Programme @

GOVSEC & CyberGov

Government IT and Cyber Security

30 November 2023

Victoria Park Plaza Hotel, London

Programme @ GOVSEC & CyberGov

Morning Session

Understanding people, mastering your processes and acquiring new technology

  • Fireside Chat – Developing and Delivering Cyber Resilience across the Health and Care Sector
  • Old Malware: Unveiling Earth Preta’s Lair
  • The Pure AI Advantage – Protecting your Organisation & the Environment
  • Cyber Myths: A Public Sector Perspective
  • Cyber-resilience and How to Utilise Zero Trust to Achieve it Now
  • ThreatLocker Demo: Zero Trust in Action
  • Demystifying Cyber Threat Intelligence: How It Can Actually Add Value to an Organisation
  • Cloud Data Security – The Vision vs Reality

09:00

Conference Chair's Opening Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

09:10

Fireside Chat – Developing and Delivering Cyber Resilience across the Health and Care Sector

Mike Fell OBE
Executive Director – National Cyber Operations, NHS England
view profile
Michelle Corrigan
Programme Director – Better Security Better Care, National Care Association
view profile

Mike Fell OBE, Executive Director – National Cyber Operations, NHS England
Michelle Corrigan, Programme Director – Better Security Better Care, National Care Association

Delivery of Health and Care is increasingly reliant on digital solutions. Cyber security must be understood as a patient and service user safety issue yet, like many sectors, we have seen an increasing tempo of disruptive attacks in recent years. This session will seek views of those close to the front line of cyber strategy across the sector, sharing insight into the threat landscape, details of recent incidents and looking to the future plans to help those delivering health and care to be cyber resilient.

Question Themes:

  1. What are the cyber threats you see within the Health & Care sector?
  2. Can you tell us about the method and impact of any recent incidents?
  3. It sounds like there’s risks to the overall approach of increasing use of digital solutions -what’s the strategy to make a more resilient health and care sector?
  4. What support is available within the care sector and what’s done nationally to help those delivering care tackle the cyber threats?

09:40

Old Malware: Unveiling Earth Preta's Lair

Erick Thek
Cyber Threat Intelligence Manager, Trend Micro
view profile
Erick Thek, Cyber Threat Intelligence Manager, Trend Micro

Prepare for an enlightening session as Erick delves into the implications of the resurgence of ‘old’ malware threats, once deemed obsolete, and the invaluable insights they provide for shaping robust countermeasures. Our journey unfolds through the discoveries of a 1.5-year-long research project into the cyber espionage efforts of a state-sponsored organisation, named ‘The Canopy.’ With over 350 unsuspecting victims unveiled, we reveal the key insights from an in-depth intelligence analysis, dissecting various operation groups, their (TTPs), and their goals.

09:55

The Pure AI Advantage - Protecting your Organisation & the Environment

Paul Fryer
Senior Manager, Sales Engineering, BlackBerry
view profile

Paul Fryer, Senior Manager, Sales Engineering, BlackBerry

  • Improve your cyber defence and your lifecycles.
  • How mature pure AI modelling works to lessen environmental impact.
  • More prepared does not equal more resource.

10:10

Cyber Myths: A Public Sector Perspective

Adrian Warman
Threat and Vulnerability Management Lead, UK Ministry of Justice (Digital and Technology)
view profile

Adrian Warman, Threat and Vulnerability Management Lead, UK Ministry of Justice (Digital and Technology)

The cyber industry has many best practices and conventions. The reality is that some arise by convention and are sustained by momentum, rather than because they are valid. In this presentation, we’ll explore some of these cyber myths and consider how they apply to the public sector – or not! Examples include favourites such as the importance of certifications, the validity of phishing testing, and the new hot topic, ‘AI’.

