Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.
Our people are central to the success of any organisation.
We have known for years that hackers target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.
Too many organisations still either ignore the ‘human factor’ in organisational resilience or apply out-dated or compliance, ’tickbox’ approaches to training their employees.
We need a fresh look.
This short panel discussion will discuss behavioural science and innovation that can transform the way organisations influence and sustain stronger security behaviours across their workforce.
As we reset after the pandemic, CIOs need to consider how to manage the transition from the necessary knee-jerk approach to remote working to a systemic approach to digital transformation that works for everyone. The need for business continuity has evolved into the need for IT resiliency as leaders look to remove vulnerabilities while still making their employee and customer experiences frictionless and secure. Whether in the office or remote, how can CIOs and IT leaders adopt a Zero Trust security approach and cultivate a culture of trust in the workplace?
In a rapidly developing technology landscape, the requirement to adequately protect networks and data is critical. To fulfil the ambitions for Scotland in becoming a digital nation and the Data Capital of Europe, cyber security needs to sit at the heart of all digital activities. David Ferguson, Cyber development Lead and Head of Data at ScotlandIS will discuss how, as the trade body for the tech sector and the management organisation for the Cyber Cluster in Scotland, the adoption of a multi-pronged approach to engagement and collaboration is helping to build and promote a robust and highly skilled cyber sector.
We live in a time of unprecedented political, cultural, social and climatic dangers. Hostile states and criminals are using cyber-tools to make each of these current issues even more intractable. Around a 100 countries are now actively involved in “cyber operations” that include espionage, political influence, sabotage and extortion. The international community has made some progress at the UN, but it has been painfully slow. Matters are made worse because the border between state cyber operations and criminal activity is increasingly blurred. Unfortunately this means that the ‘bad guys’ will very often succeed.
We all need to work hard to maximise our chances of keeping them out. We also need to ensure that we have adequate resilience, so that we can continue to function even if they penetrate our defences.
It’s recently been reported that the UK has encountered nearly 15 million ransomware attacks during 2021 alone. High profile ransomware attacks have highlighted how vulnerable our critical national infrastructure is and the impact that these types of attacks can have on society, business, government services and people at large.
Ransomware is as much about manipulating vulnerabilities in human psychology than it is about our adversary’s technological sophistication. It’s a fight we need to tackle together.
More can be done in reducing the likelihood of become infected by ransomware in the first instance, in reducing the spread of the ransomware malware through any organisation and in reducing the longer-term impacts of a successful attack. But we need greater collaboration and an integrated incidence response to succeed.
It’s a challenge that crosses political, geographical and technology borders. Dealing with its increasing volume and impact needs government and the private sector to collaborate in a public/private partnership to better understand and tackle the attackers.
This panel will assess the current situation and outline ideas for what an integrated response could look like and the role that government, the private sector and people should be playing to reduce both the threat and the impact of damaging ransomware attacks.
Jessica Figueras gives an update on projects and activities of the UK Cyber Security Council since it was launched earlier in 2021.
Constantly evolving attacks mean organisations should ensure that they also evolve defences. A large part of this evolution is predicated on understanding risk; how it presents and where it presents threats to your organisation. Historically there has been comfort in maintaining air gapped systems, on-premise walled gardens and staying away from the cloud. Practicality and economics make this more and more difficult to maintain and in any case, your supply chain will already be more cloudy than you think! Cloud based or not, what if the real threat to your organisation resided in software that you deemed as legitimate? In this talk we will explore the concept of code reuse and how a genetic understanding of the software you want, as well as the malware that you don’t, can help turn your weakest links into your strongest asset in the fight against cyber threat.
It is 2021 and cybersecurity has never been more of an issue for organisations, including government bodies. Social engineering and phishing continue to be the weapons of choice by criminals intent on data theft, ransomware infection and general harm. Cybercriminals are naturally diverse in their scams, they do not differentiate by ethnic background, sex, gender, or sexuality. Conversely, the industry and the people devoted to mitigating the activities of fraudsters do not represent the make-up of society. A National Cyber Security Center paper “Decrypting Diversity” still show numbers of females in the sector are too low and members of the LGB community are under-represented. This panel will look at the blocks to minorities and women entering cybersecurity and how these blocks can be removed.
This session explores insight from the supplier community on lessons that have learned in their cybersecurity battles away from the public sector.
A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?
Our chair, David Bicknell, summarises some of the of the sessions that you have heard throughout the event.
Director Chartered Institute of Information Security
Jill is a Director of CIISec, the Chartered Institute of Information Security. She started as an auditor, but has worked in information security for the last 40 years, in roles which vary from security architecture to the creation of policies, development of third-party practices, the strategy and implementation of PCI DSS compliance in a bank, cryptographic key management, to working out how to use metrics to report to the Board on the effectiveness of security in an organisation.
In all these roles, she believes that its the transferrable skills which are critical – managing people effectively, lateral thinking, understanding risk, being able to explain issues clearly to directors, project and time management, the ability to talk to and work with technical people by asking open questions and understanding their issues – and the deep technical skills can be learned when required for a specific task.
