09.00 - 09.25 - Seven Deadly Sins of Cyber Security
As an MSP, with hundreds of engineers and a wide range of Customers we frequently see a set of common mistakes which are made. The sins of Cyber security. In this session we review those activities & omissions which we regard as the most critical, or frequently found. As an MSP with 18-years of IT service experience we bring our collective knowledge and present our findings. Some of these you will no doubt recognise or expect to be present, others you will perhaps be surprised to see. This thought provoking seminar will leave you thinking about how you asses risk and probably wanting to make changes too.
- Peter Lukes, Managing Director, Wanstor
- Francesca Lukes, Strategy Director, Wanstor
- Vijay Rathore, Specialist Security Consultant, Wanstor
09.35 - 10.15 - Navigating the staffing challenge within security teams
The (ISC)2 annual Cybersecurity Workforce Study estimates a global cybersecurity talent shortage of 3.5 million. Add a global pandemic to the mix, with cyber security professionals redeployed to IT-related issues and an increasing number of social engineering attacks - and we have ourselves a problem. This panel brings together cross-industry cyber leaders to explore:
- How cyber security teams have changed since March and how this has impacted lines of defence
- The channels available to recruit skills needed and how to utilise the 'lost workforce'
- Alternative competitive benefits when higher pay isn't an option
- If we can expect more budget for cyber resource moving into 2021
- Moderator: Paul Harragan, Cyber Security Portfolio Lead, EMEA, EY
- Chris Green, Head of PR & Communications - EMEA, (ISC)2
- Jamie Whitcombe-Jones, CISO, Alliance Insurance UK
- Jim Perry, Solutions Engineer, EMEA Proficio
10.25 - 10.50 - Securing the Future of Work with Cyber AI
Global disruption has taught us that the only certainty is uncertainty.
Business leaders need to remain confident that their operations can continue securely in the face of global or even regional events. Though parts of the world are re-opening, attackers have not slowed down and may be even lying in wait to take advantage of the next disruption.
Traditional, static, legacy approaches to security consistently prove both unintelligent and ill-equipped to adapt. Organizations often find themselves undergoing a delicate balancing act—each new work practice and technology that is needed to adapt, evolve, or even grow also brings unforeseen risk.
This session will explore how Cyber AI allows organizations to achieve much-needed adaptability and resilience, ensuring seamless transition and the ability to disrupt attacks at the earliest moment.
In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.
- Andrew Tsonchev, Director of Technology, Darktrace
11.00 - 11.25 - GDPR and accessibility: Enabling everyone to exercise their data protection rights
As part of GDPR, you have rights about your data. You can access it, request changes to it, or limit how it’s used.
- But a lot of the language on websites or from organisations is not accessible
- GDPR requires that language be appropriate for the audience a service targets
- People with learning disabilities are part of the community, and use services, online or not, like any other person, however, they cannot exercise their data rights because the language is not accessible. At Mencap, the Data Protection Team is in the process of changing this for people it supports and for colleagues with learning disabilities, by making inclusion part of the governance framework, but the tech and wider service sectors need to recognize the need for more accessibility.
- Aurelie Stutz, Head of Data Protection, Royal Mencap Society
11.35 - 12.00 - Securing Corporate IoT : The Role of Cybersecurity Services
The ability to connect many kinds of objects to the internet and to collect data from sensors attached to them is a profound change which companies now need to embrace quickly in order to remain competitive. At the same time, the addition of multiple IoT devices onto corporate networks, and the handling of ever-increasing amounts of data from them, creates a major new security challenge. The question for a large number of companies is how to implement an IoT system to remain competitive, while at the same time keeping a lid on the cybersecurity risks – which include not only data loss, breach of the corporate network, theft and blackmail, but also potentially compromise of physical control systems. Keith Maskell and his specialist guests explore solutions ranging from end-to-end encryption across a secure IoT managed platform, to specialised penetration testing, managed breach detection and more.