10:30

Cyber-resilience and How to Utilise Zero Trust to Achieve it Now

Phil Williams
Senior Systems Engineer, Illumio
view profile

Phil Williams, Senior Systems Engineer, Illumio

While we all have the target of 2030 to achieve compliance with the UK Cyber-security strategy, we need to be able to maintain services today. Having recently seen too many examples where patients are diverted, food is not delivered, and energy supplies disrupted, we need to be able to build more resiliency into our systems. The evolution of security over the last 35 years has made this too complex. In this session we will look at how we can use some of the principles of Zero Trust to simplify this process and introduce more resilience.

10:45

Questions to the Panel of Speakers

11:00

Refreshment Break Served in the Exhibition Area

11:25

Welcome to Session Two

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

11:30

ThreatLocker Demo: Zero Trust in Action

Eoin McGrath
Solution's Engineer, Threatlocker
view profile

Eoin McGrath, Solution’s Engineer, Threatlocker

A demonstration of policies and controls to strengthen your security.

11:45

Demystifying Cyber Threat Intelligence: How It Can Actually Add Value to an Organisation

Stuart Wiggins
Strategic Threat Advisor, CrowdStrike
view profile

Stuart Wiggins, Strategic Threat Advisor, CrowdStrike

The term “Cyber Threat Intelligence” is used throughout the industry and can mean many different things. In this talk by CrowdStrike we will look to define the value that intelligence can bring to an organisation, how you can turn information into intelligence and tips for leveraging it in the tactical, operational and strategic domains. This will be drawn from Stuart’s over 14 years of experience working in the UK and US intelligence communities and from helping private and public sector organisations build and enhance their threat intelligence programs.

12:00

Cloud Data Security - The Vision vs Reality

Romana Hamplova
Cyber Security Expert & Presales Manager, Thales Data Security
view profile

Romana Hamplova, Cyber Security Expert & Presales Manager, Thales Data Security 

We have gone so far into the land of cloud, but did we forget something along the way? Come to hear from the Cyber Security Expert focusing on data security and sovereignty – what was the CSPs and Vendors’ vision vs reality; the challenges; common use cases and success stories. Romana will take us through hers and her team’s latest experiences gained in working on major cyber security customer projects, she will discuss the gap between vision and reality, and will provide an overview on how Thales has helped its customers to achieve their Cloud & Digital Transformation business objectives and goals.

12:15

Questions to the Panel of Speakers and Delegates Move to the Seminar Rooms

12:30

Seminar Sessions

13:15

Networking Lunch

Served in the Exhibition Area

Afternoon Session

Emerging techniques, new tools and real-life case studies

  • Public Sector Cyber Security in the Age of AI
  • Risk Appetite – How Hungry Are You Really?
  • Automated Defense with AutoXR
  • Let’s Risk It
  • Context-Less Authentication and the Pan NHS Authenticator Strategy
  • Cabinet Office Closing Keynote

14:00

Conference Chair’s Afternoon Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

14:05

Public Sector Cyber Security in the Age of AI

James Duggan
Solutions Architect, Synack
view profile

James Duggan, Solutions Architect, Synack

Generative AI has unlocked enormous opportunities in the cybersecurity arena, from streamlined vulnerability management to faster incident response. However, the new attack pathways created as a result of this technology still need to be addressed, especially among government departments with broad missions and distributed teams and tech.

We hope you’ll join us for a topical discussion on AI in security operations and testing, with recommendations for securing interoperability and how to position your organisation for success.

14:20

Risk Appetite – How Hungry Are You Really?

Andy Simpson, Chief Information Security Officer, Houses of Parliament: Restoration and Renewal Delivery Authority
Andy Simpson
Chief Information Security Officer, Houses of Parliament: Restoration and Renewal Delivery Authority
view profile

Andy Simpson, Chief Information Security Officer, Houses of Parliament: Restoration and Renewal Delivery Authority

A focused talk on exploring the intricacies and expectations of managing a low to zero cyber security risk appetite across your business.

