection enables you to neutralize cybercriminals—these savvy and shadowy groups try to weaponize your adherence to GDPR and other regulations by threatening to publicise your commitment to customers’ and employees’ data privacy. You can ignore their threats when your data protection methods future-proof your organization from all compliance. Compliance also unshackles you from the demands of GDPR and other regulations. Join Alasdair Anderson to learn:

  • The current state of the privacy nation
  • The risks of not protecting individuals’ data
  • How to bridge the gap between data protection & access
  • Why privacy is good for business

16:40 (BST)

Key considerations in building a DevSecOps Program

Les Correia
Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security Estée Lauder Companies Inc.
view profile

Les Correia, Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security Estée Lauder Companies Inc.

• Start with Why?
• Crossing the chasm: Components for success
• DevSecOps Guiding Framework

16:55 (BST)

Questions to the Panel of Speakers

17:10 (BST)

Closing Remarks from the Conference Chair

17:15 (BST)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Hybrid Working Fuels Business Fears
Over 8 in 10 UK businesses are saying that hybrid working greatly increases their data breach risk, with over a fifth being unprepared for one when it would occur. Speed of response has been labelled as the main concern, and with business owners looking at 43% of their workforces to be hybrid working in the...
China the Focus for Cyber Sabotage
The UK and allies, including the US and Canada, have released recent statements accusing the Chinese government of “systematic cyber-sabotage”, believing that state-sponsored hackers were behind an early 2021 attack that compromised around the figure of 400,000 worldwide servers and leaving them open and exposed to cybercriminals. Tied to Beijing In the UK alone, more...
The ransomware that shows up everywhere but the headlines
The most reported ransomware strain of 2021 so far – accounting for around 71% of the total – is not a headline grabbing, multi-million-dollar ransom threat targeting a large enterprise, but a file-encrypting virus called DJVU or STOP ransomware that targets home users and has more than 290 variations. It’s important to keep things in perspective and to remember...