Government IT Security Conference

9 May 2019

Victoria Park Plaza, London




Session ONE – Creating a Cyber Secure Government and Society

  • How the UK is meeting policy objectives and securing citizens and business
  • Improving collaboration across sectors, government, and public bodies
  • New advancements in Critical National Infrastructure security
  • Overcoming the skills gap and finding new talent in the security sphere
  • Improving resilience across the public sector
  • Combatting and understanding cyber crime and attack methods
The Conference Facilitators Opening Remarks

Jayne Glasgow, Chief Digital and Information Officer, Leicestershire County Council

Opening Keynote: Making Britain Secure and Resilient in Cyberspace

Senior Representative, NCSC {confirmed}

Government is the centrepiece of the whole National Cyber Security Strategy, responsible for the protection of citizens, the provision of essential public services, and the protection of its own sensitive and personal data.

Our opening keynote examines how government is meeting the cyber security objectives, and what more can be done to make the UK one of the world’s leading digital nations. We focus on how government is defending against evolving threats, deploying deterrence, and developing an innovative, growing cyber security industry.

The Next Generation Identity Governance Platform will……..

Ben Bulpett, EMEA Identity Platform Director, SailPoint

One simple statistic tells an important story about cybersecurity: Almost half of data breaches originate from within an organisation—and most of those events result from a failure to govern the digital identities of employees and other users, such as contractors, partners and even software bots. With the explosion of Data, Robotic Process, and organisations looking to transform to the cloud. The continual rising demands of regulations and compliance, Identity is the critical fabric to ensuring a successful transformation in this digital age.

Come and listen to how The Next Generation of Identity Governance platform is helping Government agencies embrace the digital economy by managing ALL their data, apps and users both on premise and in the cloud.

Improving Threat Intelligence Collaboration Across the Public Sector

Professor John Walker CFIP, Advisory Board, Research Centre in Cyber Security, University of Kent; Visiting Professor, School of Science and Technology, University of Nottingham

More often than not, cyber attacks do not distinguish between different government departments, siloes and responsibilities. Unfortunately, government cyber responses – even when effective, act like they do.

The result? A lack of shared knowledge which has made attacks more effective, and work overlap across hundreds of public sector bodies all working to mitigate the same attacks.

In this session, we make the argument for greater threat intelligence sharing across government to better overcome the growing cyber threat.

My Phone is My Password

Rob Otto, EMEA Field Chief Technology Officer, Ping Identity

Nobody wants to remember another password. But everyone has a smartphone. Doesn’t it make perfect sense to replace something people don’t want with something they already have? If you can easily turn a smartphone into an authentication device, you can deliver a truly passwordless experience for both employees and citizens. But it’s not always that easy. There’s an ongoing battle with convenience and user experience on one side, and strong security and privacy on the other. As we rush to eliminate passwords, we need to make sure we don’t unwittingly create new risks and attack surfaces. In this session, we’ll explore the available technologies and approaches that are making passwordless authentication possible today. We’ll discuss the real-world challenges that come with the passwordless move, and how to provide a truly trustworthy and secure authentication experience with a mobile app. We’ll also look at a number of approaches and patterns to address challenges with industry-specific examples.

What Can Other Sectors Learn from Security Advancements in Critical National Infrastructure?

David Higgins, High-Risk Programme Reviewer, Infrastructure & Projects Authority

Ahead of the implementation of the NIS directive, which placed stringent security requirements on organisations providing essential national services, there have been dramatic changes to the cybersecurity of providers of Critical National Infrastructures.

In this presentation, we explore the key changes to CNI and ask if they can be transposed into other areas of government.

UK Parliamentary Digital Service-Active Roles Case study

Cherry O’Donnell, Product Service Owner,  Identity and Access Management, Parliamentary Digital Service

Yochana Henderson MBE, Identity and Security Manager, UK Parliamentary Digital Service

PDS had an existing Active Roles installation that had essentially become shelfware. The system provided very basic AD object control via a very customized web front end. All creation and management of objects were completed outside of AD / ARS via a number of PowerShell scripts.

We explore the initial response, the lessons learned, progress made and future developments.

