Programme @ ECS uk

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum and Conference Chair

Kevin Fielder, CISO, NatWest Boxed and Mettle by NatWest

In security there is a lot of talk about how stressful the industry can be, how many people are suffering from, or getting close to, burnout.

But we don’t spend much time talking about how to deal with the stress, how to avoid burnout, and how to support each other.

This presentation will provide a brief overview of the issue, followed by thoughts on how to best make ourselves and our teams as resilient as possible.

Neil Thacker, CISO EMEA, Netskope

This session will focus on how organisations are automating GRC in 2023 to cover the increased scale of their supply chain due to the increased use of cloud services (public cloud and SaaS).

The session will offer:

– insight into how an organisation has successfully automated core elements of their current GRC workload
– reprioritised FTE headcount to focus on cybersecurity incidents reducing dwell time and improving Time-to-Remediate metrics
– improvements to responses to questionnaires, audits and compliance requests

Rebeen Salehbag, SOC & Incident Response Manager, ASDA

This presentation will explore the complexity and challenges involved in managing security logs whilst highlighting the journey of security logs from collection to retention. Briefly navigating some of the decisions faced by an organisation when deciding to collect logs for the purpose of detecting and investigating security incidents. Rather than providing solutions or answers, it is meant as a thought-provoking and engaging talk that will help the audience understand the various aspects of log management in cybersecurity.

Eoin McGrath, Solutions Engineer, Threatlocker

• Demonstration of policies and controls to strengthen your security
• Highlighting the ease of implementing and managing security policies to enhance overall security posture
• Explaining how organisations can prevent ransomware, zero-day exploits, and unauthorized applications from compromising their systems and data

Adam Saunders, CISO, Security Evangelist

It is of vital importance that you build, support and sustain a culture of building your own in-house solutions instead of always having to rely on third parties.

Same relates to your CTI programme.

The presentation will take you through the process of building a cyber threat intelligence programme from scratch in the company based on cloud infrastructure.

It will also address the importance of having the in-built ability to identify sources of collection, extract valuable data and convert it to actionable insights.

By combining manual and in-house built automated techniques you can better ably identify and counter the threats surrounding your business and our customers.

Frédéric Saulet, Head of EMEA, Vulcan Cyber 

Corporate IT has weathered a decade of relentless change. “More agile” development, Full Cloud migration, Covid-era services, and forced “digital transformation” – the holy grail of new organisations – have all “revolutionised” its evolution. In this dynamic cyber landscape, the world of Cyber has had to adapt, leading to an exponential increase in attack surfaces. From Software as a Service, Cloud services, IoT and workforce ultra-mobility, these new technologies have lead to new risks which surpass traditional infrastructure threats. As cyber defences adapt to this new landscape, they face a flood of alerts from multiple solutions targeting specific risks. Yet, most companies struggle to analyse the deluge effectively.

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum and Conference Chair

Nicholas King CISSP, Head of Solutions, Orange Cyberdefense

Why are we still not achieving the basics when it comes to data security? Achieving the Principle of Least Privilege or compliance with GDPR is almost impossible without modern solutions and automation. In this presentation, Nicholas King will dive deeper into how two very similar real-world organisations approached data security and how the outcomes were very different.

Ian Brown, Group CISO, Spectris plc

Spectris hired two apprentices, both from a non-university background, directly into cyber security in a head office environment of less than 100 people. We made the active choice to bridge the cyber talent gap but also to expand to non-academic backgrounds to expand opportunities. In this presentation we detail the how, the pros, and the cons.

• Hiring from a non-academic background has proven to be fruitful
• Apprentices with no academic and non-corporate backgrounds are brilliant but need help in unexpected areas
• Small apprenticeship programmes are just as valuable as massive ones; scale them for your organisation

Ian Wood, Senior Director Sales Engineering, Commvault

With a ransomware attack every 11 seconds, it’s becoming increasingly difficult to secure, defend and recover critical applications and data. In this session learn how one of the UK’s largest Critical National Infrastructure providers strengthened its ransomware and security posture and gained control with an effective data protection platform to recover applications rapidly and securely in an isolated location.

View Seminar Sessions

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

Baldeep Dogra, Senior Director, Product & Technical Marketing, BlackBerry

The rise in sophisticated chatbots is a very real cyber threat to organisations, and will just add to the overall complexity of maintaining the ability to be resilient against Cyber threats. Recent BlackBerry research found that nearly half of UK IT decision makers believe we are less than a year away from a successful cyberattack being credited to AI technology, however as an IT manager; are your defences in order, and can they come together to thwart attacks. In this session, Baldeep Dogra explores how fighting fire with fire – AI with AI – is the best form of defence within the context of an attack lifecycle.

Key takeaways:

• How AI can also boost cyber protection – but be careful, not all AI is not created equally
• Why attacks are progressive, and how they can be prevented or contained early in the chain.
• Why prevention and detection continues to rule supreme in combatting threats
• What should be on your cyber technology tools wish list for 2024

Tariq Callus,  Enterprise Sales Engineer, Rubrik

Tariq will be discussing a recent customer journey to cyber resilience, highlighting how “backup does not equal cyber recovery” – enabling our customers to sleep well at night, knowing their data is securely backed up and protecting them from the threat of ransomware.

Glenn Smith, Senior Sales Engineer, Mimecast

PIB Group (‘PIB’) is a dynamic and diversified insurance intermediary group providing specialist insurance solutions across the UK market, and increasingly overseas. Since its formation in 2015, they have been on a mission to create a leading position in the provision of specialist insurance solutions across the UK market and beyond. To support its continued rapid expansion and ambitious growth plans, PIB Group’s focus was to consolidate onto a streamlined, secure, and compliant email environment that integrated with existing technologies to realize economies of scale and eliminate the costs, collaboration barriers and security risks that come from having to manage multiple systems.

Learn why PIB Group chose Mimecast’s platform, designed to work seamlessly with, and de-risk, it’s Microsoft 365 environment, staying true to the industry best practice of layered security.   

Ian Dutton, Senior Sales Engineer UK&I, Gatewatcher

This Case Study led presentation will explore:

 1. Network Detection & Response demystified

2. Why you need it and why you think you don’t

3. Components for a successful detection strategy

4. Banking Sector Case Study 

Moderator: Sukh Randhawa, Transformation and EDI Consultant, SukhSense
Panelist: Cal Brown (they/them), Security Story Lead, BT
Panelist: John Scott, Instructor, SANS

Why does diversity matter in terms of security? Problems are unearthed faster and new solutions are uncovered within heterogeneous teams. And people are both our greatest weakness and our greatest strength when it comes to security, whether it’s rolling out security awareness so it lands with the rest of the organisation, or understanding and responding to new attack vectors.

A diverse team will ensure you reach more of your goals, and also be happier and more inspired – diversity allows everyone to bring their whole selves to work, not just a tightly locked down portion. This panel session will cover the following questions plus an opportunity for wider discussion with the audience.

• How to build commitment to DEI that will yield immediate and long-term results.
• How to build diversity and inclusion into your company culture
• What has had the biggest impact on you personally in feeling included in your workplace?
• What simple steps can allies take to support inclusion?

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

Netskope will be hosting a Drinks reception in the conference foyer following the event close. This networking reception is open to delegates only.

Delegates depart.