Programme @

ESRM uk

Enterprise Security & Risk Management

24 November 2021

Brought to you by Whitehall Media

Programme @ ESRM uk

Session One

building sustainability, expecting risk, preparing for disaster

  • Face up to today’s risk reality
  • Streamline your information sources
  • Become a better digital business leader
  • Where to start with your cyber security culture change
  • Redesign your IT organisational structure
  • Advance your threat and vulnerability management capabilities
  • Act on your insights: get closer to where data is created

09:15 (GMT)

Conference Chair's Opening Address

Sukh Randhawa
Global Privacy Transformation & ED&I Lead, Unilever
view profile

Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

09:25 (GMT)

The Neighborhood Watch: Using Continuous Monitoring To Increase Visibility and Effectiveness Of TPRM Programs

Jonathan Ehret
CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon
view profile

Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon

Visibility into our vendors’ security controls and the effectiveness with which they are operating have been and continue to be some of the major challenges in the world of third party risk.

This discussion will cover those struggles, the inherent limitations of the security questionnaire as well as how continuous monitoring tools can be utilized to shed light on the effectiveness of a vendor’s security controls.

09:40 (GMT)

ERM and Operational Resilience – maximising the insight, minimising the threats

Luke Watts
Head of Enterprise Risk Management, RSA
view profile

Luke Watts, Head of Enterprise Risk, RSA

In this talk, Luke will outline the key elements of Operational Resilience, how these align to a generic ERM framework, the potential for overlap between the frameworks and thoughts on avoiding them, as well as highlight how to utilise the incidents from the two approaches to better support understanding and decision making.

10:00 (GMT)

5 Trends in CIAM to watch

Jamie Hughes
CIAM Product Manager, Beyond Identity
view profile

Jamie Hughes, CIAM Product Manager, Beyond Identity

  • Customer experience has been identified as the top competitive differentiator across all industries, if customers reject transactions because of forgotten passwords you can be losing revenue
  • 57% of consumers polled have identified a passwordless process as being preferred
  • 35% of respondents polled said they have experienced difficulties with multi-factor authentication when a second device was required and that this made them cancel their transaction
  • Beyond Identity can proceed a seamless, frictionless and secure passwordless MFA experience

10:15 (GMT)

Question to the panel of Speakers

10:30 (GMT)

Networking Break

Session Two

10:45 (GMT)

Intro into Session Two

Sukh Randhawa
Global Privacy Transformation & ED&I Lead, Unilever
view profile

Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

10:50 (GMT)

Faking It: Stopping Impersonation Attacks with Self-Learning AI

Mariana Pereira
Director of Email Security Products, Darktrace
view profile

Mariana Pereira, Director of Email Security Products, Darktrace

Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues. Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response. In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done. Find out how in this session.

11:05 (GMT)

Whose Device is it anyway?

Matt Gregory
Head of Security Operations, Penguin Random House
view profile

Matt Gregory, Head of Security Operations, Penguin Random House

One of the primary ways by which hostile actors look to exploit the enterprise network is through the exploitation of devices that business users rely on. Coupled with this is the growing concern of IoT connectivity vulnerability, as well as the multitude of unsecured devices which the typical employee uses on a daily basis.

We address:

• How to best mitigate the malicious cyber activity
• Defend enterprise network infrastructure devices
• Understand the scope of the threat
• Drive effective organisational risk mitigation

11:20 (GMT)

Build your Zero-Trust Architecture, Just-In-Time: Using PEDM & PASM

Kamel Heus
Regional Vice President, EMEA Sales, ThycoticCentrify
view profile

Kamel Heus, Regional Vice President, EMEA Sales, ThycoticCentrify

Comprehensive privilege management can be classified into two different core disciplines: PASM & PEDM. Privileged Account & Session Management and Privilege Elevation & Delegation Management.

Join ThycoticCentrify to understand how the two are essential to have at the core of your zero-trust architecture.

11:35 (GMT)

Question to the panel of Speakers

11:50 (GMT)

Networking Break

Session Three

12:05 (GMT)

Intro to Session Three

Sukh Randhawa
Global Privacy Transformation & ED&I Lead, Unilever
view profile

Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

12:10 (GMT)

Providing Transparency on Every Relationship and Every Risk Across Your Digital Business Ecosystem

Stuart Phillips
Product Marketing Direct for Cyber, Interos
view profile

Stuart Phillips, Product Marketing Direct for Cyber, Interos

  • Supply Chain Cyber Security Challenges and Technology
  • Procurement and InfoSec Integration
  • Changing Role of the CISO

12:25 (GMT)

How to become a better digital business leader - managing digital risk

Geethy Panicker
Head of Enterprise Risk
view profile

Geethy Panicker, Head of Enterprise Risk, HSBC

Developing and translating the value of information security into a tangible objective which the wider business can interpret and relate to is vitally important.

