Programme @



31 March 2022

Brought to you by Whitehall Media

Programme @ ESRM

Morning Session

Managing security and mitigating risk in a hyper-disruptive world

  • How to calibrate and execute your digital business security plan
  • Weighing the proper level of security governance against your business objectives
  • Advance your adaptive security  architecture
  • Operational Business resilience: survive any storm and build any castle
  • Fundamentals of risk: data security

08:00 (GMT)

Conference Platform is open

Delegates will actually have access from the night prior to ensure they can log in

09:15 (GMT)

SESSION ONE - Conference Chair's Opening Address

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

09:20 (GMT)

Stop Chasing, Start Defending: Preventing Ransomware with Zero Trust

Ben Jenkins
Director of Cybersecurity, ThreatLocker
view profile

Ben Jenkins, Director of Cybersecurity, ThreatLocker

Join ThreatLocker Senior Solutions Engineer, Ben Jenkins, as we discuss endpoint evasion techniques that are undetectable by most EDR/MDR and antivirus solutions. Understand how businesses are enhancing their cyber resilience and significantly limiting the damage ransomware can inflict with a Zero Trust architecture.

We will discuss:

  • How adopting a Zero Trust model will help you save time, money and resources
  • How to better protect your business and enhance your cybersecurity stack
  • Find out more about each element of our solution, including Ringfencing and Application Whitelisting And more!

09:35 (GMT)

How to Calibrate and Execute your Digital Business Security Plan

Fortune Barnard
Director of Digital Security, Virgin Media
view profile

Fortune Barnard, Director of Digital Security, Virgin Media 

Digital business presents unique challenges which often fail to be addressed by the prevailing examples of traditional information risk and security management.

We map out the core basic tenets you need to develop a pragmatic vision and strategy for digital business security; the global context in which you are operating; the extent to which the company culture is a business enabler; whether the company’s capabilities and capacity align with the market in which it is operating; technology adoption and promotion which is targeted and purposeful.

We address how to:

  • Challenge conventional security practices, culture and infrastructure
  • Formalise digital security programme integrated with a clear vision
  • Establish a principle-based programme and adaptive architecture for effective implementation

09:50 (GMT)

Design Secure Digital Experiences that your Customers will Rave About

Patrick Cowland
Principal Solution Architect, Ping Identity
view profile
Tom Martin
Account Manager, Ping Identity
view profile

Patrick Cowland, Principal Solution Architect, Ping Identity
Tom Martin, Account Manager,
Ping Identity

Digital-first consumers are forcing businesses around the globe to rapidly evolve their online experiences to drive engagement. But, any experience innovation that sparks customer delight that compromises security opens the business up to fraud or breaches.

Keeping up with customer desires while enhancing security starts by strengthening the business’s ability to rapidly design, test and optimise ‘brand aware’ and confidence inspiring digital experiences. Stay ahead of the competition by providing digital and IT teams with intuitive tools to reduce development time and resources to integrate customer identity and other business services together to get to market faster with seamless, secure digital experiences.

We address:

  • Balance security and convenience along the entire online user journey using customer identity and orchestration
  • The value customer identity orchestration can provide your organisation in accelerating the delivery of secure, seamless experiences
  • How no-code identity orchestration simplifies integrating the necessary authentication, identity verification and fraud services together to decrease development time and cost
  • Real-world implementations of customer journeys built and optimised with identity orchestration

10:05 (GMT)

The Control Owner Maturity Journey

Victoria Harris
Global Head of Compliance and Controls (Cyber and Tech), Willis Towers Watson
view profile

Victoria Harris, Global Head of Compliance and Controls (Cyber and Tech), Willis Towers Watson

In this presentation, we will explore the people aspects of controls and the importance of investing in your control owner community and taking them with you on every step of the compliance journey.

Victoria will reflect on her own experiences and learnings whilst sharing tools and techniques which have worked and continue to work as this is a journey that never completely ends.

We will explore:

• The Journey to competence (reflecting on the well-known 4 stages to competence model)
• The mindset of a control owner when facing an audit
• How we can help the control owner as risk and controls professionals
• The role of the control owner and associated roles
• The impact of outsourcing controls to a third party

10:20 (GMT)

PlainID: Why Policy-Based Authorization is Critical for Identity First security

Pascal Jacober
 Sales Director, Europe PlainID
view profile

Pascal Jacober, Sales Director, Europe, PlainID

The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when? In this session we will present a new architecture for Identity First Security based on centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations and more.

10:35 (GMT)

Questions to the Panel of Speakers

11:00 (GMT)

Virtual Networking in the Exhibition Area

11:15 (GMT)

SESSION TWO - Welcome Back to the Conference Session

David Terrar, Director and Chair, Cloud Industry Forum

11:20 (GMT)

How to make Zero Trust become Zero Friction

Joseph Carson
Chief Security Scientist and Advisory CISO, Delinea
view profile

Joseph Carson, Chief Security Scientist and Advisory CISO, Delinea

Regulatory bodies, government agencies and CIOs are mandating Zero Trust as a key cyber security framework. But what are the main considerations and how do you achieve this vision? With many definitions and different interpretations of Zero Trust and ways to communicate its importance, it’s key to understand the critical steps. This session gets back to basics, covers the fundamentals and helps uncover the reality check on what Zero Trust really means along with the path to success.

