Cyber resilience is fundamental to business operations. Recently released research from Microsoft states: Cybersecurity provides the underpinning to operationally resiliency as more organisations enable secure remote work options. To maintain cyber resilience, businesses need to regularly evaluate their risk threshold and ability to execute cyber resilience processes through a combination of human efforts and technology products and services. The cloud makes developing a comprehensive Cyber Resilience strategy and preparing for a wide range of contingencies simpler.

More than half of cloud forward and hybrid companies report having cyber-resilience strategies for most risk scenarios compared to 40% of primarily on-premise organisations. 19% of companies relying primarily upon on-premise technology, do not expect to maintain a documented cyber-resilience plan.

58% of businesses increased security budgets, 82% of businesses plan on adding security staff and 81% feel pressure to lower budgets.

The Cyber Security Solutions Summit consists of a series of presentations, end-user case studies and panel discussions which address the most pressing challenges & opportunities in today’s hostile digital environment. With 20 sessions scheduled across two days, we’ll present our audience with an unparalleled learning & networking opportunity to source products, services and technologies to help protect business networks and data assets.
 

ACCESS THE CONTENT ON-DEMAND

09.00 - 09.25 - Seven Deadly Sins of Cyber Security

As an MSP, with hundreds of engineers and a wide range of Customers we frequently see a set of common mistakes which are made. The sins of Cyber security. In this session we review those activities & omissions which we regard as the most critical, or frequently found. As an MSP with 18-years of IT service experience we bring our collective knowledge and present our findings. Some of these you will no doubt recognise or expect to be present, others you will perhaps be surprised to see. This thought provoking seminar will leave you thinking about how you asses risk and probably wanting to make changes too.

• Peter Lukes, Managing Director, Wanstor
• Francesca Lukes, Strategy Director, Wanstor
• Vijay Rathore, Specialist Security Consultant, Wanstor

----------

09.35 - 10.15 - Navigating the staffing challenge within security teams

The (ISC)2 annual Cybersecurity Workforce Study estimates a global cybersecurity talent shortage of 3.5 million. Add a global pandemic to the mix, with cyber security professionals redeployed to IT-related issues and an increasing number of social engineering attacks - and we have ourselves a problem. This panel brings together cross-industry cyber leaders to explore:

- How cyber security teams have changed since March and how this has impacted lines of defence
- The channels available to recruit skills needed and how to utilise the 'lost workforce'
- Alternative competitive benefits when higher pay isn't an option
- If we can expect more budget for cyber resource moving into 2021

PANEL:

• Moderator: Paul Harragan, Cyber Security Portfolio Lead, EMEA, EY
• Chris Green, Head of PR & Communications - EMEA, (ISC)2
• Jamie Whitcombe-Jones, CISO, Alliance Insurance UK
• Jim Perry, Solutions Engineer, EMEA Proficio

----------

10.25 - 10.50 - Securing the Future of Work with Cyber AI

Global disruption has taught us that the only certainty is uncertainty.

Business leaders need to remain confident that their operations can continue securely in the face of global or even regional events. Though parts of the world are re-opening, attackers have not slowed down and may be even lying in wait to take advantage of the next disruption.
Traditional, static, legacy approaches to security consistently prove both unintelligent and ill-equipped to adapt. Organizations often find themselves undergoing a delicate balancing act—each new work practice and technology that is needed to adapt, evolve, or even grow also brings unforeseen risk.

This session will explore how Cyber AI allows organizations to achieve much-needed adaptability and resilience, ensuring seamless transition and the ability to disrupt attacks at the earliest moment.
In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.

• Andrew Tsonchev, Director of Technology, Darktrace

----------

11.00 - 11.25 - GDPR and accessibility: Enabling everyone to exercise their data protection rights

As part of GDPR, you have rights about your data. You can access it, request changes to it, or limit how it’s used.
- But a lot of the language on websites or from organisations is not accessible
- GDPR requires that language be appropriate for the audience a service targets
- People with learning disabilities are part of the community, and use services, online or not, like any other person, however, they cannot exercise their data rights because the language is not accessible. At Mencap, the Data Protection Team is in the process of changing this for people it supports and for colleagues with learning disabilities, by making inclusion part of the governance framework, but the tech and wider service sectors need to recognize the need for more accessibility.

