Programme @

ECS uk

Enterprise Cyber Security

21 September 2023

Victoria Park Plaza Hotel, London

Programme @ ECS uk

Morning Session

Building the team, acquiring the tools and sourcing the technologies you need

  • Cyber Security Crystal Ball: Predictions for 2024
  • Building Resilient Teams and Humans
  • Automating Governance, Risk & Compliance in 2023
  • Navigating the Labyrinth of Logging: From Collection to Retention
  • ThreatLocker Demo: Zero Trust in Action
  • All-source threat intelligence
  • In the land of the blind, even the one-eyed man isn’t the king of vulnerability management
  • Fixing the future with new solutions to old problems
  • Case Study: How Spectris runs an apprenticeship programme targeting non-technical background

 

DRINKS RECEPTION

Netskope will be hosting a Drinks reception in the conference foyer following the event close. This networking reception is open to delegates only.

09:00 (BST)

Cyber Security Crystal Ball: Predictions for 2024

Bharat Thakrar
CISO and Principal Security Lead, Information Security Forum
view profile

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum and Conference Chair

09:15 (BST)

Building Resilient Teams and Humans

Kevin Fielder
CISO, NatWest Boxed and Mettle by NatWest
view profile

Kevin Fielder, CISO, NatWest Boxed and Mettle by NatWest

In security there is a lot of talk about how stressful the industry can be, how many people are suffering from, or getting close to, burnout.

But we don’t spend much time talking about how to deal with the stress, how to avoid burnout, and how to support each other.

This presentation will provide a brief overview of the issue, followed by thoughts on how to best make ourselves and our teams as resilient as possible.

09:30 (BST)

Automating Governance, Risk & Compliance in 2023

Neil Thacker
CISO EMEA, Netskope
view profile

Neil Thacker, CISO EMEA, Netskope

This session will focus on how organisations are automating GRC in 2023 to cover the increased scale of their supply chain due to the increased use of cloud services (public cloud and SaaS).

The session will offer:

– insight into how an organisation has successfully automated core elements of their current GRC workload
– reprioritised FTE headcount to focus on cybersecurity incidents reducing dwell time and improving Time-to-Remediate metrics
– improvements to responses to questionnaires, audits and compliance requests

09:45 (BST)

Navigating the Labyrinth of Logging: From Collection to Retention

Rebeen Salehbag
SOC & Incident Response Manager, ASDA
view profile

Rebeen Salehbag, SOC & Incident Response Manager, ASDA

This presentation will explore the complexity and challenges involved in managing security logs whilst highlighting the journey of security logs from collection to retention. Briefly navigating some of the decisions faced by an organisation when deciding to collect logs for the purpose of detecting and investigating security incidents. Rather than providing solutions or answers, it is meant as a thought-provoking and engaging talk that will help the audience understand the various aspects of log management in cybersecurity.

10:00 (BST)

ThreatLocker Demo: Zero Trust in Action

Eoin McGrath
Solutions Engineer, Threatlocker
view profile

Eoin McGrath, Solutions Engineer, Threatlocker

  • Demonstration of policies and controls to strengthen your security
  • Highlighting the ease of implementing and managing security policies to enhance overall security posture
  • Explaining how organisations can prevent ransomware, zero-day exploits, and unauthorized applications from compromising their systems and data

10:15 (BST)

All-source threat intelligence

Adam Saunders
CISO, Security Evangelist
view profile

Adam Saunders, CISO, Security Evangelist

It is of vital importance that you build, support and sustain a culture of building your own in-house solutions instead of always having to rely on third parties.

Same relates to your CTI programme.

The presentation will take you through the process of building a cyber threat intelligence programme from scratch in the company based on cloud infrastructure.

It will also address the importance of having the in-built ability to identify sources of collection, extract valuable data and convert it to actionable insights.

By combining manual and in-house built automated techniques you can better ably identify and counter the threats surrounding your business and our customers.

10:30 (BST)

In the land of the blind, even the one eyed man isn’t the king of vulnerability management

Frédéric Saulet
Head of EMEA, Vulcan Cyber
view profile

Frédéric Saulet, Head of EMEA, Vulcan Cyber 

Corporate IT has weathered a decade of relentless change. “More agile” development, Full Cloud migration, Covid-era services, and forced “digital transformation” – the holy grail of new organisations – have all “revolutionised” its evolution. In this dynamic cyber landscape, the world of Cyber has had to adapt, leading to an exponential increase in attack surfaces. From Software as a Service, Cloud services, IoT and workforce ultra-mobility, these new technologies have lead to new risks which surpass traditional infrastructure threats. As cyber defences adapt to this new landscape, they face a flood of alerts from multiple solutions targeting specific risks. Yet, most companies struggle to analyse the deluge effectively.

