Session One
building sustainability, expecting risk, preparing for disaster
- Face up to today’s risk reality
- Streamline your information sources
- Become a better digital business leader
- Where to start with your cyber security culture change
- Redesign your IT organisational structure
- Advance your threat and vulnerability management capabilities
- Act on your insights: get closer to where data is created
09:15 (GMT)
Conference Chair's Opening Address
Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever
09:25 (GMT)
The Neighborhood Watch: Using Continuous Monitoring To Increase Visibility and Effectiveness Of TPRM Programs
Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon
Visibility into our vendors’ security controls and the effectiveness with which they are operating have been and continue to be some of the major challenges in the world of third party risk.
This discussion will cover those struggles, the inherent limitations of the security questionnaire as well as how continuous monitoring tools can be utilized to shed light on the effectiveness of a vendor’s security controls.
09:40 (GMT)
ERM and Operational Resilience – maximising the insight, minimising the threats
Luke Watts, Head of Enterprise Risk, RSA
In this talk, Luke will outline the key elements of Operational Resilience, how these align to a generic ERM framework, the potential for overlap between the frameworks and thoughts on avoiding them, as well as highlight how to utilise the incidents from the two approaches to better support understanding and decision making.
10:00 (GMT)
5 Trends in CIAM to watch
Jamie Hughes, CIAM Product Manager, Beyond Identity
- Customer experience has been identified as the top competitive differentiator across all industries, if customers reject transactions because of forgotten passwords you can be losing revenue
- 57% of consumers polled have identified a passwordless process as being preferred
- 35% of respondents polled said they have experienced difficulties with multi-factor authentication when a second device was required and that this made them cancel their transaction
- Beyond Identity can proceed a seamless, frictionless and secure passwordless MFA experience
10:15 (GMT)
Question to the panel of Speakers
10:30 (GMT)
Networking Break
Session Two
10:45 (GMT)
Intro into Session Two
Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever
10:50 (GMT)
Faking It: Stopping Impersonation Attacks with Self-Learning AI
Mariana Pereira, Director of Email Security Products, Darktrace
Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues. Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response. In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done. Find out how in this session.
11:05 (GMT)
Whose Device is it anyway?
Matt Gregory, Head of Security Operations, Penguin Random House
One of the primary ways by which hostile actors look to exploit the enterprise network is through the exploitation of devices that business users rely on. Coupled with this is the growing concern of IoT connectivity vulnerability, as well as the multitude of unsecured devices which the typical employee uses on a daily basis.
We address:
• How to best mitigate the malicious cyber activity
• Defend enterprise network infrastructure devices
• Understand the scope of the threat
• Drive effective organisational risk mitigation
11:20 (GMT)
Build your Zero-Trust Architecture, Just-In-Time: Using PEDM & PASM
Kamel Heus, Regional Vice President, EMEA Sales, ThycoticCentrify
Comprehensive privilege management can be classified into two different core disciplines: PASM & PEDM. Privileged Account & Session Management and Privilege Elevation & Delegation Management.
Join ThycoticCentrify to understand how the two are essential to have at the core of your zero-trust architecture.
11:35 (GMT)
Question to the panel of Speakers
11:50 (GMT)
Networking Break
Session Three
12:05 (GMT)
Intro to Session Three
Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever
12:10 (GMT)
Providing Transparency on Every Relationship and Every Risk Across Your Digital Business Ecosystem
Stuart Phillips, Product Marketing Direct for Cyber, Interos
- Supply Chain Cyber Security Challenges and Technology
- Procurement and InfoSec Integration
- Changing Role of the CISO
12:25 (GMT)
How to become a better digital business leader - managing digital risk
Geethy Panicker, Head of Enterprise Risk, HSBC
Developing and translating the value of information security into a tangible objective which the wider business can interpret and relate to is vitally important.
By democratising comprehension of, and access to, the infosec ecosystem you will better articulate security and risk concerns, promote a risk-aware culture, resolve business and IT process-related issues, and drive your security programme strategy in accordance with the business appetite for security and risk.
We address:
- Understanding your IT landscape
- Aligning IT with corporate objectives
- Address the business impact of IT risk
- Identify where value is created
- Measure your organisations risk appetite
- Utilise risk mitigation tools
- Become an adviser to the board
12:40 (GMT)
Closing the door on hackers: A misconfiguration case study
Bryan Littlefair, CEO, Cambridge Cyber Advisers
Rapidly evolving networks, overstretched security teams and no margin for error – means that today’s networks are a breeding ground for hackers.
Join us as we explore;
- The misconfiguration challenges facing organisations today
- The implications of a misconfigurations – the good, the bad and the ugly
- How to detect, fix and prevent misconfigurations
- A real life story of how Bryan overcame his misconfiguration nightmares
12:55 (GMT)
Questions to the Panel of Speakers
13:10 (GMT)
Networking Lunch
Session Four
Session Five
Session Six
15:45 (GMT)
Intro into Session Six
Sukh Randhawa, Global Privacy Transformation & ED&I Lead, Unilever
15:50 (GMT)
Key Elements in Business Impact Analysis Development

Les Correia
Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security, Estée Lauder Companies Inc.
view profileLes Correia, Executive Director, Enterprise Cybersecurity & Risk (ECR), Global Head of Application Security, Estée Lauder Companies Inc.
This presentation will discuss key elements in developing a Business Impact Analysis (BIA), and Its importance in identifying critical business functions while predicting the consequences a disruption of one of those functions would have.
16:05 (GMT)
Cyber Insurance: Keeping up with coverage and markets
Monica M. Minkel, VP Enterprise Risk Leader, Holmes Murphy & Associates
16:30 (GMT)
Penny Wise and Pound Wise – Making Good Decisions about Security Strategy and Resources
Sandy Silk, Senior Director of IT Security Workshop Delivery, Info-Tech Research Group
An effective security program needs to be right-sized to your organization, with a well-defined path to better support business priorities and goals. Most of us have finite amounts of money and staff, so we must optimize resources to achieve the most benefit for our costs.
Join me as we examine methods to:
- Identify and prioritize the gaps to close within your security management program
- Combine investments in people, processes, and technology to achieve a sum greater than the individual parts
- •Overcome sunk cost bias and loss aversion in your technology decisions to attain more success
16:45 (GMT)
Questions to the Panel of Speakers
17:10 (GMT)
Closing Remarks from the Conference Chair
17:15 (GMT)
Conference Closes
Please note:
Whitehall Media reserve the right to change the programme without prior notice.
Follow us on social
Keep up to date with what's going on by following us on social media.