Cyber Development Lead and Head of Data ScotlandIS
Cyber Defence Lead Cabinet Office
Enterprise Architecture: Principal Security Manager, Derbyshire County Council
Profession career spanned 21 years in IT, with specialist roles within database development, data science, quantitative analysis, network design (WAN and Data Centre) and most recently cyber security.
Cyber Security Analyst Cabinet Office
Mohamed is an experienced cyber defender with six years experience in Central Government and a proven record of delivery across several security domains including security operations, threat hunting and incident response.
Notably, last year Mohamed led the development of an intelligence led and risk focused threat detection service to protect critical GOV.UK coronavirus related digital services. He has also played a key role in coordinating and implementing containment, eradication and recovery actions during several high profile security incidents across Government.
Head of Research & Development, Avoco Secure
Susan has worked for over 20 years in the cybersecurity and digital identity space. She currently holds the position of Head of R&D at identity data specialists, Avoco Secure, based in the UK.
Susan’s focus is on strategic development and solution architecture. Core areas of her domain knowledge include the use of technology layer linking, usability, accessibility, and data privacy. Her mantra is to make sure that human beings control technology not the other way around.
Susan regularly writes on identity and security at CSOOnline: https://www.csoonline.com/blog/future-identity/
Director of Security Studies Oxford Cyber Academy
Richard Knowlton is Director of Security Studies at the Oxford Cyber Academy. He is a also a visiting lecturer at the University of Cambridge Judge Business School, the Vienna University of Economics and Business (WU), and the University of the West Indies. He is a Fellow of the Institute of Strategic Risk Management (ISRM) and an honorary Life Member of the International Security Management Association (ISMA).
Richard spent six years as Group Corporate Security Director of Vodafone, after an earlier role in Milan as Head of Security (Global Operations) for the Italian UniCredit Group, the largest bank in Central and Eastern Europe.
Between 2014-2017, Richard was Executive Director (Europe) for the non-profit Internet Security Alliance (ISA), a multi-sector trade association based in Washington DC. He is a former Board member of the Commonwealth Cyber Crime Consortium.
Richard has spoken on digital security risk management on the BBC and regularly presents at major international events, such as the Mobile World Congress in Barcelona. He is the three-times chairman of the annual Security of Things World Conferences in Berlin.
Richard is a dual Italian-British citizen and lives in Italy.
Senior Analyst, Security & Risk Forrester
Paul is a senior analyst on Forrester’s security and risk team. He works with organisations to help them shape and deliver their cybersecurity strategies to support the delivery of their core business vision. Paul’s research coverage includes cybersecurity risk ratings solutions, Europe-specific regulation for cybersecurity, CISO and security leadership research, and the European vendor market landscape focused on managed security service providers and consultancies. Prior to joining the security and risk team, Paul worked in the consulting industry providing cybersecurity advisory services to clients in all industries in the UK and Europe. He was awarded the 2018 Institute of Industry Analyst Relations Newcomer of the Year Award.
EMEA Enterprise CTO & VP of Systems Engineering Rubrik
James Hughes is the EMEA Enterprise CTO & VP of Systems Engineering at Rubrik, the Zero Trust Data Security company, with 20+ years experience in financial services working in London, Boston, Singapore & Johannesburg.
He joined from Schroders, a FTSE100 company, where he was Global Head of Infrastructure Technology & Shared Services leading the Fintech programme across 11 countries. Previously, he led the technology buy-out via private equity of Premium Credit, a UK-based finance company, and was VP of Infrastructure at PIMCO. As Head of Technology for Investec Bank he led a consortium to change the cable infrastructure in sub-Saharan Africa, to make a more reliable & sustainable financial network.
He is a Chartered Information Technology Professional with the British Computer Society and board member of various governance & standards bodies.
Senior Systems Engineer Varonis
Brad has been a Senior Systems Engineer with Varonis for 6 years helping enterprise customers across the UK. His area of expertise is data classification, ensuring organisations are accurately able to identify and protect their critical data
Vice-Chair, UK Cyber Security Council
Jessica is a tech strategist specialising in government, policy and regulation, and civil society. She currently advises start-ups and scale-ups on growth strategy, as well as carrying out tech futures research for the UK government.
Previously Jessica ran multi-million pound research programmes for companies including Dods, GlobalData and Ovum. Over her 25 years in the tech and information industries Jessica has advised senior executives in large established tech businesses as well as many VC-backed scaleups. She is a sought-after commentator and speaker, and as an industry analyst has published extensive research and analysis on the application of emerging technologies across government, telecoms and other industries. Her current research interests centre on digital trust, governance and corporate transparency.
Jessica has an MA from the University of Cambridge and a Diploma in Computing from the Open University. She is Chair of the Board at NCT, the UK’s largest charity for parents
Head of Consulting, Europe Okta
Max Faun leads Okta’s European Value Consulting Practice. Prior to joining Okta he worked at Accenture, advising Global clients across numerous industry groups on strategic decisions. He is passionate about the business implications of modern identity from a financial, security and user productivity perspective as well as wider technology trends. Max holds an MA in Intelligence and Security as well as a BA in International Relations.