• Aurelie Stutz, Head of Data Protection, Royal Mencap Society

----------

11.35 - 12.00 - Securing Corporate IoT : The Role of Cybersecurity Services

The ability to connect many kinds of objects to the internet and to collect data from sensors attached to them is a profound change which companies now need to embrace quickly in order to remain competitive. At the same time, the addition of multiple IoT devices onto corporate networks, and the handling of ever-increasing amounts of data from them, creates a major new security challenge.  The question for a large number of companies is how to implement an IoT system to remain competitive, while at the same time keeping a lid on the cybersecurity risks – which include not only data loss, breach of the corporate network, theft and blackmail, but also potentially compromise of physical control systems.  Keith Maskell and his specialist guests explore solutions ranging from end-to-end encryption across a secure IoT managed platform, to specialised penetration testing, managed breach detection and more.

In this session you will discover:

1. IT security risks arising from corporate IoT projects
2. The concept of a secure managed platform for corporate IoT, including end-to-end encryption of IoT device data 
3. Testing the security of IoT systems; and  detecting security breaches arising from expansion into corporate IoT
4. Packaging the cybersecurity services for delivery at scale to the points of need via a new breed of distribution network

 

• Keith Maskell, Head of Cybersecurity, Titan Solutions joined by 2 guests speakers: Scott Goodwin, CTO,  DigitalXRAID & Adnan Visic, CTO, Ziotsolutions 

----------

12.10 - 12.45 - How security leader's approach IAM in the Zero-Trust model

With staff, customers and stakeholders increasingly accessing applications and API's on-premise and in the cloud as well as the rise of data breaches from compromised identities, IAM should be a central focus of your Zero Trust approach. So how can you implement IAM controls that grant users access from anywhere, at any time, yet maintain strong and centralised security? And how can you create a zero-trust approach which centres on identity? This panel will address these questions, touching on:
- Embracing continuous authentication
- Defining who should have access to what and what is 'essential' to them
- Getting better control as well as user experience with federated SSO
- Creating & managing centralised access and authorisation policies

PANEL:

• Moderator: Haroon Malik, Cyber Security Advisor
• Shujun Li, Director, Kent Interdisciplinary Research Centre in Cyber Security

----------

12.55 - 13.20 - Giving Security a seat in the Board Room

Reflections of a new CISO

• Lyn Webb, CISO, Open University

----------

13.30 - 14.05 - How to build DevSecOps into DevOps pipelines?

Security isn't a DevOps engineer's favourite word, but as you're well aware, that doesn't mean it isn't important! In this panel conversation, we’ll discuss:
- Why security needs to be hand in hand with DevOps
- Where to start with DevSecOps
- The challenges of working with DevOps Teams
- The typical workflow for automating security in the DevOps lifecycle

PANEL:

• Guy Davies, Principal Cloud Architect, Sophos
• Martyn Coupland, DevOps Ambassador, DevOps Institute

----------

14.15 - 14.40 - Securing cloud environments, staying on top of cloud configurations to prevent data leaks and exposure

As organizations expand further into the cloud, there continues to be an influx of simple mistakes, such as misconfigurations, that can expose organizations to significant security, privacy and regulatory risks. Security teams are stretched, but must stay on top of expanding cloud use and ensure proper security controls are implemented in these environments and maintain compliance over time. To understand just how well security professionals are implementing industry best practices for cloud security, Tripwire has conducted some detailed research and will share these findings and actionable recommendations for securing the cloud.

