Enterprise Security & Risk Management 2020


3 November 2020




Live Agenda

ESRM 2020 – VIRTUALCONFEX – The Live Virtual Summit will feature a mix of keynotes, panel discussions and covering the most IAM deployment issues so join us live if you can!

Be sure to check back as we enhance the agenda to ensure you have the most up-to-date information.  We look forward to your participation in ESRM 2020 VIRTUALCONFEX.

Registered users can view the keynote, watch recorded sessions, and access other valuable content on-demand. Participants can also connect with peers and experts to ask questions, share insights, and get the most from the leaders in the industry

All sessions will be available on-demand after, so you won’t miss anything.  Session times are subject to change.

24 hours prior
Virtual Site opens
  • Set up your networking profile
  • Set appointments
  • Familiarise yourself with event layout and select which sessions you wish to view

Live Stream On Demand

Virtual Summit opens for networking
  • Browse stands
  • Set appointments
  • Watch online demos in networking area
Conference Chair’s Opening Address
2030 Cybersecurity Horizons

Andy Giles, Head of Security GRC & Centre of Excellence, Nationwide Building Society

This opening presentation will attempt to provide a summary of how current and near-term events are shaping the future of technology adoption, the application of cybersecurity in a rapidly evolving global innovation market, against a backdrop of global and environmental uncertainties that are causing organisations to consider physical and political developments when applying cybersecurity strategies.

Specific sections:

  • The impact of cloud on threat innovation vs the security industry’s skills uplift progress >> are we moving fast enough in UK Plc?
  • The march of automation, AI and ML – what the security industry can do get ahead of the global technical race
  • The need for closer collaboration in a post Brexit world, increasing offensive cyber activity and geopolitical impacts on UK Plc cyber exposure
A Multi Perspective View on the Impact of Phishing on Enterprise...

Michael Aminzade, Cyber Managing Director, 6point6

speaker Michael Amizade

This presentation will provide a multi perspective view on the impact of Phishing on enterprise. Phishing, in its various forms, remains amongst the most prevalent and effective forms of attack across almost every industry. We’ll outline how an organisation can leverage technology, business processes and culture to increase its ROI on security controls and reduce the risks associated with third parties and supply chain. This session will inform the Phishing demonstration that Scott Lester, Cyber Lab Manager at 6point6, will be hosting in the main plenary conference room at 12:15pm. The demo covers everything from the selection of the target(s) through to the execution of the attack and the dangers posed should it be successful.

The Return of Investment from the Cyber Attacker’s Perspective – What you should know

Rui Shantilal, Managing Partner, Integrity

If we want to understand the trends and get prepared to face threats, then we need to think strategically and that involves seeing the equation from the attacker’s perspective.

Nowadays security threats are on the agenda of the board of almost every organization, in which they should be consistently evaluating threats and defining mitigation controls based on appropriate risk management methodologies taking into consideration the cost/benefit of those investments.

What about the attackers? Do they also have an ROI (return on investment) approach to their activity? What are the variables that they evaluate and mostly, what should businesses and the industry, in general, conclude about them? Are the latest trends that we have been observing in the threat arena, somehow related to this ROI analysis from the Attacker’s perspective? What should we expect and what are the next steps?

Questions to the Panel of Speakers
Sessions break for networking
  • Browse stands
  • Set appointments
  • Watch online demos in networking area
Introduction to the session
Measurable business benefits from effective enterprise risk management

Dr Abdul Mohib, Group Head of Risk and Assurance, Peabody Trust

Is risk management really a new concept or has it been going on for thousands of years?  One can imagine a proto-risk manager burning a fire at night to keep wild animals away thereby reducing the risk of attack.  How did we transition from proto-risk manager to the world of insurance risk, financial risk and what we now know as enterprise risk management?  What does it all mean and how could we maximise the opportunities of embedding effective enterprise risk management to add value and help us maintain focus on achieving the organisational strategic objectives?

Using Metadata to Improve Network Security at Scale

Ollie Sheridan, CISSP Gigamon Principal Engineer, Security (EMEA), Gigamon

speaker ollie sheridan

Ollie will explain what is meant by Metadata and describe how Metadata can improve your security posture at scale. He’ll discuss how to:

• Secure communication links by observing broad Layer 7 metadata to prevent malicious commands
• Application Metadata Intelligence extracts metadata elements for use by ecosystem solutions such as SIEM and performance monitoring tools
• Enable tools to measure performance, troubleshoot issues, spot security events and improve effectiveness

Which Monsters to Fear in a World Full of Monsters

Etienne Greeff, CTO, Orange Cyberdefense

Etienne Greeff speaker

The CISO & CIO have a very difficult task in trying to balance scarce spending priorities. We all understand that the threat landscape is continually evolving and that adversaries are getting smarter and more persistent. So the question is; which threats do we focus on and where should we focus our scarce resources. This talk uses our own research to provide a high level view of the state of the threat. The talk also addresses defensive strategies to stop companies becoming the next hacking news headline.

