Morning Session
Managing security and mitigating risk in a hyper-disruptive world
- How to calibrate and execute your digital business security plan
- Weighing the proper level of security governance against your business objectives
- Advance your adaptive security architecture
- Operational Business resilience: survive any storm and build any castle
- Fundamentals of risk: data security
08:00 (GMT)
Conference Platform is open
Delegates will actually have access from the night prior to ensure they can log in
09:15 (GMT)
SESSION ONE - Conference Chair's Opening Address
David Terrar, Director and Chair, Cloud Industry Forum
09:20 (GMT)
Stop Chasing, Start Defending: Preventing Ransomware with Zero Trust
Ben Jenkins, Director of Cybersecurity, ThreatLocker
Join ThreatLocker Senior Solutions Engineer, Ben Jenkins, as we discuss endpoint evasion techniques that are undetectable by most EDR/MDR and antivirus solutions. Understand how businesses are enhancing their cyber resilience and significantly limiting the damage ransomware can inflict with a Zero Trust architecture.
We will discuss:
- How adopting a Zero Trust model will help you save time, money and resources
- How to better protect your business and enhance your cybersecurity stack
- Find out more about each element of our solution, including Ringfencing and Application Whitelisting And more!
09:35 (GMT)
How to Calibrate and Execute your Digital Business Security Plan
Fortune Barnard, Director of Digital Security, Virgin Media
Digital business presents unique challenges which often fail to be addressed by the prevailing examples of traditional information risk and security management.
We map out the core basic tenets you need to develop a pragmatic vision and strategy for digital business security; the global context in which you are operating; the extent to which the company culture is a business enabler; whether the company’s capabilities and capacity align with the market in which it is operating; technology adoption and promotion which is targeted and purposeful.
We address how to:
- Challenge conventional security practices, culture and infrastructure
- Formalise digital security programme integrated with a clear vision
- Establish a principle-based programme and adaptive architecture for effective implementation
09:50 (GMT)
Design Secure Digital Experiences that your Customers will Rave About

Patrick Cowland
Principal Solution Architect, Ping Identity
view profile
Tom Martin
Account Manager, Ping Identity
view profilePatrick Cowland, Principal Solution Architect, Ping Identity
Tom Martin, Account Manager, Ping Identity
Digital-first consumers are forcing businesses around the globe to rapidly evolve their online experiences to drive engagement. But, any experience innovation that sparks customer delight that compromises security opens the business up to fraud or breaches.
Keeping up with customer desires while enhancing security starts by strengthening the business’s ability to rapidly design, test and optimise ‘brand aware’ and confidence inspiring digital experiences. Stay ahead of the competition by providing digital and IT teams with intuitive tools to reduce development time and resources to integrate customer identity and other business services together to get to market faster with seamless, secure digital experiences.
We address:
- Balance security and convenience along the entire online user journey using customer identity and orchestration
- The value customer identity orchestration can provide your organisation in accelerating the delivery of secure, seamless experiences
- How no-code identity orchestration simplifies integrating the necessary authentication, identity verification and fraud services together to decrease development time and cost
- Real-world implementations of customer journeys built and optimised with identity orchestration
10:05 (GMT)
The Control Owner Maturity Journey

Victoria Harris
Global Head of Compliance and Controls (Cyber and Tech), Willis Towers Watson
view profileVictoria Harris, Global Head of Compliance and Controls (Cyber and Tech), Willis Towers Watson
In this presentation, we will explore the people aspects of controls and the importance of investing in your control owner community and taking them with you on every step of the compliance journey.
Victoria will reflect on her own experiences and learnings whilst sharing tools and techniques which have worked and continue to work as this is a journey that never completely ends.
We will explore:
• The Journey to competence (reflecting on the well-known 4 stages to competence model)
• The mindset of a control owner when facing an audit
• How we can help the control owner as risk and controls professionals
• The role of the control owner and associated roles
• The impact of outsourcing controls to a third party
10:20 (GMT)
PlainID: Why Policy-Based Authorization is Critical for Identity First security
Pascal Jacober, Sales Director, Europe, PlainID
The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when? In this session we will present a new architecture for Identity First Security based on centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations and more.