The session will cover:

• Current trends on growing cloud usage and security risks involved
• Organizations’ biggest concerns when it comes to cloud security
• What steps organizations are taking to secure their cloud environments and where they are having the most challenges
• Recommendations on best practices and technologies available to assist with maintaining security and compliance for the cloud

• Paul 'PJ' Norris, Senior Sales Engineer, Tripwire

----------

14.50 - 15.25 - Security in increasingly complex cloud environments

The evolution of hybrid and multi-cloud is fostering unprecedented agility and scalability while enabling new breed of applications unthinkable just a decade ago. As cloud becomes not only more entrenched but environments increasingly complex, its essential innovation isn't prioritised at the expense of security. Our experts identify common hybrid and multi-cloud vulnerabilities and how to mitigate risks using established enterprise strategies and best-in-breed public cloud tools.

PANEL:

• Moderator: Scott Storey, Senior Lecturer, Cyber Security, Sheffield Hallam University
• Marios Clark, CISO, Zava
• Robin Smith, CISO, National Nuclear Laboratory

----------

15.35 - 16.10 - Simplifying threat detection in complex environments

In an ideal world security chiefs have complete visibility into their IT infrastructure and networks. In reality, environments and IT stacks are becoming ever more layered and complex, complicated further by a remote workforce working in network blind spots. Since COVID-19 struck 45% of companies have experienced a cybersecurity attack due to visibility and control shortcomings. Ultimately, there are countless reasons why threat detection is hard. These days, complex environments should not be one of them.

PANEL:

• Moderator: Dr Budgie Dhanda, Managing Director, 3BDA
• Dan Pitman, Security Architect, Alert Logic
• Madeline Cheah, Cyber Security Innovation Lead, Horiba Mira Ltd

 

ACCESS THE CONTENT ON-DEMAND
 

09.15 - 09.40 - Creating a solid governance, risk & control framework

With chronic uncertainty the flavour of 2020 in the cloud & cyber security landscape, companies need to start taking a proactive stance to manage risks and protect stakeholder interests. As cyber security professionals know all too well, all it takes is one breach to trigger data loss, fines, loss of brand reputation and not to mention collapse. In this panel, we'll address how security teams can create comprehensive frameworks that support decision making and reduce risk:
- Commonly overlooked risks
- Illuminating blind spots in existing governance frameworks
- Identifying and aligning corporate risk appetite
- Examples of leading GRC best practices

• Scott Bridgen, GRC Consulting Director, OneTrust GRC

----------

09.50 - 10.15 - Into the Dark: The digital risks of the Dark Web

Not accessible by your mainstream browser of choice, the Dark Web is intentionally hidden for privacy. You might think ‘why do I need to know about this dark, dangerous underworld of the web?’, but you’d be wrong to ignore it. With numerous data leaks appearing here and attack software sold on the downlow, the dark web poses a huge digital & financial threat to businesses and people and you need to understand the risks! In this session, Lindsay Whyte, a security specialist & former military intelligence operative, will delve into the following:
• What is the dark web, and why do you need to know about it?
• The challenge of protecting yourself and your business online
• Changing attitudes to 'open source data' and risk mitigation techniques

• Lindsay Whyte, Security Enthusiast & Ex-Intelligence Corps

----------

10.25 - 10.50 - The cloud security imperative in a new work anywhere world

Leadership and security teams now universally face the same challenge: How to help employees to work productively, effectively and safely from wherever they are in the world?
Embracing a consolidated cloud-centric approach to security in a cloud-dominated work environment offers numerous advantages, enabling organisations to maintain productivity and efficiency, while reducing risk and management overheads – even in these trying times.
Watch this session for insight into the critical security challenges your peers are facing and expert advice you can apply in your environment to enhance security, build trust and empower your people to work anywhere.

We will cover:
• Critical security challenges 2020 identified in Censornet’s mid-lockdown survey
• The risky gap between expectation and reality
• Practical steps and tangible advice to take on today’s security challenges
• How to empower your organisation with integrated and consolidated cloud security

• Richard Walters, CTO, Censornet
   

----------

11.00 - 11.25 Zero Trust: Great Idea, but what next?

