Building the team, acquiring the tools and sourcing the technologies you need
- Building Resilient Teams and Humans
- Automating Governance, Risk & Compliance in 2023
- Navigating the Labyrinth of Logging: From Collection to Retention
- Zero Trust in Action
- All-source threat intelligence
- In the land of the blind, even the one-eyed man isn’t the king of vulnerability management
- Fixing the future with new solutions to old problems
- How to run an apprenticeship programme targeting non-technical background
Registration and Exhibition Opens
Refreshments will be available in the Exhibition area.
Conference Chair's Opening Address
Building Resilient Teams and Humans
In security there is a lot of talk about how stressful the industry can be, how many people are suffering from, or getting close to, burnout.
But we don’t spend much time talking about how to deal with the stress, how to avoid burnout, and how to support each other.
This presentation will provide a brief overview of the issue, followed by thoughts on how to best make ourselves and our teams as resilient as possible.
Automating Governance, Risk & Compliance in 2023
This session will focus on how organisations are automating GRC in 2023 to cover the increased scale of their supply chain due to the increased use of cloud services (public cloud and SaaS).
The session will offer:
– insight into how an organisation has successfully automated core elements of their current GRC workload
– reprioritised FTE headcount to focus on cybersecurity incidents reducing dwell time and improving Time-to-Remediate metrics
– improvements to responses to questionnaires, audits and compliance requests
Navigating the Labyrinth of Logging: From Collection to Retention
This presentation will explore the complexity and challenges involved in managing security logs whilst highlighting the journey of security logs from collection to retention. Briefly navigating some of the decisions faced by an organisation when deciding to collect logs for the purpose of detecting and investigating security incidents. Rather than providing solutions or answers, it is meant as a thought-provoking and engaging talk that will help the audience understand the various aspects of log management in cybersecurity.
Zero Trust in Action
- Demonstration of policies and controls to strengthen your security
- Highlighting the ease of implementing and managing security policies to enhance overall security posture
- Explaining how organisations can prevent ransomware, zero-day exploits, and unauthorized applications from compromising their systems and data
All-source threat intelligence
It is of vital importance that you build, support and sustain a culture of building your own in-house solutions instead of always having to rely on third parties.
Same relates to your CTI programme.
The presentation will take you through the process of building a cyber threat intelligence programme from scratch in the company based on cloud infrastructure.
It will also address the importance of having the in-built ability to identify sources of collection, extract valuable data and convert it to actionable insights.
By combining manual and in-house built automated techniques you can better ably identify and counter the threats surrounding your business and our customers.
In the land of the blind, even the one eyed man isn’t the king of vulnerability management
Corporate IT has weathered a decade of relentless change. “More agile” development, Full Cloud migration, Covid-era services, and forced “digital transformation” – the holy grail of new organisations – have all “revolutionised” its evolution. In this dynamic cyber landscape, the world of Cyber has had to adapt, leading to an exponential increase in attack surfaces. From Software as a Service, Cloud services, IoT and workforce ultra-mobility, these new technologies have lead to new risks which surpass traditional infrastructure threats. As cyber defences adapt to this new landscape, they face a flood of alerts from multiple solutions targeting specific risks. Yet, most companies struggle to analyse the deluge effectively.
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Welcome to Session Two
Fixing the future with new solutions to old problems
Why are we still not achieving the basics when it comes to data security? Achieving the Principle of Least Privilege or compliance with GDPR is almost impossible without modern solutions and automation. This presentation will dive deeper into how two very similar real-world organisations approached data security and how the outcomes were very different.
How to run an apprenticeship programme targeting non-technical backgrounds
How to bridge the cyber talent gap but also to expand to non-academic backgrounds to expand opportunities. In this presentation, we detail the how, the pros, and the cons.
- How hiring from a non-academic background can be beneficial
- Apprentices with no academic and non-corporate backgrounds are brilliant but need help in unexpected areas
- Small apprenticeship programmes are just as valuable as massive ones; scale them for your organisation
From Prevention to Recovery: Protecting Critical National Infrastructure
With a ransomware attack every 11 seconds, it’s becoming increasingly difficult to secure, defend and recover critical applications and data. In this session learn how one of the UK’s largest Critical National Infrastructure providers strengthened its ransomware and security posture and gained control with an effective data protection platform to recover applications rapidly and securely in an isolated location.
