Programme @



23 March 2021

Brought to you by Whitehall Media

Programme @ ESRM uk

Session one

building sustainability, expecting risk, preparing for disaster

  • CISO focus: protecting the enterprise
  • Sustainable business models: the age of Covid 19
  • Maintaining business continuity: surviving the storm
  • How to manage a crisis: disaster-recovery-as-a-service
  • Global disruption: mastering risk mitigation
  • SAM practitioners: Next-Gen asset management
  • Third-party risk: best-practice TPM management


Conference Chair's Opening Address

Dr Gilad Rosner
Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher
view profile

Dr Gilad Rosner, Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher


How to use MITRE ATT&CK with Quantitative Risk management

Stephen Owen
CISO, Esure
view profile

Stephen Owen, CISO, Esure 

This 25-minute session will provide practical highlights on how to:

  • Take the myth away that its difficult
  • Breadcrumb trail on how to start the process
  • Evolve your Risk register
  • Justify budgets to CFO based on Return on Security Investment


Sustainable business strategy: building back better

Ange Johnson de Wet
Head of Technology Change Risk, Lloyds Banking Group
view profile

Ange Johnson de Wet, Head of Technology Change Risk, Lloyds Banking Group 

A sustainable business strategy is one which encompasses the global economic climate, the industry-specific financial landscape, and the social and cultural factors which are relevant to your organisation.

By catering to each of these key elements, businesses are able to successfully grow in a stable and manageable way.

By improving the process by which you plan out your activities you will be better able to create long term value for the company, its shareholders, and customers.

We address:

  • Identifying the appropriate model for your business
  • Restructuring where required
  • Understanding the organisational challenges
  • Securing employee buy-in
  • Mapping out your intended outcomes
  • Marking against milestones
  • Measuring against expected and unexpected disruption



Andy Giles
Head of Security GRC & Centre of Excellence, Nationwide Building Society
view profile

Andy Giles, Head of Security GRC & Centre of Excellence, Nationwide Building Society

This presentation will attempt to provide a summary of how current and near-term events are shaping the future of technology adoption, the application of cybersecurity in a rapidly evolving global innovation market, against a backdrop of global and environmental uncertainties that are causing organisations to consider physical and pollical developments when applying cybersecurity strategies.

Specific sections:

  • The impact of cloud on threat innovation vs the security industry’s skills uplift progress – are we moving fast enough in UK Plc?
  • The march of automation, AI and ML – what the security industry can do get ahead of the global technical race
  • The need for closer collaboration in a post-Brexit world, increasing offensive cyber activity and geopolitical impacts on UK Plc cyber exposure


Crisis management: disaster recovery as a service

With the right platform, you can maintain business continuity and minimise data loss while saving valuable budget and time. When a major disruption occurs, with disaster recovery as a service, you can activate failover in an instant and recover critical data to get your operations back online with the hour, reduce data loss with the automatic replication of virtual machine data, and achieve real cost versus usage benefit compared to traditional disaster recovery services.

We address:

  • Faster response times
  • Minimise IT hassle
  • Optimise site separation
  • Make it yours


Global disruption: mastering risk mitigation

In an age of ever-increasing complexity, in which the global quickly becomes the local, business leaders are having to pay greater attention to risks which threaten their fortunes and create the potential for catastrophic disruption. Prioritization of risk into manageable, accessible, and solvable issues is no easy task, with many organisations falling into the trap of creating silos rather than maintaining a business wide approach.

We address:

  • Protecting sources of value creation
  • Realising game changing moves for your organisation
  • Innovation through disruption
  • The role of emerging technologies
  • Business model transformation
  • Adapting to ecosystem changes
  • Organisational success through strategic decision making


Question to the panel of Speakers


Refreshment Break Served in the Exhibition Area


Effective asset management: Next-Generation SAM

Businesses invest significantly in enterprise software. Despite this investment, many SAM practitioners still find themselves having to manage time-consuming, inaccurate, and unreliable manual processes which are hosted on spreadsheets or out of date SAM tools. This leaves the possibility of optimisation a distant dream due to the lack of visibility.

We address why existing SAM approaches do not work, the benefits of a single system of action, how to establish a SAM strategy and how to get started


Best practices to improve your TPM programme

Mike Baier
Third Party Information Security Risk Management, Takeda
view profile

Mike Baier, Lead, Third Party Information Security Risk Management, Takeda

Each third-party relationship brings with it a number of risks that need to be identified at the time. These risks are often multi-dimensional as they extend across suppliers, vendors, contractors, service providers, and other parties, and can have an impact on different levels of the organisation such as product lines, business units, and geographies.