• Alex Morgan, Customer solutions Engineer, Duo
• Richard Archdeacon, CISO, Duo

----------

11.35 - 12.00 Wipe Out Avoidable Breach Points in Automated Builds

In the eyes of the adversary, automated DevOps processes can help bring organizations one step closer to them, with slight variations in configurations creating bugs and security issues that can be exploited. In this session you’ll hear how this is changing the way attackers target and get into cloud environments, and how Sophos is helping to empower Security and DevOps teams to work in much more secure way.

What you’ll get from the session:
1. The latest threat intelligence from organizations suffering cloud security incidents
2. Learn how Sophos is helping you build security automation into DevOps processes
3. Free tools including - A cloud security health check, free CSPM via AWS Marketplace, and an ROI calculator to help build a case for automated DevSecOps tools in your organizations

• Richard Beckett, Senior Product Marketing Manager, Sophos

----------

12.10 - 12.50 - Protecting critical services from anywhere

We've passed the reactive rush of the last few months and it's now time to consolidate and map out how you'll foster a flexible, yet secure network environment, while meeting the needs of your remote workforce. This panel will bring together a mix of cyber security professionals; from those that have always operated remotely to those that have adapted and started on their journey to a higher standard of security. We'll cover:
- Reviewing your access controls to to enterprise networks
- Protecting all endpoints of personal and corporate devices
- Adapting your policies and procedures to reflect your hybrid structure
- Where to reallocate budget from to achieve this

PANEL:

• Moderator: James McKinlay, Group Information Security Officer, Barbican Insurance
• Benjamin Sweet, UK CISO, Aviva
• Scott Storey, Senior Lecturer, Cyber Security, Sheffield Hallam University
• Andrew Tsonchev, Director of Technology, Darktrace

----------

13.00 - 13.25 - Cloud Transformation: How security helps you win the race to Digital

Digital and cloud transformation are intrinsically linked for many organisations and security is essential at each stage of the journey. If managed well, security can enable you to unlock the Cloud's full potential, scaling to meet increased workload, security & compliance requirements. However, if the importance of security is overlooked or misunderstood, it can create barriers to success and slow down or even derail your transformation journey.

During this session we’ll cover various topics, including:

How to approach the long term goals of cloud transformation
How security responsibility and opportunity evolves at each phase, from migration to optimization.
Key considerations & best practices to enable success
Current trends in growing cloud usage and inherent security risks

• Dan Pitman, Security Architect, Alert Logic

----------

13.35 - 14.00 - Predicting user behavior using deep learning algorithms

- User behavior and the importance of predictive analysis
- Seasonal Anomaly
- Dynamic peer grouping
- Overview of Log360 UEB

• Harish Sekar, IT Security Evangelist

----------

14.10 - 14.35 - Meeting the challenge of insider threats
The stress of the pandemic and prolonged remote working is having a potential impact on the mental health and wellbeing of our employees. Not only is that putting pressure on our national health services, but there's a growing challenge around insider threats, with costly repercussions if organisations fall victim. This panel will consider how we can meet this challenge to protect our data from human error:
- How to detect high-risk workers
- Strategies to reduce burnout of cybersecurity professionals
- The role of technology and tools to minimise the risk

 

PANEL:

• Frank Satterwhite, Principal Cyber Security Consultant
• Robin Smith - CISO, National Nuclear Laboratory

 

----------

14.40 - 15.00 - Remote working: standards, tips and best practice

Organisations have been forced to embrace remote working – whether they were prepared or not.
At a time of heightened business risk, and in the face of an increasing tide of cybercriminals looking to cash in on the unusual circumstances, it is more important than ever to ensure you have the correct practices and security solutions in place to protect your organisation and users – no matter where they are.

In this session, Censornet CTO, Richard Walters will be highlighting key industry standards, recommended architectures and controls to ensure your business can continue to operate effectively and securely with a remote working model.

PANEL:

• Richard Walters, CTO, Censornet

 

ACCESS THE CONTENT ON-DEMAND