By democratising comprehension of, and access to, the infosec ecosystem you will better articulate security and risk concerns, promote a risk-aware culture, resolve business and IT process-related issues, and drive your security programme strategy in accordance with the business appetite for security and risk.

We address:

  • Understanding your IT landscape
  • Aligning IT with corporate objectives
  • Address the business impact of IT risk
  • Identify where value is created
  • Measure your organisations risk appetite
  • Utilise risk mitigation tools
  • Become an adviser to the board

12:40 (GMT)

Closing the door on hackers: A misconfiguration case study

Bryan Littlefair
Chief Executive Officer, Cambridge Cyber Advisers.
view profile

Bryan Littlefair, CEO, Cambridge Cyber Advisers

Rapidly evolving networks, overstretched security teams and no margin for error – means that today’s networks are a breeding ground for hackers.

Join us as we explore;

  • The misconfiguration challenges facing organisations today
  • The implications of a misconfigurations – the good, the bad and the ugly
  • How to detect, fix and prevent misconfigurations
  • A real life story of how Bryan overcame his misconfiguration nightmares

12:55 (GMT)

Questions to the Panel of Speakers

13:10 (GMT)

Networking Lunch

Session Four

13:45 (GMT)

Seminar Sessions A -B

14:30 (GMT)

Networking Break

Session Five

14:45 (GMT)

Seminars C - D

15:30 (GMT)

Networking Break

Session Six

15:45 (GMT)

Intro into Session Six

Sukh Randhawa
Global Privacy Transformation & ED&I Lead, Unilever
view profile

Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever

15:50 (GMT)

Key Elements in Business Impact Analysis Development

Les Correia
Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security, Estée Lauder Companies Inc.
view profile

Les Correia, Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security, Estée Lauder Companies Inc.

This presentation will discuss key elements in developing a Business Impact Analysis (BIA), and Its importance in identifying critical business functions while predicting the consequences a disruption of one of those functions would have.

16:05 (GMT)

Cyber Insurance: Keeping up with coverage and markets

Monica Minkel
VP Enterprise Risk Leader, Holmes Murphy & Associates
view profile

Monica M. Minkel, VP Enterprise Risk Leader, Holmes Murphy & Associates

16:30 (GMT)

Penny Wise and Pound Wise – Making Good Decisions about Security Strategy and Resources

Sandy Silk
Senior Director of IT Security Workshop Delivery, Info-Tech Research Group
view profile

Sandy Silk, Senior Director of IT Security Workshop Delivery, Info-Tech Research Group

An effective security program needs to be right-sized to your organization, with a well-defined path to better support business priorities and goals. Most of us have finite amounts of money and staff, so we must optimize resources to achieve the most benefit for our costs.

Join me as we examine methods to:

  • Identify and prioritize the gaps to close within your security management program
  • Combine investments in people, processes, and technology to achieve a sum greater than the individual parts
  • •Overcome sunk cost bias and loss aversion in your technology decisions to attain more success

16:45 (GMT)

Questions to the Panel of Speakers

17:10 (GMT)

Closing Remarks from the Conference Chair

17:15 (GMT)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

The Best Practices for Enterprise Security
As more and more internet users become increasingly aware of, frustrated and dissatisfied with how organizations are failing to secure their personal information, we take a look at what the best practices are for enterprise security within organizations should be at this point. What is Enterprise Security When we talk of enterprise security, we are...
Costs of Living Delays the UK Enterprise Strategy
The long-promised enterprise strategy to set out goals to drive growth and boost private sector investment in the UK following the coronavirus has been delayed by ministers. Kwasi Kwarteng, the UK’s Business Secretary, was busy working on the plans that would encourage entrepreneurship to support small business expansion ever since the summer of 2021, working...
Hotel Hostility as Hackers Target the Hospitality Sector
Among the top three targeted industries by cyber hackers around the world, hotels and the hospitality businesses are suddenly feeling the increase of the growing cybercrime rates. Rich Mining Despite being bricks-and-mortar enterprises, they are considered one of the richest mines for data by hackers looking to utilise the data for nefarious purposes. Even before...