We address:

  • Comprehensively identifying third-party risks
  • An analysis of the specific drivers that increase third-party risk.
  • Focus strongly on contracts that govern third-party relationships
  • Frame policies, and implement controls to mitigate third-party risks


Questions to the Panel of Speakers and Delegates move to the Seminar Rooms


Seminar Sessions


Networking Lunch Served in the Exhibition Area

Session two

gaining technical insights, identifying best practice, securing your architecture and infrastructure

  • dealing with a breach: war games
  • advanced analytics in architecture: adding layers
  • mapping your internal vulnerabilities: behavioural analytics
  • cloud security: building trust in the cloud
  • safeguarding digital business initiatives: ML&AI
  • digital trust and safety: consumer-business interactions


Conference Chair’s Afternoon Address


Insurance industry case study

Monica M. Minkel
VP, Executive Risk Enterprise Leader, Holmes Murphy & Associates
view profile

Monica M. Minkel, VP, Executive Risk Enterprise Leader, Holmes Murphy & Associates


Added layers to your architecture: advanced analytics

Being able to accurately identify and prioritise security threats and threats that affect the enterprise is vital. Equally important is the ability to respond at speed and scale no matter the size and scope of the challenge.

We address:

  • Visibility into data whether on site or in the cloud
  • Automate intelligence with AI threat and incident detection
  • Create an ecosystem of continuous improvement through detection of vulnerabilities and malware


Behavioural analytics: mapping your internal vulnerabilities

By successfully leveraging behaviour analytics, businesses can better map their internal vulnerabilities and act accordingly once a real entity risk has been identified.

We address, how you can identify users exhibiting risky behaviour, prevent bad actors from accessing critical assets and analyse communications-based data sources for potential code of conduct breaches.


Questions to the Panel of Speakers


Afternoon Networking and Refreshments served in the Exhibition Area


Cloud security: putting your trust in the cloud

With the expansion of remote working now part of the new normal, the value of a reliable, secure, and dynamic cloud platform is more important than ever.

Added to this new trend is the growing abandonment of the historical approach to security which placed an emphasis on building walls in favour of the worker as your first line of defence in an increasingly virtualised setting.

We address:

  • Convergence as a key feature
  • Security-as-a-service
  • Flexible, hybrid deployment
  • Data on a global scale
  • Securing your users, no matter the time or place


Aligning Digital Business Initiatives with ML&AI

Lydia Payne-Johnson, JD, CIPP
Director, Information Security, Identity & Access Management and Risk, The George Washington University
view profile

Lydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University 

As organizations incorporate machine learning/artificial intelligence models into strategic business initiatives, there a growing need for responsible management by IT and key business stakeholders to protect and defend AI given the dearth of AI-related regulations.

• Framing Its role in ML/AI Management: Owner or Enabler?
• Practicable considerations for protecting AI-enabled digital business systems
• Addressing business, legal and ethical challenges to AI algorithms


Digital trust and safety: consumer-brand interactions

Today’s business-consumer relationship is dynamic, varied, and multi-dimensional with a wide variety of established contact points, from twitter to the high street. Of paramount importance to the business is how secure each and every customer feels when engaging with the company, whatever the platform. Trust lost is also business lost and revenue not generated.

We address:

  • Moving away from discreet group management
  • Moving towards cross-functional trust
  • Safety teams overseeing all interactions
  • Ensuring a standard level of safety across each space
  • Supporting consumer-business interaction


Questions to the Panel of Speakers


Closing Remarks from the Conference Chair


Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

SASE vs Zero Trust
As we start the new year and see companies begin their plans and execution for “the new normal”, a topic of discussion from a past Customer Advisory meeting has become much more pronounced: what is the relationship between Zero Trust and Secure Access Service Edge (SASE)? Is one more relevant as security teams begin preparing for either a...
Insider Cybersecurity Risks On Ascent
The ongoing struggle in managing remote working staff members is continuing to open up gaping holes in corporate cybersecurity larger than at any time prior to the pandemic, with the insider threat now raised to critical levels. Poll Positions Cybersecurity vendor Netwrix Took a poll of close to 1000 IT professionals focused on how COVID-19...
Ransomware Achieves High Score Over Capcom
Video Games are one of the biggest enterprises in the modern world with many industry giants providing access to online gaming platforms. However, what happens when the games you love to play take away more than your player lives? This is the current situation many people at Japanese game powerhouse Capcom have been faced with...