10:45 (BST)

Questions to the Panel of Speakers

11:00 (BST)

Refreshment Break Served in the Exhibition Area

11:25 (BST)

Welcome to Session Two

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum and Conference Chair

11:30 (BST)

Fixing the future with new solutions to old problems

Nicholas King
Head of Solutions, Orange Cyberdefense
view profile

Nicholas King CISSP, Head of Solutions, Orange Cyberdefense

Why are we still not achieving the basics when it comes to data security? Achieving the Principle of Least Privilege or compliance with GDPR is almost impossible without modern solutions and automation. In this presentation, Nicholas King will dive deeper into how two very similar real-world organisations approached data security and how the outcomes were very different.

11:45 (BST)

Case Study: How Spectris runs an apprenticeship programme targeting non-technical backgrounds

Ian Brown
Group CISO, Spectris plc
view profile

Ian Brown, Group CISO, Spectris plc

Spectris hired two apprentices, both from a non-university background, directly into cyber security in a head office environment of less than 100 people. We made the active choice to bridge the cyber talent gap but also to expand to non-academic backgrounds to expand opportunities. In this presentation we detail the how, the pros, and the cons.

  • Hiring from a non-academic background has proven to be fruitful
  • Apprentices with no academic and non-corporate backgrounds are brilliant but need help in unexpected areas
  • Small apprenticeship programmes are just as valuable as massive ones; scale them for your organisation

12:00 (BST)

From Prevention to Recovery: Protecting Critical National Infrastructure

Ian Wood
Senior Director Sales Engineering,Commvault
view profile

Ian Wood, Senior Director Sales Engineering, Commvault

With a ransomware attack every 11 seconds, it’s becoming increasingly difficult to secure, defend and recover critical applications and data. In this session learn how one of the UK’s largest Critical National Infrastructure providers strengthened its ransomware and security posture and gained control with an effective data protection platform to recover applications rapidly and securely in an isolated location.

12:15 (BST)

Questions to the Panel of Speakers & Delegates move to the Seminar Rooms

12:30 (BST)

Seminar Sessions

13:15 (BST)

Networking Lunch Served in the Exhibition Area

Afternoon Session

Sourcing, implementing the tools, technologies and techniques needed to master enterprise cybersecurity

  • AI versus AI: How to Avert a Cyber Disaster
  • Backup does not equal cyber recovery
  • How PIB Group Streamlined Cost & Complexity to Create a Platform for Rapid Growth
  • Why Diversity and Inclusion in Cyber Security Matters

14:00 (BST)

Conference Chair’s Afternoon Address

Bharat Thakrar
CISO and Principal Security Lead, Information Security Forum
view profile

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

14:05 (BST)

AI versus AI: How to Avert a Cyber Disaster

Baldeep Dogra
Senior Director, Product & Technical Marketing, BlackBerry
view profile

Baldeep Dogra, Senior Director, Product & Technical Marketing, BlackBerry

The rise in sophisticated chatbots is a very real cyber threat to organisations, and will just add to the overall complexity of maintaining the ability to be resilient against Cyber threats. Recent BlackBerry research found that nearly half of UK IT decision makers believe we are less than a year away from a successful cyberattack being credited to AI technology, however as an IT manager; are your defences in order, and can they come together to thwart attacks. In this session, Baldeep Dogra explores how fighting fire with fire – AI with AI – is the best form of defence within the context of an attack lifecycle.

Key takeaways:

  • How AI can also boost cyber protection – but be careful, not all AI is not created equally
  • Why attacks are progressive, and how they can be prevented or contained early in the chain.
  • Why prevention and detection continues to rule supreme in combatting threats
  • What should be on your cyber technology tools wish list for 2024

14:20 (BST)

Backup does not equal cyber recovery

Tariq Callus
Enterprise Sales Engineer, Rubrik
view profile

Tariq Callus,  Enterprise Sales Engineer, Rubrik

Tariq will be discussing a recent customer journey to cyber resilience, highlighting how “backup does not equal cyber recovery” – enabling our customers to sleep well at night, knowing their data is securely backed up and protecting them from the threat of ransomware.