10:35 (GMT)
Questions to the Panel of Speakers
11:00 (GMT)
Virtual Networking in the Exhibition Area
11:15 (GMT)
SESSION TWO - Welcome Back to the Conference Session
David Terrar, Director and Chair, Cloud Industry Forum
11:20 (GMT)
How to make Zero Trust become Zero Friction
Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea
Regulatory bodies, government agencies and CIOs are mandating Zero Trust as a key cyber security framework. But what are the main considerations and how do you achieve this vision? With many definitions and different interpretations of Zero Trust and ways to communicate its importance, it’s key to understand the critical steps. This session gets back to basics, covers the fundamentals and helps uncover the reality check on what Zero Trust really means along with the path to success.
Key takeaways:
-How the principles of least privilege can be applied at speed and scale to help enable Zero Trust
-Just-in-time and on-demand privilege elevation strategies
-How organisations can balance security and productivity while securing critical infrastructure
-Critical steps that IT decision-makers must take to address current cybersecurity challenges
11:35 (GMT)
Pinsent Masons case study – How to build resilience in a hybrid work model through the measurement of your security culture
Denise Beardon, Head of Information Security Engagement, Pinsent Masons
Understanding our organisation’s security culture has been critical to the deployment of security countermeasures to help manage our cyber security risks while making the transition to a hybrid work model. By measuring whether our people feel equipped to help combat cyberattacks whether they’re working from home or in the office, we have been able to assess whether they will make the right decision at the point of impact and evaluate the efficacy of our security strategy.
In this presentation we explore:
• Identifying what to measure
• The importance of data science
• How to communicate the results to the leadership team
11:50 (GMT)
XDR , the Next Evolution of Cyber Defense Solutions
Mike Kehoe, EMEA Threat Management Program Director, IBM Security
As our enterprises continue to digitally transform to offer new business growth opportunities unfortunately comes new opportunities for cyber crimes. Therefore, Cyber Defence must continually evolve, not because of commercial or technical pressures but due to the simple fact that the threatscape is ever evolving in its sophistication and intensity.
Cyber defence solutions have entered a new era called XDR ( extended Detection and Response ) which helps zero the vulnerability gaps that historical approaches may have missed. XDR make cyber defences holistic, in other words understanding and responding to an attack by identifying all aspects of what is needed to effectively stop it.
Join this session to hear how IBM Security is using the XDR approach to deliver Cyber defence solutions for today’s digitally transforming world.
12:05 (GMT)
Questions to the panel of speakers
12:15 (GMT)
Networking Break before Seminars
12:30 (GMT)
SESSION THREE - Seminar Sessions
13:15 (GMT)
Networking Lunch
Afternoon Session
Securing the tools, technologies, and processes designed to make you a security and risk leader
- Why it’s no longer about the perimeter
- Bridging Visibility Gaps in Hybrid Cloud Monitoring
- Securing your expanded workforce
- Designing against unauthorized third-party access
- Taming the exponential rise in external identities
- Rise in privacy risk: fragmented regulatory environment
13:45 (GMT)
SESSION FOUR - Conference Chair’s Afternoon Address
David Terrar, Director and Chair, Cloud Industry Forum
13:50 (GMT)
DevSecOps in Production with Azul Java
Gary Archer, Product Marketing Engineer, Curity
- DevSecOps – Best practice deployments
- How secure Java underpins what we do (and likely what you do)
- Why Curity? Why Azul?
14:05 (GMT)
Cloud. Security, but different
Ryan Aldred, Head of Cloud Security, Lloyd’s Banking Group
Cloud. DevOps. Automation. Immutability. Ephemeral Workloads.
Whilst the advantages of public cloud are perhaps obvious, the security implications of adopting these principles and technologies are perhaps less so. Empowering the DevOps community to feed and water their own application and infrastructure stack is exciting, but what does this mean for security? How do central security teams retain visibility and control in an environment where distributed teams manage their own, ever larger and more complex, infrastructure?
What even is Cloud? Where is our perimeter and how do we control it?
Cloud is so much more than networks and virtual machines (or it should be). PaaS and API based managed services offer features previously unobtainable to most, but they also present exfiltration challenges. Cloud is powerful and attractive, but the implications for getting it wrong need to be acknowledged.
Be prepared to engineer, monitor and build stuff!