Key takeaways:

-How the principles of least privilege can be applied at speed and scale to help enable Zero Trust
-Just-in-time and on-demand privilege elevation strategies
-How organisations can balance security and productivity while securing critical infrastructure
-Critical steps that IT decision-makers must take to address current cybersecurity challenges

11:35 (GMT)

Pinsent Masons case study – How to build resilience in a hybrid work model through the measurement of your security culture

Denise Beardon
Head of Information Security Engagement, Pinsent Masons
view profile

Denise Beardon, Head of Information Security Engagement, Pinsent Masons

Understanding our organisation’s security culture has been critical to the deployment of security countermeasures to help manage our cyber security risks while making the transition to a hybrid work model. By measuring whether our people feel equipped to help combat cyberattacks whether they’re working from home or in the office, we have been able to assess whether they will make the right decision at the point of impact and evaluate the efficacy of our security strategy.

In this presentation we explore:

• Identifying what to measure
• The importance of data science
• How to communicate the results to the leadership team

11:50 (GMT)

XDR , the Next Evolution of Cyber Defense Solutions

Mike Kehoe
EMEA Threat Management Program Director - IBM Security
view profile

Mike Kehoe, EMEA Threat Management Program Director, IBM Security 

As our enterprises continue to digitally transform to offer new business growth opportunities unfortunately comes new opportunities for cyber crimes. Therefore, Cyber Defence must continually evolve, not because of commercial or technical pressures but due to the simple fact that the threatscape is ever evolving in its sophistication and intensity.

Cyber defence solutions have entered a new era called XDR ( extended Detection and Response ) which helps zero the vulnerability gaps that historical approaches may have missed. XDR make cyber defences holistic, in other words understanding and responding to an attack by identifying all aspects of what is needed to effectively stop it.

Join this session to hear how IBM Security is using the XDR approach to deliver Cyber defence solutions for today’s digitally transforming world.

12:05 (GMT)

Questions to the panel of speakers

12:15 (GMT)

Networking Break before Seminars

12:30 (GMT)

SESSION THREE - Seminar Sessions

13:15 (GMT)

Networking Lunch

Afternoon Session

Securing the tools, technologies, and processes designed to make you a security and risk leader

  • Why it’s no longer about the perimeter
  • Bridging Visibility Gaps in Hybrid Cloud Monitoring
  • Securing your expanded workforce
  • Designing against unauthorized third-party access
  • Taming the exponential rise in external identities
  • Rise in privacy risk: fragmented regulatory environment

13:45 (GMT)

SESSION FOUR - Conference Chair’s Afternoon Address

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

13:50 (GMT)

DevSecOps in Production with Azul Java

Gary Archer, Product Marketing Engineer, Curity

  • DevSecOps – Best practice deployments
  • How secure Java underpins what we do (and likely what you do)
  • Why Curity? Why Azul?


14:05 (GMT)

Cloud. Security, but different

Ryan Aldred
Head of Cloud Security, Lloyd’s Banking Group
view profile

Ryan Aldred, Head of Cloud Security, Lloyd’s Banking Group

Cloud. DevOps. Automation. Immutability. Ephemeral Workloads.

Whilst the advantages of public cloud are perhaps obvious, the security implications of adopting these principles and technologies are perhaps less so. Empowering the DevOps community to feed and water their own application and infrastructure stack is exciting, but what does this mean for security? How do central security teams retain visibility and control in an environment where distributed teams manage their own, ever larger and more complex, infrastructure?

What even is Cloud? Where is our perimeter and how do we control it?

Cloud is so much more than networks and virtual machines (or it should be). PaaS and API based managed services offer features previously unobtainable to most, but they also present exfiltration challenges. Cloud is powerful and attractive, but the implications for getting it wrong need to be acknowledged.

Be prepared to engineer, monitor and build stuff!

14:20 (GMT)

Ransomware Risk Case Studies

Piers Wilson
Head of Product Management, Huntsman Security
view profile

Piers Wilson, Head of Product Management, Huntsman Security

A review of several case studies that show how measuring the effectiveness of cyber security controls reveals material differences between perceived levels of protection and reality.

We will discuss:

  • Assumptions about security posture that leave businesses exposed
  • Customer improvements in ransomware risk readiness
  • NCSC guidelines on prevention, containment and recovery

14:35 (GMT)

Build Resilience in your Supply Chains

Nicola Crawford
Chief Risk Officer, National Bank of Kuwait International
view profile

Nicola Crawford, Chief Risk Officer, National Bank of Kuwait International 

The evolution of supply chains from the local to the global has inevitably added to a more complex business ecosystem. Added to this complexity is the uncertain times in which individuals and businesses find themselves.