Questions to the Panel of Speakers
  • Browse stands
  • Set/Attend appointments
  • Watch online demos in networking area
online session three
Introduction to the session
Changing Cyber Landscapes: The Battle of Algorithms

Josh Lamming, Cyber Security Account Executive, Darktrace

Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous and harder to identify. In the near future, we will begin to see supercharged, AI-powered cyber-attacks leveraged at scale. To protect against Offensive AI attacks, organizations are turning to defensive cyber AI, which can identify and neutralize emerging malicious activity, no matter when, or where, it strikes.
In this session, learn about:
• Paradigm shifts in the cyber landscape
• Advancements in offensive AI attack techniques
• The Immune System Approach to cyber security and defensive, Autonomous Response capabilities
• Real-world examples of emerging threats that were stopped with Cyber AI

Rethinking Your Approach to Enterprise Risk Management: A WeWork Case Study

Manish Patel, Director of Corporate Risk, Dataminr

To reduce the impact of an unfolding crisis, companies need a clear, accurate and early line of sight into emerging risks. Leaders can then act with confidence and seize opportunities to preserve brand reputation while driving operational excellence. To ascertain how real-time information can help companies gain advanced warning of an event and use that information to their advantage, Dataminr analysed 100 crises affecting global organisations between 2018-2019. Manish Patel, Director of Corporate Risk will discuss the resulting data and discuss:
• How long companies have, on average, to act from initial indication of a crisis until its peak
• How crises impact sectors such as energy, finance, manufacturing, retail and transport
• How WeWork uses real-time information to detect emerging threats and protect its people, property and reputation

Securing Devices Case Study for a Top 10 Global Law Firm

Matt Fernandes, Chief Technologist, Identity Experts

This session will cover:

• Deployment of key Microsoft Solutions
• Implementation of conditional access
• Maximising compliance, minimising risk
• Taking the next step with mobile worker defence

Questions to the Panel of Speakers
Sessions break for networking
online session four
Introduction to session
Neurological Insights of Human Technology Habits

Denise Beardon, Head of Information Security Engagement, Pinsent Masons 

For too long phishing simulation programmes have focused on the minutiae of ‘look out for poor spelling, hover over that link’ rather than addressing the fundamental reasons behind why someone clicks on a link.

By engaging partners and employees in an empathetic way and exploring neuroscientific insights into habits and behaviours, Pinsent Masons has introduced a new approach to their phishing simulation using positive reinforcement.

In this presentation we explore:

  • Why awareness should focus on good security related behaviour
  • Educating through empathy
  • Why phishing emails trigger our happy (neuro) hormones
  • The importance of building confidence
Things Are Only Secure Until They Are Not. Distributed Ledgers Secure Things Again

Jon Geater, Co-Founder & CTO, Jitsuin

Operators of Essential Services face invisible supply chain risks from connected Things while having to demonstrate compliance with cyber security regulations.

Strengthening threats, thinning airgaps and complex operational technology compound the challenge for CISOs to manage risk with fewer resources. Check-box compliance audits and spreadsheets won’t keep up with proving when who did what to a Thing and how it impacts cyber-risk in real-time.

Distributed ledgers bring the visibility, continuity, collaboration and automation that’s needed by all stakeholders in the connected device ecosystem to manage cyber security risk. The talk will outline how new technologies are needed to gain greater visibility of risks, collaboratively remediate and prove that security and compliance are possible.

Cyjax Case Study
Questions to the panel of speakers
Sessions break for networking
  • Browse stands
  • Set/Attend appointments
  • Watch online demos in networking area

Online session five

Seminars – delegates can choose to attend 2 sessions ‘live ‘

All sessions will be available on demand shortly after they conclude

Seminars A - D
sessions break for networking

Online session six

Seminars – delegates can choose to attend 2 sessions ‘live ‘

All sessions will be available on demand shortly after they conclude

Seminar sessions E-H
Sessions break for networking
online session seven
Introduction to session
Managing Data Risks: Lessons from Using International Open Data Sets

Carina Kabajunga, Head of ICT, The Commonwealth Secretariat

Many organisations use open data to inform their activities and to make business and policy decisions. While such data are convenient, freely available, the methodology and data quality checks used to collate the data are not immediately available to the End User.
Organisations using open data sets need to have internal risk management mechanisms embedded in their Data Governance practices in order to mitigate such risks.

Panel Discussion – Career Expectations in Security Risk Management and Cyber Security

To conclude the day, we will explore the extent to which career expectations in security risk management and cyber security match with the reality of the roles and what can be done to ensure that individuals positively opt for career progression rather than succumb to burn out.

We will also explore the extent to which those entering the profession, as well as verified veterans, feel equipped enough to deal with new and emerging threats, both in terms of risk mitigation and cyber defences.


Ian Golding, Interim CIO, Natural History Museum

Inga Schorno, Head of Information Security, Tandem Bank

Dr Abdul Mohib, Group Head of Risk and Assurance, Peabody Trust

Closing Remarks from the Conference Chair


Please note:
Whitehall Media reserve the right to change the programme without prior notice.