14:20 (GMT)
Ransomware Risk Case Studies
Piers Wilson, Head of Product Management, Huntsman Security
A review of several case studies that show how measuring the effectiveness of cyber security controls reveals material differences between perceived levels of protection and reality.
We will discuss:
- Assumptions about security posture that leave businesses exposed
- Customer improvements in ransomware risk readiness
- NCSC guidelines on prevention, containment and recovery
14:35 (GMT)
Build Resilience in your Supply Chains
Nicola Crawford, Chief Risk Officer, National Bank of Kuwait International
The evolution of supply chains from the local to the global has inevitably added to a more complex business ecosystem. Added to this complexity is the uncertain times in which individuals and businesses find themselves.
With fragmented workforces, disrupted third party relationships, declining customers, and diminishing revenues, the risks to business viability is clear.
We explore, how to manage and mitigate increasing risks, balance cost pressures, improve efficiency, and prepare for supply chain failures.
14:50 (GMT)
Questions to the Panel of Speakers
15:05 (GMT)
Afternoon Networking
15:25 (GMT)
SESSION FIVE - Welcome Back to the Conference Session
David Terrar, Director and Chair, Cloud Industry Forum
15:30 (GMT)
Operational Business Resilience: Survive Any Storm and Build Any Castle

Dinesh Krishnan
Global Head of Information & Digital Technology, British American Tobacco
view profileDinesh Krishnan, Global Head of Information & Digital Technology, British American Tobacco
Surviving any storm and building any castle is fundamentally influenced by having a strong Cyber approach.
Without having a strong cyber approach, the business will be open to a vulnerability that can impact the downfall of the business.
We have seen this over and over again, with the 2018 data breach in British Airways, ransomware in Florida based- IT company Kaseya that cyber vulnerability impacts not only the brand image of the organisation but also the value of the organisation.
What do organisations do to prepare? What is the cyber strategy behind this especially for organisations that are going through a business transformation but also dealing with external disruptors at the same time?
15:45 (GMT)
Reducing Risk with Simplified Security using SASE in a Zero Trust World
Khalid Khan, Director of Sales Engineering, Forcepoint
Digital security is the cost of doing business magnified ten-fold with today’s hybrid workforce. Yet, too often security complexity has run amok. Complexity increases risks and reduces control. The industry has to simplify. This session will guide you through simplifying security in a complex hybrid scalable world – while still reducing risks.
This session will cover how to:
- Create strategies that can control access to business services in a hybrid world whilst keeping your organisation safe from attackers
- Mitigate risks from advanced threats by Defining Zero Trust principles with a SASE architecture
- Implement processes to prevent theft, unauthorised access or corruption of valuable data, ensuring that data breaches are prevented and you achieve regulatory compliance
16:00 (GMT)
Case study - Global Food producer - Managing Risk through Prioritisation and Gamification of Vulnerability Management
Kevin O’Keefe, Security Architect, Qualys
As we have more devices often de-coupled from our corporate networks, businesses need to adopt a new approach to reducing the risk associated with them.
It seems every day there are more and more notifications of vulnerabilities being identified, many of them requiring more than just patching. According to studies on average organisations take between 60 and 150 days to resolve these issues and push out a patch – this needs to improve dramatically!
Join us to hear how, using prioritisation and gamification of vulnerability management, one global food manufacturer reduced their vulnerabilities and improved mean time to remediate across their global estate.
16:15 (GMT)
The Culture Coach: Establishing & Maintaining a Security Champions Programme
Sarah Janes, Owner and MD, Layer 8 Ltd
Culture can be defined as what people say and what people do to demonstrate what’s important.
To create a proactive security culture, you’ll need people right across the business championing the right behaviours.
In this talk, Sarah will share real-world examples of how to engage people right across the business to become Champions of Security Culture.
•Learn the conversations change culture blueprint used by many organisations for successful culture change
•Discover a 4-step process for setting up your Champions programme, that flips traditional change programmes on their head
•Identify measures that will be needed to secure onward funding and business buy-in for your Champions programme
16:30 (GMT)
Questions to the Panel of Speakers
16:45 (GMT)
Closing Remarks from the Conference Chair
David Terrar, Director and Chair, Cloud Industry Forum
17:00 (GMT)
Conference Closes
Please note:
Whitehall Media reserve the right to change the programme without prior notice.
Follow us on social
Keep up to date with what's going on by following us on social media.