Programme @ ESRM

Delegates will actually have access from the night prior to ensure they can log in

David Terrar, Director and Chair, Cloud Industry Forum

Ben Jenkins, Director of Cybersecurity, ThreatLocker

Join ThreatLocker Senior Solutions Engineer, Ben Jenkins, as we discuss endpoint evasion techniques that are undetectable by most EDR/MDR and antivirus solutions. Understand how businesses are enhancing their cyber resilience and significantly limiting the damage ransomware can inflict with a Zero Trust architecture.

We will discuss:

• How adopting a Zero Trust model will help you save time, money and resources
• How to better protect your business and enhance your cybersecurity stack
• Find out more about each element of our solution, including Ringfencing and Application Whitelisting And more!

Fortune Barnard, Director of Digital Security, Virgin Media 

Digital business presents unique challenges which often fail to be addressed by the prevailing examples of traditional information risk and security management.

We map out the core basic tenets you need to develop a pragmatic vision and strategy for digital business security; the global context in which you are operating; the extent to which the company culture is a business enabler; whether the company’s capabilities and capacity align with the market in which it is operating; technology adoption and promotion which is targeted and purposeful.

We address how to:

• Challenge conventional security practices, culture and infrastructure
• Formalise digital security programme integrated with a clear vision
• Establish a principle-based programme and adaptive architecture for effective implementation

Patrick Cowland, Principal Solution Architect, Ping Identity
Tom Martin, Account Manager, Ping Identity

Digital-first consumers are forcing businesses around the globe to rapidly evolve their online experiences to drive engagement. But, any experience innovation that sparks customer delight that compromises security opens the business up to fraud or breaches.

Keeping up with customer desires while enhancing security starts by strengthening the business’s ability to rapidly design, test and optimise ‘brand aware’ and confidence inspiring digital experiences. Stay ahead of the competition by providing digital and IT teams with intuitive tools to reduce development time and resources to integrate customer identity and other business services together to get to market faster with seamless, secure digital experiences.

We address:

• Balance security and convenience along the entire online user journey using customer identity and orchestration
• The value customer identity orchestration can provide your organisation in accelerating the delivery of secure, seamless experiences
• How no-code identity orchestration simplifies integrating the necessary authentication, identity verification and fraud services together to decrease development time and cost
• Real-world implementations of customer journeys built and optimised with identity orchestration

Victoria Harris, Global Head of Compliance and Controls (Cyber and Tech), Willis Towers Watson

In this presentation, we will explore the people aspects of controls and the importance of investing in your control owner community and taking them with you on every step of the compliance journey.

Victoria will reflect on her own experiences and learnings whilst sharing tools and techniques which have worked and continue to work as this is a journey that never completely ends.

We will explore:

• The Journey to competence (reflecting on the well-known 4 stages to competence model)
• The mindset of a control owner when facing an audit
• How we can help the control owner as risk and controls professionals
• The role of the control owner and associated roles
• The impact of outsourcing controls to a third party

Pascal Jacober, Sales Director, Europe, PlainID

The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when? In this session we will present a new architecture for Identity First Security based on centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations and more.

David Terrar, Director and Chair, Cloud Industry Forum

Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea

Regulatory bodies, government agencies and CIOs are mandating Zero Trust as a key cyber security framework. But what are the main considerations and how do you achieve this vision? With many definitions and different interpretations of Zero Trust and ways to communicate its importance, it’s key to understand the critical steps. This session gets back to basics, covers the fundamentals and helps uncover the reality check on what Zero Trust really means along with the path to success.

Key takeaways:

-How the principles of least privilege can be applied at speed and scale to help enable Zero Trust
-Just-in-time and on-demand privilege elevation strategies
-How organisations can balance security and productivity while securing critical infrastructure
-Critical steps that IT decision-makers must take to address current cybersecurity challenges

Denise Beardon, Head of Information Security Engagement, Pinsent Masons

Understanding our organisation’s security culture has been critical to the deployment of security countermeasures to help manage our cyber security risks while making the transition to a hybrid work model. By measuring whether our people feel equipped to help combat cyberattacks whether they’re working from home or in the office, we have been able to assess whether they will make the right decision at the point of impact and evaluate the efficacy of our security strategy.

In this presentation we explore:

• Identifying what to measure
• The importance of data science
• How to communicate the results to the leadership team

Mike Kehoe, EMEA Threat Management Program Director, IBM Security 

As our enterprises continue to digitally transform to offer new business growth opportunities unfortunately comes new opportunities for cyber crimes. Therefore, Cyber Defence must continually evolve, not because of commercial or technical pressures but due to the simple fact that the threatscape is ever evolving in its sophistication and intensity.