 

14:35 (BST)

How PIB Group Streamlined Cost & Complexity to Create a Platform for Rapid Growth  

Glenn Smith
Senior Sales Engineer, Mimecast
view profile

Glenn Smith, Senior Sales Engineer, Mimecast

 

PIB Group (‘PIB’) is a dynamic and diversified insurance intermediary group providing specialist insurance solutions across the UK market, and increasingly overseas. Since its formation in 2015, they have been on a mission to create a leading position in the provision of specialist insurance solutions across the UK market and beyond. To support its continued rapid expansion and ambitious growth plans, PIB Group’s focus was to consolidate onto a streamlined, secure, and compliant email environment that integrated with existing technologies to realize economies of scale and eliminate the costs, collaboration barriers and security risks that come from having to manage multiple systems.

Learn why PIB Group chose Mimecast’s platform, designed to work seamlessly with, and de-risk, it’s Microsoft 365 environment, staying true to the industry best practice of layered security.   

14:50 (BST)

NDR – Yet another buzzword or vital for any organisation?

Ian Dutton
Senior Sales Engineer UK&I, Gatewatcher
view profile

Ian Dutton, Senior Sales Engineer UK&I, Gatewatcher

This Case Study led presentation will explore:

 1. Network Detection & Response demystified

2. Why you need it and why you think you don’t

3. Components for a successful detection strategy

4. Banking Sector Case Study 

15:05 (BST)

Questions to the Panel of Speakers

15:15 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:40 (BST)

Session Five - Panel session: Why Diversity and Inclusion in Cyber Security Matters

Sukh Randhawa
Sukh Randhawa
Transformation and EDI Consultant, SukhSense
view profile
Cal Brown (they/them/theirs)
Security Story Lead, BT
view profileJohn Scott
John Scott
Instructor, SANS Institute
view profile

Moderator: Sukh Randhawa, Transformation and EDI Consultant, SukhSense
Panelist: Cal Brown (they/them), Security Story Lead, BT
Panelist: John Scott, Instructor, SANS

Why does diversity matter in terms of security? Problems are unearthed faster and new solutions are uncovered within heterogeneous teams. And people are both our greatest weakness and our greatest strength when it comes to security, whether it’s rolling out security awareness so it lands with the rest of the organisation, or understanding and responding to new attack vectors.

A diverse team will ensure you reach more of your goals, and also be happier and more inspired – diversity allows everyone to bring their whole selves to work, not just a tightly locked down portion. This panel session will cover the following questions plus an opportunity for wider discussion with the audience.

  • How to build commitment to DEI that will yield immediate and long-term results.
  • How to build diversity and inclusion into your company culture
  • What has had the biggest impact on you personally in feeling included in your workplace?
  • What simple steps can allies take to support inclusion?

16:10 (BST)

Questions to the Panel of Speakers

16:25 (BST)

Closing Remarks from the Conference Chair

Bharat Thakrar
CISO and Principal Security Lead, Information Security Forum
view profile

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

16:30 (BST)

Conference Closes with a Drinks Reception

Netskope will be hosting a Drinks reception in the conference foyer following the event close. This networking reception is open to delegates only.

17:30 (BST)

Event Close

Delegates depart.

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

cybersecurity
What’s New In The Cato CTRL SASE Threat Report?
Cato’s Cyber Threat Research Lab (Cato CTRL) recently unveiled its first SASE threat report, issuing a comprehensive and exhausting insight into issues and insights with enterprise and network threats.  Based on Cato’s ability to analyse networks extensively and granularly, the report pinpoints threats by combining strategic, tactical, and operational standpoints via the MITRE ATT&CK framework....
Platform-Wide AI and Enterprise Security: The Recall Issue
Whenever an AI product due for rollout is delayed suddenly, many questions begin circulating in the media. The official reasoning why will open the floodgates of many people online spouting their ideas of what the problem has been. Microsoft has recently revealed the delay of their controversial artificial intelligence (AI) powered Recall feature for Copilot+PCs....
Enterprise Security
Incognito Mode Won’t Protect Your Enterprise Security
Many enterprises have set a precedent that online browsing within IT departments or other company-based computers should be performed under incognito windows, such as those offered by Google Chrome browsers and other providers. While online search and work activity may feel secure with your identity and preferences set to a private mode, according to research...