Programme @

GOVSEC

Government IT Security

26 May 2022

Virtual

Programme @ GOVSEC

Morning Session

defending the state, working with our allies, and ensuring the UK is safe and secure

  • Challenging the growing threat of state-backed actors
  • Designing, building and operating digital services which are cyber-secure
  • Developing cyber resilience
  • Facilitating the new normal in remote working
  • Take a risk-based approach to your online profile
  • Panel discussion and audience Q&A

09:30 (BST)

Conference Chair's Opening Address

Jessica Figueras
Founder, Hither Strategy
view profile

Jessica Figueras, Founder, Hither Strategy

09:40 (BST)

Why is Delivering an Integrated Security Approach Enabling Business Objectives so Challenging?

Stuart Frost BEM
Head of Enterprise Security & Risk Management, UK Government, DWP
view profile

Stuart Frost BEM, Head of Enterprise Security & Risk Management, DWP

A look at why a risk driven approach to security is so challenging in today’s delivery-focused environment:

• Is the problem the IT or is it people?
• Is it compliance or continuous improvement?
• How do we gain assurance?
• How do we work together to deliver safely and securely?

09:55 (BST)

Threat Visibility in a New Era of Risk

Tendayi Moyo
Regional Account Manager for Public Sector, Trend Micro
view profile

Tendayi Moyo, Regional Account Manager for Public Sector, Trend Micro

The unprecedented events of the last two years have propelled government digital transformation, paving the way for challenges – and opportunities. Whilst it has helped to support remote workers and drive business efficiencies, the rise in home schooling and work has increased the number of threat vectors. Trend Micro detected over 94 billion cyber-threats in 2021, up 42% on the previous year. Threat actors are seeking out visibility and control gaps with ease, and monetising attacks in ever more destructive ways.

This session will cover the need for a unified approach in maintaining visibility in such times of uncertainty whilst managing information siloes, the skills gap and siloed teams, new ways of working, and a drastically changing threat landscape:

  • How increasingly complex environments are creating even broader attack surfaces
  • The challenges in assessing, managing, communicating risk – and ultimately mitigating it
  • Consolidating and enhancing protection for customers from the endpoint to the cloud, and beyond

10:10 (BST)

“These are the Voyages…” Join the MoJ SPACE Team in a Security Policy and Culture Mission

Adrian Warman
Head of Security Policy, Awareness, Culture and Education (SPACE) , Ministry of Justice
view profile

Adrian Warman, Head of Security Policy, Awareness, Culture and Education (SPACE), Ministry of Justice 

Security policy is critically important to any enterprise. But how do we find the balance point between the conflicting demands of correctness, complexity, completeness and comprehension? The more detail we provide, the greater the chance of loopholes, or inconsistencies.

In this talk, I introduce the MoJ Security Policy, Awareness, Culture, and Education (SPACE) team, and explain how an information architecture supports a rich and consistent delivery model, focusing on better-than-good-enough security outcomes.

In particular, we cover:

• A gold-standard information creation and delivery pipeline
• Escaping from ‘the ivory tower’ with the help of non-practitioners
• Measuring messages

10:25 (BST)

Identity Security: Making the Mission Possible

Paul Squires
Lead Identity Strategist, SailPoint
view profile

Paul Squires, Lead Identity Strategist, SailPoint

Integrating identity and security technologies to address a specific requirement is just one piece of the modern cybersecurity puzzle. Broader initiatives, like Zero Trust and Insider Threat, also require an identity-centric approach to ensure security and an optimal user experience.

The identity-centric security approach provides real time, intelligence-based access to data and applications by integrating IAM infrastructure with enterprise cyber security technologies. Identity has finally transitioned from operational and user experience driven, to being recognised as the core of security.

During this session we will discuss:

– The framework and practical guidance that helps organisations put identity at the centre of their security strategy.

– How to optimise existing investments to solve complex identity security challenges

– How Identity Security gives your agency unmatched visibility while automating and accelerating control and compliance of all users, entitlements, systems, data, and cloud services.

