Presentations @

ESRM uk

Enterprise Security & Risk Management

13 March 2024

Pullman Hotel St Pancras, London

Presentations @ ESRM uk

Morning Session

Becoming a security and risk champion

  • Catastrophic Loss Risk
  • ThreatLocker Demo: Zero Trust in Action
  • Leveraging the Monte Carlo Method to Quantify Risks
  • Risk-Based Decision Making: An Industry Perspective
  • Bridging Visibility Gaps in Hybrid Cloud Monitoring
  • Developing a Ransomware Playbook
  • DMARC – What is it and how can it defend my brand against email domain spoofing?
  • Securing AI and ML in the Cloud

08:00 (GMT)

Registration and Exhibition Opens

Delegates collect their badge on arrival and refreshments are served amongst the Exhibitors

09:00 (GMT)

Conference Chair's Opening Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

09:25 (GMT)

Catastrophic Loss Risk

Tom Christophers
Global Head of Risk, Convatec plc.
view profile

Tom Christophers, Global Head of Risk, Convatec plc.

Major global, industrial, and financial catastrophes such as Covid-19, Piper Alpha, Bhopal, Enron, the Deepwater Horizon, and the most recent financial crises have contributed to the growing need for a formal strategy to combat and prepare for known and unknown risks.

Historically, business practices have relied heavily upon insurance policies to protect them against the financial impact of such incidents; however, it is clear that insurance is just one risk response and that companies have other less costly options, including resilience planning, risk acceptance, or mitigation. It is prudent to devise risk management measures to identify, measure, monitor, and report on risks across the business before they materialise into loss.

In order to obtain a clearer line of sight on different risk types and move towards a resilience model for businesses to operate within, it is necessary for businesses to get greater visibility on understanding, managing, and preparing for high-impact, low-likelihood risks (Catastrophic Loss Risk). Preventing, preparing, and responding to catastrophic loss events in a considered manner and ensuring that when events do occur businesses emerge more resilient from the experience, is a critical activity.

09:40 (GMT)

ThreatLocker: Implementing Zero Trust Controls on the Endpoint

Eoin McGrath
Solution's Engineer, Threatlocker
view profile

Eoin McGrath, Solution’s Engineer, Threatlocker

Allowlisting is a central tenet of Zero Trust based security, but rumor has it, it’s hard to implement. Join Eoin McGrath for a demonstration of the controls needed to harden security at the endpoint and simplify operations, from allowlisting and beyond.

09:55 (GMT)

Leveraging the Monte Carlo Method to Quantify Risks

Jack Summerfield, Principal Cyber Security Risk Management Specialist, Collins Aerospace
Jack Summerfield
Principal Cyber Security Risk Management Specialist, Collins Aerospace
view profile

Jack Summerfield, Principal Cyber Security Risk Management Specialist, Collins Aerospace

Are you still struggling to obtain buy-in from stakeholders and senior leaders with control investment? Are you struggling to get your customers over the line with a control investment? Are you struggling to get people to buy into the value of a risk management process?

During this presentation you will learn:

  • What the Monte Carlo analysis is.
  • How to use it to quantify risks and turn “red,” “amber” and “green” into meaningful numbers.
  • How to use these numbers in business cases for controls and obtain that all-important buy-in from senior stakeholders.

10:10 (GMT)

Risk-Based Decision Making: An Industry Perspective

Tom Ryan
Solution Engineer Director, Diligent Boardbooks
view profile

Tom Ryan, Solution Engineer Director, Diligent Boardbooks

We’ll explore the pivotal role of risk management in strategic decision-making, through two case studies from the manufacturing and pharmaceutical industries. We’ll discuss how a manufacturing company tackles operational challenges like supply chain disruptions and geopolitical incidents to achieve strategic objectives, and how a pharmaceutical company manages risks in new markets and intellectual property concerns. This talk is tailored for risk management professionals eager to understand how effective risk analysis and mitigation strategies can guide critical business decisions and foster operational resilience.