The Role of IT Resilience in Cyber Security

Tony Walsh, Strategic Account Director, UK Public Sector, Zerto

This presentation will explore:

  • Zerto – how are we helping our clients
  • Cyber Security vs Cyber Resilience
  • Zerto IT Resilience Platform and how it links to Cyber Resilience
Questions to the Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
WannaCry and the NHS: Why the Public Sector Needs Security Specialists

Andrew Gogarty, Head of Customer Success, Secon Cyber

  • WannaCry caused a big impact, attracted media attention, and it left many organisations in pain
  • Although the attack was devastating for some, it was completely avoidable
  • The speed of response to the attack was critical for stopping the damage, which was the case for one NHS Trust
  • Many organisations in the public sector don’t have the resources to properly prevent cyber attacks. To ensure future attacks are prevented or responded to in a timely manner, it’s better to work with security specialists
Widening the Cyber Talent Pool to Address the Skills Gap

Martin Sivorn, Head of Security, Government Digital Service

The public sector faces twice the challenge of finding and retaining a cybersecurity workforce – it is impacted by the worldwide skills shortage, but cannot compete with the competitive salaries that the private sector can provide.
To overcome this and to continue finding the necessary skills to protect vital public assets from cyber attack, the public sector will have to be creative and flexible in the ways it sources security talent.

This presentation looks at successful initiatives to plug the skills gap which address:

  • A diversity of background and skills
  • Making the public sector an attractive place to work for security professionals
  • Improving pathways from other areas of government
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – Innovations and Best Practice

  • How to respond to a data breach
  • Building a security culture that can respond to new threats
  • The impact of new legislation on security
  • Tackling the most prescient threats
  • Ensuring the security of essential digital services
  • Assessing, understanding, and improving your security posture
The Conference Facilitator Opens the Afternoon Session
Project 2020 from Trend Micro and Europol

Rik Ferguson, Vice President Security Research, Trend Micro

• A review of ‘Project 2020’ (2013-19)
• Preparing for the “Unknown”
• What’s next !

Security for the Future: Work Smart and Stay Safe

Helen Hosein, Enterprise Customer Engineer, Google

For organisations today, cybersecurity can feel like a moving target. As IT teams look to step up their endpoint security strategy, a managed web browser can offer multiple layers of protection that help reduce the risk of malware, ransomware and other exploits that often target your users. In this session, a Google expert will help IT leaders identify key ways to improve their current web browser security, while still empowering users to access the web and be productive.

How a Major Central Government Department is Tackling the Cyber Threat

Alan Back, Sales Director, UKCloud

Chris Wright Account Director UKCloud

This session will explore:

• Current and future threats
• The customers specific challenges
• A different approach to the problem
• A flexible, scalable solution

The Serious Incident Response Playbook

Lorraine Dryland, Deputy Director of Technology Security, Department for Work and Pensions

It is the call that every security team dreads – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data. But how prepared are you for this eventual scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few are prepared for the widespread disruption and compromise caused by a serious breach.

This presentation looks at how you can develop a key playbook for responding to serious incidents and implement it within your own organisation.

Questions to The Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
How Cadence Inc. Overcame their Cloud Security Challenges

Richard Flanders, UK Head of Cloud Security, Check Point Software Technologies

Cadence knew that migrating to the cloud would bring challenges in the realm of network security, compliance and visibility. They needed to be sure that any Cloud management integrated solutions would be compatible and effective across the major public cloud infrastructures-as-aservice (iaas) providers, which included AWS, Azure, and GCP. Due to their anticipation of these security challenges, Cadence began using Check Point Cloudguard Dome9 as soon as they moved to the cloud.

Check Point helped Cadence to meet the following challenges:
• Visibility in a Multi-Cloud Environment Providing User Flexibility
• Maintain Access Control
• Compliance Reporting for Customers

GDPR and Cyber Security – How Will ‘Appropriate Action’ Evolve?

Will Davies, Head of Information Security Assurance, Cabinet Office

GDPR does not specifically mandate how organisations should process their data securely, instead of expecting organisations to take ‘appropriate action’ using technical and organisational measures to protect their systems. This ‘appropriate action’ is currently interpreted as taking reasonable steps to ensure data is kept and transferred securely and keeping up basic cyber hygiene.
As security threats change, this definition is unlikely to remain static. But how will this interpretation adapt in years to come? This presentation explores how future cybersecurity requirements of GDPR are set to evolve, and how the public sector needs to adapt to keep abreast of these changes.


Rise of the Machines: Protecting These New Identities

Trevor Camp, UK Account Director, Venafi

There are two actors on every network – people and machines. People rely on user names and passwords to identify themselves and gain access to machines, apps and devices. Machines use digital keys and certificates for M2M communication and authentication. But we’re not protecting these growing machine identities. We spend billions each year on user name and password security, but almost none on protecting keys and certificates. Learn about these new security risks and the steps you can take immediately to get these risks under control.

Questions to the Panel of Speakers
Closing Remarks from the Conference Facilitator
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.