Programme @ ECS uk

Dr Gilad Rosner, Founder, Internet of Things Privacy Forum

Ray Stanton, Executive Partner, IBM

Understanding the needs of the board of directors, audit, risk committees and your most senior executive management teams is critical to shaping how you deliver your risk and security programme; its articulation and how it drives and manages the company security risk and capability maturity profiles. More importantly, showing how these are intrinsically linked and how these risks are managed and reported.

Knowing what is important to these groups, how and what sort of questions should be expected from them, ensures good preparation and support beyond robust discussions and reporting. This session gives small insight from an individual who has experience of this across a number of large international enterprises and roles as a Non-Executive Director.

Hugh Gilmour, Global Compliance & Security Architect, Compass Group

In a heavily federated business model, how do you effectively communicate risk to the Board to generate appropriate investment in cybersecurity, and demonstrate an ROI on that investment?

Being able to link investment in cyber security with the broader technology strategy, itself designed to support the business strategy, is key.

We address:

• Framing risk through a business lens
• Using security to enable business strategy
• Understanding your drivers of cost
• Capturing the return on investment

Karl Lankford RVP Solutions Engineering BeyondTrust

Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware, and inflict damage.  In this session, learn the key steps involved in achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.

Topics covered include:

– Why relying on password management alone leaves dangerous gaps in protection

– Disrupting the cyberattack chain with privileged access security controls

– Essential steps to achieving rapid leaps in risk reduction

– Keys to a frictionless PAM solution that is invisible to end users

Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon

Visibility into our vendors’ security controls and the effectiveness with which they are operating have been and continue to be some of the major challenges in the world of third party risk.

This discussion will cover those struggles, the inherent limitations of the security questionnaire as well as how continuous monitoring tools can be utilized to shed light on the effectiveness of a vendor’s security controls.

Daniyal Naeem, Technical Intelligence Research Unit Manager, BT Group

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The Protect BT mission uses the ATT&CK knowledge base as a foundation for the development of specific threat models for cyber adversary behaviour,
reflecting on the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

Topics covered include:

– MITRE ATT&CK Overview
– Contextualising MITRE ATT&CK within the Enterprise
– Demonstrating the Use of MITRE ATT&CK in action within BT

Mariana Pereira, Director of Email Security Products, Darktrace

Cloud and SaaS platforms have created digital environments where businesses can innovate, collaborate, and share more than ever before. However, this is often at the cost of visibility and control. Join Mariana Pereira, Director of Email Security Products, as she discusses the challenges of securing cloud and SaaS applications, and learn why self-learning AI is best-in-class in protecting organizations’ dynamic workforces and constantly-changing digital infrastructure.

Find out how self-learning AI thwarted:

– Developer misuse of AWS cloud infrastructure

– Attempted infiltration via an Office 365 account

– Threat actors targeting a vulnerability with Shodan

Baldeep Dogra; Director, Solutions Marketing, BlackBerry

The security professional’s job has become an endless game of cat and mouse, with continual pursuits of invisible attackers that can out-think, outrun, and outsmart most security systems. To combat these attackers and other threats, enterprises are increasingly turning to endpoint detection and response (EDR) solutions that provide advanced levels of endpoint protection.

Attend this session so you can learn:

• How AI-driven cybersecurity offers organisations a strong defense against both legacy and emerging threats.
• How organizations can embrace a new approach to EDR that ensures their endpoints are not weak links against cyberthreats.
• Discover how a new, revolutionary approach leverages a foundational math model built on artificial intelligence that prevents breaches.

Sukhdeep Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

The presentation focuses on the importance of taking a risk-based approach to privacy when handling data

– What is Data Privacy?
– Why is it important?
– How to build a global legal data privacy programme?
– How to build a culture of Privacy?
– Why is Privacy important for diversity and inclusion strategy?

Neil Dover, Country Manager, HP Inc

As the cyber world constantly transforms and evolves, so must cybersecurity. With cyber risks at the forefront of executives and boards minds, it is critical for enterprise ICT leaders to understand how the solutions landscape is adapting to these new threats.

In this session we will cover:

• How to build the distributed, hybrid workforce of the future, without exposing your enterprise to unprecedented levels of cyber risk

• Ways to ensure the safety of customers’ data and minimize future disruption

• How to prevent criminals from exploiting vulnerabilities in the changing workplace

• A new breed of end point security rooted in Zero Trust principles – HP Wolf Security

• The future of endpoint security secure-by-design

Click here to view seminar sessions 

Tom Davison, Senior Director Mobile Security Threat Intelligence, Lookout

As we adapt to permanent hybrid working there is a need to keep employees productive on any device while they work with corporate data across multiple sources.

For many organisations this presents significant challenges and blindspots remain.

This session will look at the issues associated with hybrid working and show how to effectively move towards a Zero Trust model.

Topics covered –

– Trends in hybrid working models

– The risks and threats linked to public clouds and unmanaged endpoints – phishing, ransomware, data leakage

– How to enable ‘work from anywhere’ without compromising privacy

– How to effectively bridge security from endpoint to cloud.

Sarah Sabotka, Head of Global Cyber Threat Intelligence, Senior Manager at Experian

In this presentation, Sarah will discuss trial/error, what works and what hasn’t when it comes to developing and driving a successful Cyber Threat Intelligence program.

Areas to cover:

• You have no CTI program, where do you even begin?
• Do you really need all of those paid vendor intelligence tools?
• How do you scope intelligence collection and communication? Establishing Priority Intelligence Requirements
• CTI for Incident Response, SecOps, Red Team, Third-Party Risk, and more

Stuart Phillips, Product Marketing Director- Cyber, Interos

• Supply Chain Cyber Security Challenges and Technology
• Procurement and InfoSec Integration
• Changing Role of the CISO

Lee Webb, Group Head of Operational Resilience, Aviva

What does it mean to be cyber resilient? Many organisations are focused on it as a key business goal without fully understanding what it means to be truly resilient.

By adopting a more muscular approach to cybersecurity, you can strengthen your architecture, identify what’s missing from your infrastructure, better support your workforce, and advance your knowledge and understanding of how to protect and recover vital assets should the worse happen.

Join us as we map out what you need to do in order to become a more resilient, robust, flexible, and dynamic organisation.

Les Correia, Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security Estée Lauder Companies Inc.

• Start with Why?
• Crossing the chasm: Components for success
• DevSecOps Guiding Framework