10:25 (GMT)

Bridging Visibility Gaps in Hybrid Cloud Monitoring

Federico Iaschi
Head of Cyber Security Resilience and Observability, Virgin Media O2
view profile
Federico Iaschi, Head of Cyber Security Resilience and Observability, Virgin Media O2

 

Hybrid cloud environments create dangerous visibility gaps that increase risk and stall innovation. “Bridging Visibility Gaps in Hybrid Cloud Monitoring” is a focused exploration of enhancing system transparency in complex cloud architectures. This session covers the urgent need for robust monitoring solutions, the criteria for selecting a scalable system, and the practical challenges and achievements of implementation. It highlights the significant improvements in security and efficiency achieved through strategic visibility enhancements. The talk concludes with actionable insights and future directions for integrating advanced analytics into cloud monitoring practices.

Summary Points:

  • Outlines the importance of visibility in hybrid cloud security and the selection of a fitting monitoring solution.
  • Describes real-world implementation challenges and the resulting operational benefits.
  • Presents future recommendations for adopting AI and predictive analytics in cloud monitoring.

10:40 (GMT)

Questions to the Panel of Speakers

Owen Miles
Field CTO, CEM Business Solutions, Everbridge
view profile

Joining the panel of this morning’s speakers will be Owen Miles, Field CTO, CEM Business Solutions from Everbridge.

11:00 (GMT)

Refreshment Break Served in the Exhibition Area

11:25 (GMT)

Welcome to Session Two

11:30 (GMT)

Developing a Ransomware Playbook

Bharat Thakrar
CISO and Principal Security Lead, Information Security Forum
view profile

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

Ransomware, unlike other security events, puts your organization on a countdown timer.

Delays in decision-making and response can significantly increase the risk to the business.

In addition to your incident-response plan, a specific ransomware playbook is needed. This addresses the key decision points that are essential, the team that will support you and the testing and rehearsal required for you to turn this into muscle memory.

In this talk, we will provide you with the tools and techniques needed to create a playbook specific to your organization and the process for exercising these.

11:45 (GMT)

DMARC – What is it and how can it defend my brand against email domain spoofing? 

Andrew Dillon
Sales Engineer, Mimecast
view profile

Andrew Dillon, Sales Engineer, Mimecast

The State of Email Security 2023 has found that efforts to impersonate companies are on the rise, with an eyewatering 91% of respondents reporting attempts to misappropriate their email domain.

Enter the DMARC protocol which helps stop bad actors delivering malicious emails that appear to come from your organisation to protect customers and your supply chain. When combined with a Secure Email Gateway that protects your employees being targeted by sophisticated attackers posing as trusted senders, it completes a powerful multi-layered approach to tackling brand abuse.

An effective DMARC deployment provides control of organisational domains and better governance for sending email sources but can be difficult and time consuming to implement without the right tools. Most organisations take an average 6 to 9 months to achieve full compliance, which doesn’t leave much time for DMARC implementation and compliance alongside PCI-DSS V4.0 auditing. Implementing DMARC becomes critical to ensure comprehensive email authentication and protect against email spoofing and phishing attacks.

This session will cover:

  • The Basics: What it is and how it works.
  • The Benefits: How you can preserve trust in your email and where this fits in a holistic approach to protecting your brand, customers, and employees.
  • The Journey: One customer’s path to compliance and how they overcame the challenges associated with DMARC enforcement.

12:00 (GMT)

Securing AI and ML in the Cloud

Alex Noble
Cloud Security Lead EMEA, Rapid7
view profile

Alex Noble, Cloud Security Lead EMEA, Rapid7

  • Identify and address unique security challenges in AI/ML Cloud deployments.
  • Explore effective strategies for protecting sensitive data and models.
  • Identify advanced tools for continuous monitoring and threat detection.

12:15 (GMT)

Questions to the Panel of Speakers: Delegates move to the Seminar Rooms

12:30 (GMT)

Delegates move to the Seminar Rooms

13:15 (GMT)

Networking Lunch Served in the Exhibition Area

Afternoon Session

  • “To Be or Not to Be” – A Secure Supply Chain?
  • Cyber-resilience and How to Utilise Zero Trust to Achieve it Now
  • Moving from Risk to Resilience
  • Scanning the Horizon
  • What are your risks doing while you’re not looking?

14:00 (GMT)

Conference Chair’s Afternoon Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

14:05 (GMT)

“To Be or Not to Be” – A Secure Supply Chain?

Stuart Frost
BEM, Head of Enterprise Security & Risk Management, UK Government (Senior Civil Service)
view profile

Stuart Frost BEM, Head of Enterprise Security & Risk Management, UK Government (Senior Civil Service)

 

In today’s evolving world everything is connected to everything else, and this includes our supply chains. Now that Pandora’s box is well and truly open, is it possible to ever have a fully secure supply chain? This presentation will cover: 

  • Why do we care? 
  • The art of the possible 
  • Why is this so difficult? 
  • An integrated security approach. 
  • The important role risk and assurance plays. 