In this session you will discover:
- IT security risks arising from corporate IoT projects
- The concept of a secure managed platform for corporate IoT, including end-to-end encryption of IoT device data
- Testing the security of IoT systems; and detecting security breaches arising from expansion into corporate IoT
- Packaging the cybersecurity services for delivery at scale to the points of need via a new breed of distribution network
- Keith Maskell, Head of Cybersecurity, Titan Solutions joined by 2 guests speakers: Scott Goodwin, CTO, DigitalXRAID & Adnan Visic, CTO, Ziotsolutions
12.10 - 12.45 - How security leader's approach IAM in the Zero-Trust model
With staff, customers and stakeholders increasingly accessing applications and API's on-premise and in the cloud as well as the rise of data breaches from compromised identities, IAM should be a central focus of your Zero Trust approach. So how can you implement IAM controls that grant users access from anywhere, at any time, yet maintain strong and centralised security? And how can you create a zero-trust approach which centres on identity? This panel will address these questions, touching on:
- Embracing continuous authentication
- Defining who should have access to what and what is 'essential' to them
- Getting better control as well as user experience with federated SSO
- Creating & managing centralised access and authorisation policies
- Moderator: Haroon Malik, Cyber Security Advisor
- Shujun Li, Director, Kent Interdisciplinary Research Centre in Cyber Security
12.55 - 13.20 - Giving Security a seat in the Board Room
Reflections of a new CISO
- Lyn Webb, CISO, Open University
13.30 - 14.05 - How to build DevSecOps into DevOps pipelines?
Security isn't a DevOps engineer's favourite word, but as you're well aware, that doesn't mean it isn't important! In this panel conversation, we’ll discuss:
- Why security needs to be hand in hand with DevOps
- Where to start with DevSecOps
- The challenges of working with DevOps Teams
- The typical workflow for automating security in the DevOps lifecycle
- Guy Davies, Principal Cloud Architect, Sophos
- Martyn Coupland, DevOps Ambassador, DevOps Institute
14.15 - 14.40 - Securing cloud environments, staying on top of cloud configurations to prevent data leaks and exposure
As organizations expand further into the cloud, there continues to be an influx of simple mistakes, such as misconfigurations, that can expose organizations to significant security, privacy and regulatory risks. Security teams are stretched, but must stay on top of expanding cloud use and ensure proper security controls are implemented in these environments and maintain compliance over time. To understand just how well security professionals are implementing industry best practices for cloud security, Tripwire has conducted some detailed research and will share these findings and actionable recommendations for securing the cloud.
The session will cover:
• Current trends on growing cloud usage and security risks involved
• Organizations’ biggest concerns when it comes to cloud security
• What steps organizations are taking to secure their cloud environments and where they are having the most challenges
• Recommendations on best practices and technologies available to assist with maintaining security and compliance for the cloud
- Paul 'PJ' Norris, Senior Sales Engineer, Tripwire
14.50 - 15.25 - Security in increasingly complex cloud environments
The evolution of hybrid and multi-cloud is fostering unprecedented agility and scalability while enabling new breed of applications unthinkable just a decade ago. As cloud becomes not only more entrenched but environments increasingly complex, its essential innovation isn't prioritised at the expense of security. Our experts identify common hybrid and multi-cloud vulnerabilities and how to mitigate risks using established enterprise strategies and best-in-breed public cloud tools.
- Moderator: Scott Storey, Senior Lecturer, Cyber Security, Sheffield Hallam University
- Marios Clark, CISO, Zava
- Robin Smith, CISO, National Nuclear Laboratory
15.35 - 16.10 - Simplifying threat detection in complex environments
In an ideal world security chiefs have complete visibility into their IT infrastructure and networks. In reality, environments and IT stacks are becoming ever more layered and complex, complicated further by a remote workforce working in network blind spots. Since COVID-19 struck 45% of companies have experienced a cybersecurity attack due to visibility and control shortcomings. Ultimately, there are countless reasons why threat detection is hard. These days, complex environments should not be one of them.
- Moderator: Dr Budgie Dhanda, Managing Director, 3BDA
- Dan Pitman, Security Architect, Alert Logic
- Madeline Cheah, Cyber Security Innovation Lead, Horiba Mira Ltd
ACCESS THE CONTENT ON-DEMAND