Application security needs to be made an integral part of the full software development lifecycle, which is easier said than done. A DevSecOps approach will also support application security but what processes, tools and automation are needed to achieve this? This stream will explore the key components of this, including security auditing, penetration testing, threat modelling, design reviews and security unit testing. How can we achieve agility as well as share the responsibility for security business-wide? Also considered will be the rising serverless trend, its impact, and the demand for expertise as the lines between infrastructure and applications blur.

With cyber threats becoming increasingly frequent and sophisticated in nature, we need to use an intelligence driven approach to ensure we are one step ahead. Gain insight into organisations who have already adopted machine learning for both threat detection and intelligence. Learn about deploying various methods to cover the scope of attacks, adjusting to new threats and determining a heat map of where to concentrate business efforts. Join us as we break the stigma around cyber attacks and finally hear from those unfortunate enough to have suffered a significant breach. How best can we respond when faced with a threat and effectively protect our data, all whilst minimising the associated financial and reputational repercussions?

Sponsored by:   

Hackers have typically been ahead of the game using automation, AI and RPA to circumnavigate security protocols. But these technologies are now allowing organisations to fight back. From deep learning, including NLP, machine learning for fraud detection and many others, there is a growing demand for solutions to detect hackers and spot system vulnerabilities. However, AI is also subject to bias. As we’ve already seen in the US, an AI algorithm to predict the likelihood of criminals reoffending was proven to be biased towards black people. How do we tackle this and should we combine decision making with human capabilities and common sense?

Sponsored by:  

After recent high profile attacks, customers are understandably more concerned and businesses are under increasing pressure to adapt to growing expectations and regulation. Most organisations already have, or are in the process of implementing their security strategy. How do we ensure this is continuously monitored and updated and how do we highlight the importance of the fundamental basics that underpin this. As organisations continue to grapple with GDPR and other personal data regulations, there is greater demand for accountability, especially when used for commercial gain. Get insight into how to reach your business objectives whilst maintaining customer trust. Also we will explore encryption including cryptography and highlight how to protect and encrypt data you’ve not been made aware of.

GRC represents the foundation of a true security strategy, yet we need to balance this with business objectives and user experience. Also holding data in the cloud, in the wake of GDPR, has highlighted the lack of awareness from companies on how this is regulated, their responsibilities and how to ensure they are compliant. As businesses expand globally, they are also faced with contrasting regulatory landscapes. We will explore not only GRC trends and tools but in addition how we can work together with third parties and stakeholders to mitigate risk and ensure compliance.

Let’s talk about vulnerability. To protect your network, multiple lines of defense are required. Securing this is not just part of your ‘to-do list’, it should be considered at every stage of the security lifecycle. Rising trends such as BYOD workforces and remote working pose a huge threat. How can all of these devices interact and communicate securely? From firewalls and antivirus software to data encryption and VPNs for the mobile employee, the importance of individual security responsibility is increasingly a top priority. Alongside the shift to cloud computing, the growth in device numbers blurs the line and risks of where business data lives and who is responsible for it. Join the discussion on how best to navigate our network vulnerabilities and identify appropriate measures for detection, prevention and response.

Sponsored by:   

Cloud services are swiftly becoming the norm in enterprise IT. The majority of organisations have moved at least one application or part of their computing infrastructure, embracing the flexibility and scalability cloud offers. But how do we tackle cloud security in hybrid and multi environments and who’s responsible for what? With recent cases of cloud downtime, are you at risk of a 3rd party data breach and if faced with an outage, what is your contingency plan to continue “business as usual”? Let’s get to grips with how to secure our diverse IT infrastructure and achieve a centralised overview to identify gaps in security.

Sponsored by:   

IoT devices continue to be a prime target for cyber attacks, yet security and privacy have been often overlooked. The accelerating number of cyber threats has been encouraged by the growing number of connected IoT devices, and the lack of industry-wide standards. With the adoption of IoT supporting the likes of driverless cars, smart homes and virtual assistants, it is becoming increasingly difficult to secure the sheer amount of data generated. From misinformation in hospitals to malfunctioning autonomous vehicles, the risk of attacks goes far beyond data loss and the business repercussions associated with this; people’s lives are at stake. Join the discussion on the tools and approaches to prevent this and how to drive industry standards to foster consumer trust.

Operational silos, multiple data platforms and increasing numbers of devices, creates inevitable obstacles in identity and access management. Without a thorough strategy in place, the risks to enterprise security and compliance are high. We want to have the right data accessible to the right people, at the right time, but how do we implement this? Join us to discuss the key IAM trends including next-generation adaptive access services, PAM, blockchain-enabled & decentralised identities. 

Employees can be our weakest link, as all too often the target for malicious cyber attacks. Alongside this, unsurprisingly, the growing regularity of high-profile attacks is raising C-suite concern about enterprise security policies. In short, security needs to be central to company culture. The question is how do we promote strategic collaboration and actively raise security awareness throughout the enterprise? How do we recruit skills for the future and upskill roles that can be in part automated? And, what is the role of you, the CISO, in all of this? In a fast-paced, global, technology environment training is required at all levels of the organisation. This stream will be a forum to discuss these obstacles and tackle the overarching issue of the increasing industry skills gap.