Cyber defence solutions have entered a new era called XDR ( extended Detection and Response ) which helps zero the vulnerability gaps that historical approaches may have missed. XDR make cyber defences holistic, in other words understanding and responding to an attack by identifying all aspects of what is needed to effectively stop it.

Join this session to hear how IBM Security is using the XDR approach to deliver Cyber defence solutions for today’s digitally transforming world.

View Seminar Sessions

David Terrar, Director and Chair, Cloud Industry Forum

Gary Archer, Product Marketing Engineer, Curity

• DevSecOps – Best practice deployments
• How secure Java underpins what we do (and likely what you do)
• Why Curity? Why Azul?

Ryan Aldred, Head of Cloud Security, Lloyd’s Banking Group

Cloud. DevOps. Automation. Immutability. Ephemeral Workloads.

Whilst the advantages of public cloud are perhaps obvious, the security implications of adopting these principles and technologies are perhaps less so. Empowering the DevOps community to feed and water their own application and infrastructure stack is exciting, but what does this mean for security? How do central security teams retain visibility and control in an environment where distributed teams manage their own, ever larger and more complex, infrastructure?

What even is Cloud? Where is our perimeter and how do we control it?

Cloud is so much more than networks and virtual machines (or it should be). PaaS and API based managed services offer features previously unobtainable to most, but they also present exfiltration challenges. Cloud is powerful and attractive, but the implications for getting it wrong need to be acknowledged.

Be prepared to engineer, monitor and build stuff!

Piers Wilson, Head of Product Management, Huntsman Security

A review of several case studies that show how measuring the effectiveness of cyber security controls reveals material differences between perceived levels of protection and reality.

We will discuss:

• Assumptions about security posture that leave businesses exposed
• Customer improvements in ransomware risk readiness
• NCSC guidelines on prevention, containment and recovery

Nicola Crawford, Chief Risk Officer, National Bank of Kuwait International 

The evolution of supply chains from the local to the global has inevitably added to a more complex business ecosystem. Added to this complexity is the uncertain times in which individuals and businesses find themselves.

With fragmented workforces, disrupted third party relationships, declining customers, and diminishing revenues, the risks to business viability is clear.

We explore, how to manage and mitigate increasing risks, balance cost pressures, improve efficiency, and prepare for supply chain failures.

David Terrar, Director and Chair, Cloud Industry Forum

Dinesh Krishnan, Global Head of Information & Digital Technology, British American Tobacco

Surviving any storm and building any castle is fundamentally influenced by having a strong Cyber approach.

Without having a strong cyber approach, the business will be open to a vulnerability that can impact the downfall of the business.

We have seen this over and over again, with the 2018 data breach in British Airways, ransomware in Florida based- IT company Kaseya that cyber vulnerability impacts not only the brand image of the organisation but also the value of the organisation.

What do organisations do to prepare? What is the cyber strategy behind this especially for organisations that are going through a business transformation but also dealing with external disruptors at the same time?

Khalid Khan, Director of Sales Engineering, Forcepoint

Digital security is the cost of doing business magnified ten-fold with today’s hybrid workforce. Yet, too often security complexity has run amok. Complexity increases risks and reduces control. The industry has to simplify. This session will guide you through simplifying security in a complex hybrid scalable world – while still reducing risks.

This session will cover how to:

• Create strategies that can control access to business services in a hybrid world whilst keeping your organisation safe from attackers
• Mitigate risks from advanced threats by Defining Zero Trust principles with a SASE architecture
• Implement processes to prevent theft, unauthorised access or corruption of valuable data, ensuring that data breaches are prevented and you achieve regulatory compliance

Kevin O’Keefe, Security Architect, Qualys

As we have more devices often de-coupled from our corporate networks, businesses need to adopt a new approach to reducing the risk associated with them.

It seems every day there are more and more notifications of vulnerabilities being identified, many of them requiring more than just patching. According to studies on average organisations take between 60 and 150 days to resolve these issues and push out a patch – this needs to improve dramatically!

Join us to hear how, using prioritisation and gamification of vulnerability management, one global food manufacturer reduced their vulnerabilities and improved mean time to remediate across their global estate.

Sarah Janes, Owner and MD, Layer 8 Ltd

Culture can be defined as what people say and what people do to demonstrate what’s important.

To create a proactive security culture, you’ll need people right across the business championing the right behaviours.

In this talk, Sarah will share real-world examples of how to engage people right across the business to become Champions of Security Culture.

•Learn the conversations change culture blueprint used by many organisations for successful culture change
•Discover a 4-step process for setting up your Champions programme, that flips traditional change programmes on their head
•Identify measures that will be needed to secure onward funding and business buy-in for your Champions programme

David Terrar, Director and Chair, Cloud Industry Forum