10:40 (BST)

Neurodiversity and the Security Skills Gap

Purvi Kay
Head of Cyber Policy, Outreach & Business Operations Team. Home Office
view profile

Purvi Kay, Head of Cyber Policy, Outreach & Business Operations Team, Home Office

Studies often claim the primary reason for the security skills gap is the lack of qualified candidates available to recruit. Is this really true?

This session will cover:

• How can we get a better understanding of the security skills gap and its causes?
• Are we creating an artificial skills/talent gap by putting an excessive focus on technical skills?
• What role does Neurodiversity play in creating and developing a robust talent pipeline of security professionals to tackle today’s security issues?
• What’s been done so far and what can we do to make things better?

10:55 (BST)

Questions to the Panel of Speakers

11:20 (BST)

Refreshment Break Served in the Exhibition Area

11:45 (BST)

The Conference Chair Introduces Session Two

Jessica Figueras, Founder, Hither Strategy

11:50 (BST)

Why Zero Trust? Why Now?

Brendan Casey
Solutions Engineer, BeyondTrust
view profile

Brendan Casey, Solutions Engineer, BeyondTrust

Remote working is now commonplace, while hybrid and multicloud footprints continue to rapidly expand. In this increasingly perimeterless world, Public Sector organizations must embrace zero trust security principles, such as least privilege, continuous authentication and monitoring, segmentation, and microsegmentation to stay secure, while moving digital transformation forward.

Join Brendan Casey, Solutions Engineer, who will share:
• What Is Zero Trust?
• Zero Trust vs. Zero Trust Architecture – Are They Different?
• The Path to Zero Trust

 

12:05 (BST)

Remote Working: What Added Threats Does it Pose?

Anulka Clarke
Head of Assurance, Information Commissioner's Office
view profile

Anulka Clarke, Head of Assurance, ICO

The 2020 pandemic has meant that more and more of us have had to work from home. This is particularly true for government employees, which already had a significant percentage of its workforce operating remotely.

Such growth has led to an increase in potential attack vectors as sensitive information and critical systems move outside of the traditional network setting in order to support user access from multiple locations and devices.

We address key security risks and controls from a data protection perspective; with reference to case studies taken from ICO audits and investigations as well as security breaches reported to the ICO.

12:20 (BST)

Navigating Cyber Security Regulation and Frameworks to Accelerate Change

Dean di Pasquale
Head of Information Assurance, 6point6
view profile

Dean di Pasquale, Head of Information Assurance, 6point6

The UK does not have a singular cyber security framework to which companies can certify, which can make it a tricky to navigate and costly to get wrong. Join Dean di Pasquale as he explores real client stories to give a simple breakdown of the necessary classifications, clearances, cyber regulators, certifications and frameworks needed to operate in the Public Sector.

12:35 (BST)

Questions to the Panel of Speakers

12:45 (BST)

Networking Lunch

13:30 (BST)

Session Three - The Seminars

Delegates have the chance to attend one of the Seminar Sessions:

View Seminar Sessions

14:15 (BST)

Networking in the Exhibition Area

Afternoon Session

detect, deter and defend against new and emerging threats

  • Neurodiversity in action: how to address the cybersecurity skills gap
  • Improve CNI resilience: why wargames are important
  • Ethical AI as a key security asset
  • Panel discussion and audience Q&A
  • Identifying your greatest risk
  • A single sign-on for all citizens?
  • Centralised Security Visibility, Control and Remediation capabilities

14:30 (BST)

The Conference Chair Introduces Session Four

Jessica Figueras
Founder, Hither Strategy
view profile

Jessica Figueras, Founder, Hither Strategy

14:35 (BST)

The Cyber Security Approach to Smart Metering

Daryl Flack
Security Lead, Smart Metering Implementation Programme; Department for Business, Energy and Industrial Strategy (BEIS)
view profile

Daryl Flack, Security Lead, Smart Metering Implementation Programme, Department for Business, Energy and Industrial Strategy (BEIS)

This presentation will discuss the approach taken to designing, building and maintaining the Smart Metering system whilst enabling technology diversity and change in a secure and managed way. It will include how technical, regulatory, governance and assurance requirements are met, and the approaches taken to strike the right balance between security, business needs and broader policy and national security objectives.