Senior Manager, Product Marketing Zerto
Co-Founder and Managing Director EMEA Assured Data Protection
Rob joined start up Backup Technology (BTL) after graduating from university in 2006. Rob worked with Simon Chappell at BTL until it was sold to Iomart Group plc in 2013. Rob continued with Iomart for 3 more years running operations as Sales and Service Director and was part of the Executive Team. In 2016 Rob co-founded Assured Data Protection to bring the next generation of data protection to the market.
Chief Innovation Officer Cyber Risk Aware
Nick has wide experience in helping organisations tackle their human cyber risks and developing intelligence led approaches to building safer and more secure habits across the workforce.
He has spent the last 20 years in security and resilience. This includes 11 years at Detica (now BAE Systems Applied Intelligence) where he held various senior cyber security market engagement, thought leadership and marketing roles. In 2014 he became General Manager of Cyber Resilience at AXELOS Global Best Practice and Director of the RESILIA cyber resilience best practice training portfolio.
At Cyber Risk Aware he is responsible for product innovation in providing the appropriate security training, to the right person, at the right time, based on known behaviours and proven behavioural science.
Nick is also a champion for Digital Safety for Young People at SEED – a registered charity dedicated to making a difference in eradicating children’s digital poverty.
Director of the Human Factors Excellence Research Group Cardiff University
Professor Phil Morgan, Director of the Human Factors Excellence Research Group (HuFEx) at Cardiff University, Director of Research – Cardiff University Centre for AI, Robotics and Human-Machine Systems (IROHMS) and Technical Lead in Cyberpsychology and Human Factors and the Accelerator in Human Centric Cyber Security at Airbus.
Security Culture and Awareness Lead FNZ Group
Director of Strategy Somerford Associates
Served for 35 years in the British Army’s Intelligence Corps before retiring as a Lieutenant Colonel 26 months ago. During that time he served in Northern Ireland, the Balkans, throughout the Gulf, Afghanistan and Pakistan. After leaving the Army he joined Somerford Associates in a new post as the Strategy Director, a role that sees him straddle the public and private sector through senior stakeholder engagement, translating strategic business risk to current and emerging technologies. Whilst he does not profess to be a cyber SME, he does know the importance of information and its criticality to support the decision maker.
Head of PR and Communications EMEA (ISC)2
A passionate and committed business and technology journalist, as well as a communications professional, Chris Green has been at the forefront of technology reporting and reviewing for over 25 years. His specialist areas include security, networking & telecommunications, internet technologies, storage, office productivity tools, operating systems and automotive technology.
Chris has a background in both consumer and business IT journalism as well as research. Chris’ background includes three years as the launch Editor of the highly-respected UK business IT publication IT PRO. Prior to this, Chris worked for Computing, where he spent nine years as Technical Editor and then Editor of computing.co.uk, as well as Editor of its sister title Data Business. Chris also spent two years leading content development for the Future of Work: Amplifying Human Potential research series, launched at the World Economic Forum’s Davos conference.
He is a regular business and technology commentator on BBC News, TalkRadio and LoveSport Radio, and has also worked for publications including the Daily Mirror, Reuters, Today, The Guardian, The Independent, The Sunday Times, PC Pro, Information Week, Network News, Network Solutions, Personal Computer World and The Kernel.
In February 2009, Chris was the lead author of the book The Ultimate BlackBerry Guide (ISBN: 978-1906372552).
CTO Osirium
Andy has over 25 years’ experience inventing and building unique IT networking and security products.
In a long and distinguished career, including being Technical Director at Integralis, Andy has invented many leading-edge technologies including IP Network Translation Gateway, Print Symbiont Technologies for LAN-based printers and Disaster Master (a technique of continuously updating a backup site with mirrored data).
As one of the Co-Founders and CTO of MIMEsweeper, Andy was the creator of the world’s first content security solution which became the default product in its space. He then went on to start WebBrick Systems which was one of the pioneering Home Automation technologies, also a forerunner to what we know as IoT devices today.
While serving as Engineering Director, Andy created and patented several core components in the Osirium product family.
Public Sector, Sales Manager Intezer
A 25 year career spent in IT & Telecomms navigating progress through mobile computing, mobile telephony, networking infrastructure, security infrastructure and for the last 15 years, security hardware, software & consulting. Exclusively focusing in the Public Sector for Cisco, NCC, McAfee & now with leading malware geneticists, Intezer. Operating out of Birmingham & Cheltenham, UK
Principal Analyst, Technology Thematic Research, GlobalData
David Bicknell is the Principal Analyst for Technology Thematic Research at GlobalData. He was previously editor of GlobalData’s Government Computing and has held senior positions in a 14-year career at Computer Weekly as News Editor, US Correspondent, and was Managing Editor of e-Business Review.
He is also co-founder with Tony Collins of the Campaign4Change blog and also co-author (with Tony Collins) of a book on IT project management case studies called ‘Crash’ (Simon & Schuster). David and Tony will shortly publish a new book loosely based on the life of Charles Babbage called ‘The Mankind Experiment.’