  • Working with risk appetite statements
  • Exploring the real meaning of threat profiles to your strategy
  • Managing executive and board expectations
  • Buying out risk versus tolerating vulnerability

14:35

Automated Defense with AutoXR

Dominic Trott
Director of Strategy and Alliances, Orange Cyberdefense
view profile

Dominic Trott, Director of Strategy and Alliances, Orange Cyberdefense

  • How effective automation plays a key role in cyber defense
  • How compatibility is the key to help you automate anywhere
  • The need for cost effective automated solutions
  • Combining People, Technology and Processes with AutoXR

14:50

Questions to the Panel of Speakers

15:05

Afternoon Networking

Refreshments served in the Exhibition Area

15:30

Welcome to Session Five

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

15:35

Let's Risk It

Stuart Frost, BEM
Head of Enterprise Security & Risk Management, UK Government (Senior Civil Service)
view profile

Stuart Frost, BEM, Head of Enterprise Security & Risk Management, UK Government (Senior Civil Service)

Multi millions are spent each year by the security industry yet the outlook for 2023 and beyond continues to worsen. What’s the problem and where are we going wrong? Are we focusing on the right things, are we assuring our risks are understood and managed effectively? Are we learning and improving or standing still? This presentation puts an introspective lens on the industry to provide thoughts and answers.

  • Why do we continue to fall victim to similar attacks?
  • Are we overly focused on compliance to the detriment of effective risk management?
  • Are we compliant but not secure?
  • Do we treat security risks as business risks?
  • Do we overcomplicate things?

15:50

The Cyber Security Value of Logging

Andrew Gogarty
Chief Technology Officer, Secon
view profile

Andrew Gogarty, Chief Technology Officer, Secon

  • The average time to detect a breach in 2022 is 207 days, organisations are missing opportunities to detect cyber criminal activity often before it’s too late to prevent impact
  • Security logs used properly can help aid early detection but also dramatically improve an organisation’s chance of recovery in the event of a breach
  • This presentation is aimed to help you understand how logs can not only help prevent breaches but also give you a fighting chance of recovery in the event of a breach

16:05

Strategies for Securing Government in an Evolving Cyber Landscape

Dr. Ravinder Singh
Modernising Technology Programme Manager, Cabinet Office - Central Digital and Data Office (CDDO)
view profile
Dr. Ravinder Singh, Modernising Technology Programme Manager, Cabinet Office – Central Digital and Data Office (CDDO)

 

In today’s ever-changing digital environment, the government faces a constant challenge to protect its IT infrastructure from an increasingly sophisticated array of cyber threats. This presentation will delve into the latest approaches to ensure the security and resilience of government systems. Ravinder will explore adaptive defense mechanisms, the implementation of Zero Trust frameworks, the integration of real-time threat intelligence, and the power of collaborative cybersecurity ecosystems. He will discuss these strategies, offering insights and solutions to fortify the government against the evolving cyber landscape and to bolster our nation’s security in this digital age.

 

16:20

Questions to the Panel of Speakers

16:35

Closing Remarks from the Conference Chair

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

16:45

Conference Closes

Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Risk management and Cyber Intelligence is key to public sector security
Blog By: One Identity This year the UK government broke new ground in protecting national infrastructure by launching the GovAssure programme. The GovAssure programme promises to be transformative change in government cyber security, by bringing rigour and objectivity to the table. In short, this initiative aims to audit all government departments by semi-independent entities. GovAssure...
Driving cyber-resilience in public sector IT: practical insight at GOVSEC
Blog by: Trend Micro Data from the National Cyber Security Centre (NCSC) cited in a government report last year revealed that 40% of incidents tackled by the NCSC over 2020-21 impacted the public sector. To find out more, hundreds of cybersecurity and government IT specialists will converge in London later this month for the annual GOVSEC & CyberGov conference....
Earth Estries Targets Government, Tech for Cyberespionage
Blog By: Trend Micro Earlier this year, we discovered a new cyberespionage campaign by a hacker group we named Earth Estries. Based on our observations, Earth Estries has been active since at least 2020. We also found some overlaps between the tactics, techniques, and procedures (TTPs) used by Earth Estries and those used by another...