•Roles and responsibilities
•Setting a framework for success
•Risk Assessment
•Security Requirements
•Security Architecture
•Trust Modelling
•Securing Communications
•Regulatory Instruments
•Assurance
•Governance
•Building and maintaining a secure ecosystem
•Enabling technology diversity and change securely

14:50 (BST)

Cyber Resilience: Supporting UK Government’s Strategic Cybersecurity Goals

Baldeep Dogra
Director, Product Marketing (+Solutions & Vertical Marketing), BlackBerry
view profile

Baldeep Dogra, Director, Product Marketing (+Solutions & Vertical Marketing), BlackBerry

After Brexit the UK needs to re-position itself as a beacon for global business and cybersecurity awareness will play a key part in building that attractiveness. The NCSC published their ’10 Steps to Cyber Security’ recommendations recently that would give organisations guidance on how to protect themselves in Cyberspace.

This session will position an AI based approach to Cybersecurity that will support and strengthen the NCSC’s vision while giving perspective on the user and not just endpoints.

15:05 (BST)

Collaborative working in Cyber Resilience in Scotland

Jude McCorry
CEO, Scottish Business Resilience Centre
view profile

Jude McCorry, CEO, Scottish Business Resilience Centre

This talk will be centred on the role played by the Scottish Business Resilience Centre and its approach to working collaboratively and bringing together the Scottish Government, Police, Fire and Rescue, and other primary public service providers.

15:20 (BST)

Questions to the Panel of Speakers

15:30 (BST)

Afternoon Networking and Refreshments served in the Exhibition Area

15:45 (BST)

The Conference Chair Introduces Session Five

Jessica Figueras, Founder, Hither Strategy

15:50 (BST)

Identifying your Greatest Risk

Deep Singh
Lead Security Engineer, National Records of Scotland
view profile

Deep Singh, Lead Security Engineer, National Records of Scotland

In a world focused on external threats, from professional hackers to foreign intelligence services, what is often forgotten is the individuals and third-party organisations who already have a degree authorised many would-be adversaries could only dream of.

Whether by accident or design, malicious damage carried out by such actors can have a devastating impact on operations, service delivery, reputation and budgets.

We address, how you can minimise the threat posed by internal actors, from programme and project management through to technical services, enterprise audit, analysis and permissions management.

16:05 (BST)

Take a Risk-Based Approach to your Online Profile

Shelton Newsham
Divisional Information Security Officer, UK Health Security Agency
view profile

Shelton Newsham, Divisional Information Security Officer, UK Health Security Agency

Networks run by hostile states or organised criminals are being increasingly utilised in order to capture the private and highly sensitive data of senior government security and risk leaders.

The primary mode of attack is through the sending of seemingly innocuous connection requests dressed up as an offer for a lucrative job offer.

We address:

• Caution when connecting with profiles you don’t know
• One click can lead to being linked to malicious profiles
• Impact on your organisation and colleagues
• Threat may escalate to the level of national security

16:20 (BST)

Questions to the Panel of Speakers

16:25 (BST)

Closing Remarks from the Conference Chair

Jessica Figueras, Founder, Hither Strategy

16:30 (BST)

Conference Closes

Platform remains open for two weeks

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

New Cyber Security Regulations Via EU Commission
The European Commission (EC) has proposed new regulations to establish common cyber and information security measures to bolster resilience and response capacity against a wider range of cyber threats. New Rules Under the new proposal cybersecurity regulation published on March 22 2022, all European Union (EU) institutions, bodies, offices and agencies are required to have...
Identity Transformation in the Public Sector
SailPoint talked to Jason Corbishley, CISO, Police Digital Service; and Kurt Frary, Deputy Director of Information Management & Technology / CTO Norfolk County Council, about what identity management means to them. Identity is at the heart of access controls. As more and more people choose to work from home, public sector organisations have had to...
Youtube, TikTok and Instagram Exposed in 223 Million Account Data Breach
In data breach news, this month saw a database of almost 235 million social media profiles exposed on the internet from such recognisable platforms as Youtube, Instagram and TikTok. The research undertaken has identified that information breached could open users up to phishing and impersonation scamming as well as unwarranted email usage. On August 1st,...