Day 1 - 25 April 2019
Developing security solutions: Chair’s welcome and opening comments
Cyber security Posture – how good is your overall cybersecurity strength?
- Benefits of taking a holistic approach to cyber security, and how it improves the strength of your organisations cyber security
- Examining policies, procedures and control mechanisms of different hardware, software, & cloud solutions – what else needs considering?
- How to measure the other aspects of your overall security offering – including practices, processes, and the human behaviour.
Head of Cloud Security
10:20AM - Day 1
Securing a multi-brand e-commerce business in the Cloud
- What Stu found when he joined Photobox and why he decided to take on the role (a lack of any ownership of Cloud Security, brands using differing processes, ineffective tooling, visibility and reporting, departing members of staff with considerable cloud knowledge, little automation, basic errors being made)
- Implementing the Cloud ‘basics’ before doing the cool stuff! What did we do first? Why did we choose to do those things?
- How we have worked to culturally change an already cloud-first business to become a cloud-first, security-first business
- What problems we’re trying to solve; 3/6/12 months strategies/objectives and beyond
- ‘Compliance As Code’ and our journey to get there. What we still have to do.
- Challenges/Learnings – info the audience take away as tangible advice. What might we do differently?
Keynote: Developing an effective cloud cyber security solution
Panel: Sharing responsibility for cloud security
- Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
- Which stakeholders throughout the business and beyond have to take responsibility for cloud security, and what education and training is required?
- How do consumers fit into all this?
- Discussing effective strategies for sharing this responsibility effectively from Enterprise.
Case Study: Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure
- What CASBs do and how they differ from more traditional cloud security solutions
- How CASBs help with shadow IT policies and rising employee use of cloud apps
- Combining visibility, compliance, data security and threat protection
Zero Trust Security – the next phase of cloud identity
The next wave of cloud identity is through Zero Trust Security (ZTS). With more apps being used ‘as a service’ in the cloud, and more employees working remotely, traditional identity and access management (IAM) doesn’t cut it today. What’s more, ZTS assumes there will be bad actors both inside and outside your company’s network.
This session will explore what Zero Trust Security is, how it relates to organisations today in an IoT-heavy landscape, and how technologies such as machine learning can make an even greater impact.
Head of Cyber Threat Response
National Crime Agency
02:20PM - Day 1
Afternoon Keynote: Policing in cyber space – The Law Enforcement response to cyber crime
- How are cyber criminals currently targeting businesses?
- What is law enforcement doing to tackle the threat?
- How can Law Enforcement and business work together more effectively?
Enterprise benefits of SIEM systems
- Security information and event management (SIEM) systems are becoming key components of many modern security systems.
- Discussing the key features you need to consider when selecting your SIEM system: integration with other systems, AI/ML capabilities, forensics capabilities, robust compliance reporting features.
- Examples of where SIEM systems are being used in real life.
- What benefits are being realised by organisations using this technology?
Panel: Role of ethical hacking and penetration testing
- What role white and grey hat hackers can play in developing secure systems?
- Discussing the challenges and opportunities in this field
- Real life examples from enterprise of how pen testing and ethical hackers are improving their organisations cyber security.
04:10PM - Day 1
Understanding cyber risk and how to avoid being called “stupid”
To follow soon…
Breach and attack simulation
Breach and attack simulators allow organisations to test their cyber defences from multiple angles – both pre exploitation, post exploitation and through organisational awareness testing. Hear how this technology allow organisations to understand the risks, validate their control systems and overall improve the quality of their security defences all along the stack. What advantages does this type of testing have over and beyond standard pen testing?
What is next on the threat horizon for 2019: staying one step ahead
- Recent years have seen cyber attacks on organisations as wide ranging as Facebook, the City of Atlanta and the NHS, but what is likely to be the next big target for cyber criminals in 2019?
- Are finance and healthcare still major targets? Does the ever rising use of IoT devices influence this?
- What influence will emerging technology like Blockchain and AI have on future attacks.
- What new solutions and tactics are available on the market to mitigate these new risks?
Day 2 - 26 April 2019
Developing Security Solutions Day 2 – Chair’s Welcome and Opening Comments
Building a genuinely agile security team, enhancing productivity and visibility with minimal overhead
- How to ensure security enables the business
- Continuously delivering value and ensuring no / minimum wasted effort
- Closely aligning to business needs
- Not hiding behind SLAs
Keynote: Protecting your reputation – network security in action
As data is a key asset for all modern organisations, securing the entirety of your network is of vital importance and a breach can have devastating consequences on all stakeholders involved, most importantly losing the trust of all those involved. Hence securing your network, from applications, mobile and IoT devices, emails and messaging to data centres and infrastructure is vital. This Keynote presentation will outline how a robust network security system can maintain the reputation of your business, giving real life examples from across verticals and give step by stpe practical advice on implementing E2E network security.
Panel: Implementing DevSecOps in Enterprise
- Discussing the need for DevSecOps for your security team?
- Reconciling the goals and needs of your organisation with the ever shifting cyber security landscape.
- Barriers to security: lack of security ‘culture’ in your organisation, getting C level buy in.
- Examples of success from DevSecOps teams.
Chief Security Architect
12:00PM - Day 2
It’s not all tech: cultural change for DevSecOps
- Security shifting from an afterthought to critical, foundational and pervasive
- The importance of automation for embedding and scaling security expertise
- How governance models must be extended through the development and operations process to auditing and beyond
- Some of the key organisational obstacles you will meet – and how to address them
- The importance of tools and process, but how you will need culture and executive buy-in to succeed
Panel: Application Security
Senior Representative, Humio
02:40PM - Day 2