Enterprise Security & Risk Management

19 March 2020

Victoria Park Plaza, London




Thursday 19 March 2019

The Seminars will take place from 12.15 – 13.00.
Delegates will be able to attend one seminar at the event. No pre selection is required – delegates will be able to select which session they attend onsite.



Main Conference Plenary Room
Sponsored by:
Phishing: How it can land a big target

Scott Lester, Cyber Lab Manager, 6point6

The session will cover the continuing threat posed by phishing and spear-phishing cyber attacks, both of which remain amongst the most prevalent and effective form of attack across almost every industry. We’ll provide an overview of the threats, and talk through the steps 6point6 Cyber Lab followed when setting-up an example phishing capability. We will also present a spear-phishing process demo, beginning with the selection and researching of the target(s) through to crafting the email and executing the attack. We’ll then cover exactly what an attacker can do from the moment their email triggers the first click from the target…


Edward 1
Sponsored by: illumio logo
Decoupling Security Segmentation from Network Infrastructure

Trevor Dearing, Director of Technology, Illumio

Malware, ransomware and other cybercrime attacks are growing and becoming more sophisticated. And yet many businesses are not prepared to protect themselves from the inherent risks and dangers. This is often because most internal networks are wide open by design, since using traditional data centre firewalls as a security measure is difficult and expensive. Would you like to learn about a new way to decouple security segmentation from the network infrastructure, and implement an affordable, practical way to protect your business?

  • Network segmentation was designed to allow data traffic to move fast, not secure your servers and applications
  • Security segmentation prevents lateral network traffic and protects your applications
  • Application architects do not know how their systems are deployed in the network, and therefore cannot implement countermeasures against cyber criminals
  • Data centres often lack the necessary security mitigation systems, thereby putting your high value applications at great risk


Edward 3
Sponsored by:
Is Your Vulnerability Management (VM) Program Ready for Cloud, DevOps and the Evolving Threat Landscape?

Dean Ferrando, Senior Security Engineer, Sales Systems Eng, Tripwire International Inc

Many organizations have already developed a mature VM program for their traditional enterprise and application platforms. But radical new shifts in the tech ecosystem mean you will need to protect your systems on new platforms as well as defend processes against a wide assortment of potential vulnerabilities. This session walks through the five stages of VM maturity to help you determine where you are and what work is required for you to improve your program in the face of emerging DevOps and cloud complications.


Edward 5
Sponsored by: one trust grc
Risk Exchanges: The Key to Vendor Risk Management Efficiency

Ignasi Riera, GRC Sales Manager,  OneTrust GRC

Your vendors often handle your most sensitive data. This presents new challenges as third-party risk, security, privacy, legal and IT teams struggle to vet and manage the vendors they rely on most. We’ll discuss emerging vendor management trends and breakdown how risk exchanges are key to more efficient business operations. – Understand vendor risk management trends and challenges – Learn how risk exchanges make vendor risk management more efficient.


Edward 7
Sponsored by:
Attackers Prey on Uncertainty: How to Fail at Threat Detection

Dave Philpotts, Senior Sales Engineer, Varonis Systems

It takes a great deal of visibility and context to detect and respond to sophisticated threats. Attackers usually target data, where enterprises have the least visibility and most uncertainty. In this session, we will explore new, sophisticated threats from inside and out, demonstrate how easy it is for adversaries to bypass traditional controls, and present a methodology to better protect data at scale, improve threat detection, and reduce uncertainty.


Albert 1
Sponsored by:
Automating Third-Party Risk: The Three Pitfalls to Avoid When Building and Evolving Your Third-Party Risk Management Program

Constantine Malaxos, Director of Strategic Alliances, ProcessUnity

Vendor risk assessment questionnaires are vital to the success of your Third-Party Risk Management program. They also can be tedious, time-consuming, and painful–for both your team and your vendors. The right mix of best practices and technology can reduce risk, drive efficiencies, and ultimately make life easier for you and your vendors.
Attendees will learn how to:
• Rate the maturity of their Third-Party Risk Management processes
• Identify the steps required to advance their program
• Introduce more collaboration to better manage questions and issues while reducing vendor fatigue
• Avoid the three critical pitfalls that prevent success


Albert 3
Sponsored by:
The Feeling and Data of Security

Javvad Malik, Security Awareness Advocate, KnowBe4

The presenter spent months speaking to CISOs, security professionals and practitioners, as well as going undercover to speak to business owners, which certainly rattled some cages. Thankfully, he dodged many bullets, all in the name of attempting to quantify the unquantifiable: Is security based on a feeling, or hard data? Come along, find out what the professionals think, what the general landscape is, what steps organisations can take and maybe a few hard-to-believe side stories.

Learning Objectives:

– Take an objective look at what effective security looks like, covering all aspects around people, processes and technology

– Appreciate the complexities of researching and trying to find the tangibles in something intangible

– Learn to re-prioritize actions and activities and maybe even their entire risk framework based on the outcomes of the research


We would like to advise that ESRM March 2020 will not proceed on the 19th March – it will be rescheduled to a date to be confirmed very shortly.

We apologise for any inconvenience – the cancellation was due to the escalation of the Corvid19 virus for the safety of our attendees, speakers and exhibitors.