Questions to the Panel of Speakers & Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Sourcing, implementing the tools, technologies and techniques needed to master enterprise cybersecurity
- AI versus AI: How to Avert a Cyber Disaster
- Backup does not equal cyber recovery
- The Problem is Not the Problem: The Financial Impact of Not Getting Phished
- Building Diverse Security Teams: Different Points of View to Complex Problems
- AI & Deception in Cyber Security
- Leveraging Cyber Threat Intelligence to prevent eCrime
Conference Chair’s Afternoon Address
AI versus AI: How to Avert a Cyber Disaster
The rise in sophisticated chatbots is a very real cyber threat to organisations, and will just add to the overall complexity of maintaining the ability to be resilient against Cyber threats. Recent research found that nearly half of UK IT decision makers believe we are less than a year away from a successful cyberattack being credited to AI technology, however as an IT manager; are your defences in order, and can they come together to thwart attacks. This session will explore how fighting fire with fire – AI with AI – is the best form of defence within the context of an attack lifecycle.
- How AI can also boost cyber protection – but be careful, not all AI is not created equally
- Why attacks are progressive, and how they can be prevented or contained early in the chain.
- Why prevention and detection continues to rule supreme in combatting threats
- What should be on your cyber technology tools wish list for 2024
Backup does not equal cyber recovery
This session will discuss a recent customer journey to cyber resilience, highlighting how “backup does not equal cyber recovery” – enabling our customers to sleep well at night, knowing their data is securely backed up and protecting them from the threat of ransomware.
The Problem is Not the Problem: The Financial Impact of Not Getting Phished
In response to the constant stream of malicious emails evading detection and arriving in users’ mailboxes, organisations have emphasized user security awareness training and implemented processes for employees to report suspicious emails for analysis. However, this approach results in a massive volume of low-quality alerts that distract IT and security teams from real threats and strategic priorities.
During this presentation, you will learn the best practices for:
o Investigating suspicious messages and responding to confirmed threats
o How to optimize email incident investigation and response
o How to reclaim the thousands of hours each organization spends every year
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Welcome to Session Five
Building Diverse Security Teams: Different Points of View to Complex Problems
With the growing demand for security talent, recruiting and building a good security team is a tremendous challenge. We want to bring people in to support already stretched teams and to fit in culturally with us and our organisations. Is it difficult to find people because they aren’t there, or is it because we’ve narrowed our own perception?
• Building good security means solving many complex problems that need to be looked at from different angles. Just as we layer our solutions to mitigate as many risks as possible, we need to apply the same to our teams
• A strong security team needs to have diverse skillsets and different modes of thought and that also means diverse backgrounds
• Not all people are given equal opportunities in life. Recruiting requirements should stop being limited to backgrounds that will only open doors to a small subset of people.
• The real change should start with us. We must take time and learn to listen to people different from us, choosing a creative and proactive approach towards developing and growing our security teams
AI & Deception in Cyber Security
This talk will discuss the interplay between AI and deception as a powerful means for adaptation in both attack and defence from 4 different important aspects: Deception against users, Deception against AI, AI-based deception, and AI-based defence.
Based on different fully referenced academic research on technology and human behaviour – susceptibility of human traits, machines, and algorithms to deception.
It is about the manipulation of user-computer interfacing with the purpose to breach a computer system’s information security through user deception and the “other way around”.
- Discuss 4 different important aspects: Deception against users, Deception against AI, AI-based deception, AI-based defence
- Shows that technical defences can’t cope with the large and diverse deception surface. Provides examples of how to recognise and build reliable defences against different forms of deception
- Discusses the user as “weakest link” vs. “strongest link” paradox in relation to the Human-as-Sensor defence concept
- Illustrated with lots of visuals and examples that are easy to follow and to keep the audience awake even after lunch or keep the crowd in the room before the BEvERage is ready to be served
Leveraging Cyber Threat Intelligence to prevent eCrime
This presentation will cover:
- A few common types of eCrime and their attack vectors
- Early signs of e-Danger
- Setting up a Threat Intelligence program
- Preventing eCrime and risk mitigation
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.