08.30 – 09.00
|
Registration
|
09.00 – 09.05
|
Opening Remarks
Stuart Sumner, Editorial Director, Computing and The Inquirer
|
09.05 – 09.20
|
Computing Research: Managing the inevitable: what happens when security is breached?
- SOCs, NOCs and SIEMs
- Communications and responsibilities
- Outsource security or keep in house?
John Leonard, Technology Analyst, Incisive Media
|
09.20 – 09.50
|
Morning Keynote: We’re not a bank
When I came to the construction industry from a heavily regulated telecommunications and IT services company I was often confronted with the statement “We’re not a bank”, meaning we do not need the level of security of the financial industry, we’re a construction company. This reminded me that the golden rule of cyber security is that it must be risk based, appropriate and balanced within the context of the business goals and objectives. This presentation is about understanding the threat landscape that the construction industry exists in and looks at the cyber security challenges faced by a diverse and global construction group involved in everything from residential houses to Nuclear power stations, leading in digital construction, working in multiple countries with different cyber maturity levels, cultural requirements and language barriers. It’s about being realistic and pursuing a pragmatic approach to evolving a security posture appropriate to the risks, not trying to “boil the ocean”, and transforming the perception of cyber security from ‘blocker’ to ‘enabler’ to construction workers and civil engineers.
Ian Hill, Global Director of Cyber Security, Royal BAM Group
|
09.50 –10.20
|
Presentation: How will YOU detect and respond to a data breach?
In the next two years, your company is likely to be the victim of a data breach. How can you be ready to respond successfully, decreasing the impact of the attack? And what have other organisations done to be as prepared as possible? During this session we will explore Incident Response, the need for breach readiness from the boardroom down, and how this all relates to a 23 tonne truck.
Mike Spradbery, Senior Technical Leader, IBM Security UK & Ireland
|
10.20 – 11.00
|
Panel discussion: Who owns cyber-security in your organisation?
- How to juggle sitting on the board, leading the security team and being responsible for the organisation’s security?
- What is the scope of the SOC team’s responsibility?
- How to create a security culture within the organisation and should staff be held accountable?
Andjela Djukanovic, Technology Risk Assistant Manager, KPMG
Ian Hill, Global Director of Cyber Security, Royal BAM Group
Jan Langham, Head of Security, Assurance Flutter
Erik Vynckier, interim CEO, Foresters Friendly Society
Moderator: Graeme Burton, Group News Editor, Computing & The Inquirer
|
Workshop: You are the victim of a cyber attack, so what now? Effective management in a crisis.
You are a member of an incident response team and you have 30 mins to decide how you are going to respond to a cyber attack. Good luck (you'll need it).
Places are limited, to secure your place please contact Evert Lombaert at: Evert.Lombaert@incisivemedia.com
Craig Roberts, European Solution Architect Resilient, IBM Security
|
11.00 – 11.25
|
Morning break, networking and visit to exhibition area
|
11.25 – 11.45
|
How AI-based tools can tighten security
- Defending against cyber-threats using AI and Machine learning, painting a picture of “normal” and detecting when things go wrong.
- Detecting vulnerabilities in unseen parts of your network.
- Using automation to prioritise the security team’s resources and lowering risk
Kit Kirby, Cyber Security Manager, Darktrace
|
11.45 – 12.05
|
Continuous Compliance in the Coded Enterprise
- Hear how DevSecOps principles help successful organisations achieve secure and compliant infrastructure by design
- See examples of where Compliance as Code allows development and InfoSec teams to collaborate via automated processes that can be built into every part of the development cycle
- Learn about continuous compliance and what it means to adopt it in your workflow
Jeff Mery, VP Global Solutions Architects, CHEF
|
12.05 – 12.25
|
Third-Party Risk Management: Overcoming Today's Most Common Security & Privacy Challenges
- Review the drivers and challenges organizations face when managing third-party vendor risk
- Identify priorities before, during and after vendor procurement
- Takeaway a six-step approach for automating the third-party vendor risk lifecycle
- Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk
David Sinclair, Privacy Solution Consultant, OneTrust
|
12.30 – 13.30
|
Lunch break, networking and visit to exhibition area
|
13.30 – 14.10
|
Ex-Hacker Keynote: Malicious software developments
A look into recent major malicious software attacks for the lessons learned; looking at how recent malicious software spreads and how this might develop in the future. Holly will aim to link malicious software propagation techniques to those techniques used by penetration testers to allow security teams to focus their efforts.
Holly Grace Williams, Technical Director, Secarma
|
14.10 – 14.50
|
Panel discussion: Making security an integral part of digital transformation
- How to go through digital transformation without compromising your security?
- How to make sure service providers have covered all their (and your) bases?
- How to make sure your apps and software are up to date and don’t clash?
Jonathan Freedman, Head of Technology & Security, Howard Kennedy
Luis Lancos, Senior Vice President for Technology, Elavon Financial Services
Megan Pentecost,Information Security & Data Compliance Manager, British Heart Foundation
Karthik Selvaraj, Chief Innovation Officer, Cogniflare Limited
Moderator: John Leonard, Group Research Director, Incisive Media
|
14.50 – 15.10
|
Afternoon break, networking and visit to exhibition area
|
15.10 – 15.35
|
Case Study: Can employees ever become the strongest link in cybersecurity?
We often hear employees described as the ‘weakest link’ in security - but what if we listened to them instead, and tried to understand why security policies are violated or phishing links clicked? In this talk, Prof. Joinson will discuss how people’s security (mis)behaviour can be understood, how it can be changed, and why we need to rethink how cybersecurity is managed within organisations
Professor Adam Joinson, the University of Bath
|
15.35 – 16.15
|
Panel discussion: Securing the future - should the focus shift from defending to containing attacks?
- Would perimeter defence and staff training be enough to secure your organisation?
- Could new defence approaches and solutions - “Zero trust”, reverting to old tech – provide the required security?
- Should attacks be accepted as business as usual? How could they be detected earlier and defended against with greater efficiency?
Lorenzo Grillo, Managing Director, Alvarez & Marsal
Latif Hussain, Lead IT Enterprise Architect, British Film Institute
Michael Meaney, Enterprise Security Architect, AXA UK
Craig Roberts, European Solution Architect Resilient, IBM Security
Moderator: Tom Allen, Delta Site Editor, Computing
|
16.15 – 16.45
|
Closing Keynote: Overview of Cyber Threat
An overview of the cyber threats, trends and highlights as observed by NCSC
Senior representative, NCSC (confirmed)
|
16.45 – 16.55
|
Closing remarks
Stuart Sumner, Editorial Director, Computing and the Inquirer
|
16.55
|
Drink reception
|