With fragmented workforces, disrupted third party relationships, declining customers, and diminishing revenues, the risks to business viability is clear.

We explore, how to manage and mitigate increasing risks, balance cost pressures, improve efficiency, and prepare for supply chain failures.

14:50 (GMT)

Questions to the Panel of Speakers

15:05 (GMT)

Afternoon Networking

15:25 (GMT)

SESSION FIVE - Welcome Back to the Conference Session

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

15:30 (GMT)

Operational Business Resilience: Survive Any Storm and Build Any Castle

Dinesh Krishnan
Global Head of Information & Digital Technology, British American Tobacco
view profile

Dinesh Krishnan, Global Head of Information & Digital Technology, British American Tobacco

Surviving any storm and building any castle is fundamentally influenced by having a strong Cyber approach.

Without having a strong cyber approach, the business will be open to a vulnerability that can impact the downfall of the business.

We have seen this over and over again, with the 2018 data breach in British Airways, ransomware in Florida based- IT company Kaseya that cyber vulnerability impacts not only the brand image of the organisation but also the value of the organisation.

What do organisations do to prepare? What is the cyber strategy behind this especially for organisations that are going through a business transformation but also dealing with external disruptors at the same time?

15:45 (GMT)

Reducing Risk with Simplified Security using SASE in a Zero Trust World

Khalid Khan
Director of Sales Engineering, Forcepoint
view profile

Khalid Khan, Director of Sales Engineering, Forcepoint

Digital security is the cost of doing business magnified ten-fold with today’s hybrid workforce. Yet, too often security complexity has run amok. Complexity increases risks and reduces control. The industry has to simplify. This session will guide you through simplifying security in a complex hybrid scalable world – while still reducing risks.

This session will cover how to:

  • Create strategies that can control access to business services in a hybrid world whilst keeping your organisation safe from attackers
  • Mitigate risks from advanced threats by Defining Zero Trust principles with a SASE architecture
  • Implement processes to prevent theft, unauthorised access or corruption of valuable data, ensuring that data breaches are prevented and you achieve regulatory compliance

16:00 (GMT)

Case study - Global Food producer - Managing Risk through Prioritisation and Gamification of Vulnerability Management

Kevin O’Keefe
Security Architect, Qualys
view profile

Kevin O’Keefe, Security Architect, Qualys

As we have more devices often de-coupled from our corporate networks, businesses need to adopt a new approach to reducing the risk associated with them.

It seems every day there are more and more notifications of vulnerabilities being identified, many of them requiring more than just patching. According to studies on average organisations take between 60 and 150 days to resolve these issues and push out a patch – this needs to improve dramatically!

Join us to hear how, using prioritisation and gamification of vulnerability management, one global food manufacturer reduced their vulnerabilities and improved mean time to remediate across their global estate.

16:15 (GMT)

The Culture Coach: Establishing & Maintaining a Security Champions Programme

Sarah Janes
Owner and MD, Layer 8 Ltd
view profile

Sarah Janes, Owner and MD, Layer 8 Ltd

Culture can be defined as what people say and what people do to demonstrate what’s important.

To create a proactive security culture, you’ll need people right across the business championing the right behaviours.

In this talk, Sarah will share real-world examples of how to engage people right across the business to become Champions of Security Culture.

•Learn the conversations change culture blueprint used by many organisations for successful culture change
•Discover a 4-step process for setting up your Champions programme, that flips traditional change programmes on their head
•Identify measures that will be needed to secure onward funding and business buy-in for your Champions programme

16:30 (GMT)

Questions to the Panel of Speakers

16:45 (GMT)

Closing Remarks from the Conference Chair

David Terrar, Director and Chair, Cloud Industry Forum

17:00 (GMT)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Hotel Hostility as Hackers Target the Hospitality Sector
Among the top three targeted industries by cyber hackers around the world, hotels and the hospitality businesses are suddenly feeling the increase of the growing cybercrime rates. Rich Mining Despite being bricks-and-mortar enterprises, they are considered one of the richest mines for data by hackers looking to utilise the data for nefarious purposes. Even before...
Increased Attack Threat Following Ukraine Crisis
Ever since the first stages of the Ukraine invasion by Russia, widespread predictions relating to cyber operations launching parallel to the fighting have highlighted the threat of collateral damage across the entire global corporate sector. Fresh Threats For those in the insurance industry still recovering from the widespread surge in ransomware attacks, Russia’s Ukraine actions...
Enterprise Shift in Cyber Protection
Throughout the last few years, the cyber landscape has been dominated by rising levels of ransomware attacks, increasing by 105% in 2021 alone. Sophos’ report (State of Ransomware 2021) revealed that an average ransom paid out now equals $170,404 with remediation costs at $1.85m – ten times the size of the ransom payment on average....