14:20 (GMT)

Using Zero Trust to Improve Cyber-resilience in the age of AI

Michael Adjei
Director, Systems Engineers in EMEA, Illumio
view profile
Michael Adjei, Director, Systems Engineers in EMEA, Illumio

As we transform our business models to deliver more agile services, the increasing threat of AI generated attacks on critical infrastructure can potentially disrupt services causing an impact on society. Complying with any changes potentially coming with implementations of NIS2 could be complex and add cost. Taking a Zero Trust approach can simplify compliance and reduce costs. In this session we will address the following topics:

·   How to identify and define risk
·   How to reduce the attack surface
·   How to contain a attacks
·   How to respond and restore services during an attack

14:35 (GMT)

Moving from Risk to Resilience

Sebastian Lawrence
Managing Consultant (Resilience), Marsh McLennan
view profile

Sebastian Lawrence, Managing Consultant (Resilience), Marsh McLennan

As the evolution of risk accelerates and becomes shrouded in uncertainty, the need to broaden organisational focus from traditional risk management to one of resilience becomes ever greater. Resilience is not simply a plan, it isn’t simply a process – it is the ability of an organisation to anneal together its business management strategy, its risk appetite, and its capacity and capability to prepare for, respond to, and recover from disruption. Too often, we see organisations fall foul of challenges involving their reputation, their products, and their assets not because they lack knowledge or good ideas, but because they have not structured themselves in a way that thinks proactively (not reactively), champions accountability at all levels, and sustains effort and investment for the long-term. This presentation will:

  • Highlight the challenges facing resilience practitioners within the public and private sectors.
  • Posit three mindset shifts that all organisations can and should make to move the dial on resilience.
  • Discuss the practical implementation of measures aligned to those mindsets.

14:50 (GMT)

Questions to the Panel of Speakers

15:05 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

15:30 (GMT)

Welcome to Session Five

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

15:35 (GMT)

Scanning the Horizon

Omer Maroof
Head of Operational Risk, Euroclear UK & International
view profile

Omer Maroof, Head of Operational Risk, Euroclear UK & International

Horizon Scanning is a tool that can be used to identify risks that may impact an organisation in the future to enable adequate preparation for addressing those risks.  The presentation will explore:

  • Different ways of performing a horizon scan
  • The ways in which it can be represented
  • Common pitfalls
  • Feedback from Boards and
  • How to make it a continuous and sustainable activity

15:50 (GMT)

What are your risks doing while you’re not looking?

David Bryant
Digital Assurance Lead, Houses of Parliament Restoration and Renewal Delivery Authority
view profile

David Bryant, Digital Assurance Lead, Houses of Parliament Restoration and Renewal Delivery Authority

There are many standards and methods for Risk Management, but David is not here to talk about the ins and outs of those. Instead,  this short presentation is about the practical application of Risk Management, prompting us to consider our own approaches to the art of Risk Management:

  • The need for the loop – the assumption conundrum.
  • Building the loop – Moving from Ad-hoc to closed-loop Risk Management.
  • Closing the loop – Control Assurance.

16:05 (GMT)

Questions to the Panel of Speakers

16:20 (GMT)

Closing Remarks from the Chair

16:30 (GMT)

Conference Closes

Delegates depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Questions Around Enterprise Generative AI You Should Be Asking
There has been a lot of talk about enterprise generative AI over the last few months as its use has become more implemented. However, the real questions should be asked by security teams about their providers’ approach to data privacy, transparency, user guidance, and secure design and development. There is no doubt that GenAI is...
Enterprise Security Practices You Can Perform at Home
Security is equally important in the home as it is in the workplace. Enterprise security involves areas of identity management access control, application auditing, and protection of data and information. It is strictly abided to preserve and protect the business from outside hackers and threat actors. However, a similar level of personal security does not...
risk management conference london
Online Safety Protection Guide for Enterprise Employees
Cybersecurity may be the biggest issue in the online world, with ever-evolving apps and programs designed to keep you safe from online threats, but the real world poses genuine threats that your devices can help to protect you from. The question for enterprise employees is – are you utilising the safety features that devices like...