About


Cybersecurity and the government have always been intrinsically linked. Cybersecurity threats against local and central government continue to test both resources and stamina. Now, more than ever, there is a need for vendors and government to come together to find the best way to tackle sophisticated and complex cybercrime. Think Cybersecurity for Government conference program is designed to build bridges across this government-vendor ecosystem. Our events are renowned for delivering to the needs of the industry.

This virtual event will be the most focused cybersecurity-government conference in the calendar. As with all of our events, we work closely with central government departments to ensure the hot topics of the day are covered. Our subsequent debate will open doors and switch on the lights. We aim to provide a platform for the technology that will be genuinely needed in the near future by security teams across numerous public sector departments.

To create value, we speak directly to government cybersecurity professionals to establish their specific needs; this helps build a symbiotic relationship for the buyers and the suppliers which means we can inform cybersecurity suppliers on the service delivery and technology requirements and expectations of the government community. We will also connect to the wider cybersecurity supplier community to ensure we deliver relevant content to develop knowledge and aid decision making.

We look forward to seeing you on December 9th 2021.

What's happening on the day? Agenda

10:15 - 10:20

CHAIR'S WELCOMING REMARKS

Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.

10:20 - 10:50

PEOPLE MATTER: WHY PEOPLE MUST BE PART OF THE SOLUTION

Our people are central to the success of any organisation.

We have known for years that hackers target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.

Too many organisations still either ignore the ‘human factor’ in organisational resilience or apply out-dated or compliance, ’tickbox’ approaches to training their employees.

We need a fresh look.

This short panel discussion will discuss behavioural science and innovation that can transform the way organisations influence and sustain stronger security behaviours across their workforce.

10:50 - 11:10

STATE OF FLUX: HOW CIOS CAN EFFECTIVELY MANAGE UNCERTAINTY AND CHANGE

As we reset after the pandemic, CIOs need to consider how to manage the transition from the necessary knee-jerk approach to remote working to a systemic approach to digital transformation that works for everyone. The need for business continuity has evolved into the need for IT resiliency as leaders look to remove vulnerabilities while still making their employee and customer experiences frictionless and secure. Whether in the office or remote, how can CIOs and IT leaders adopt a Zero Trust security approach and cultivate a culture of trust in the workplace?

11:10 - 11:25

MORNING COMFORT BREAK

11:25 -11:50

SUPPORTING THE SCOTTISH CYBER SECTOR

In a rapidly developing technology landscape, the requirement to adequately protect networks and data is critical. To fulfil the ambitions for Scotland in becoming a digital nation and the Data Capital of Europe, cyber security needs to sit at the heart of all digital activities. David Ferguson, Cyber development Lead and Head of Data at ScotlandIS will discuss how, as the trade body for the tech sector and the management organisation for the Cyber Cluster in Scotland, the adoption of a multi-pronged approach to engagement and collaboration is helping to build and promote a robust and highly skilled cyber sector.

11:50 - 12:10

WHY CYBER RISK MANAGEMENT IS SO HARD

We live in a time of unprecedented political, cultural, social and climatic dangers. Hostile states and criminals are using cyber-tools to make each of these current issues even more intractable. Around a 100 countries are now actively involved in “cyber operations” that include espionage, political influence, sabotage and extortion. The international community has made some progress at the UN, but it has been painfully slow. Matters are made worse because the border between state cyber operations and criminal activity is increasingly blurred. Unfortunately this means that the ‘bad guys’ will very often succeed.

We all need to work hard to maximise our chances of keeping them out. We also need to ensure that we have adequate resilience, so that we can continue to function even if they penetrate our defences.

12:10 - 12:45

RANSOMWARE: BUILDING AN INTEGRATED RESPONSE

It’s recently been reported that the UK has encountered nearly 15 million ransomware attacks during 2021 alone. High profile ransomware attacks have highlighted how vulnerable our critical national infrastructure is and the impact that these types of attacks can have on society, business, government services and people at large.

Ransomware is as much about manipulating vulnerabilities in human psychology than it is about our adversary’s technological sophistication. It’s a fight we need to tackle together.

More can be done in reducing the likelihood of become infected by ransomware in the first instance, in reducing the spread of the ransomware malware through any organisation and in reducing the longer-term impacts of a successful attack. But we need greater collaboration and an integrated incidence response to succeed.

It’s a challenge that crosses political, geographical and technology borders. Dealing with its increasing volume and impact needs government and the private sector to collaborate in a public/private partnership to better understand and tackle the attackers.

This panel will assess the current situation and outline ideas for what an integrated response could look like and the role that government, the private sector and people should be playing to reduce both the threat and the impact of damaging ransomware attacks.

12:45 - 13:15

LUNCH NETWORKING BREAK

13:15 - 13:35

UK CYBER SECURITY COUNCIL UPDATE

Jessica Figueras gives an update on projects and activities of the UK Cyber Security Council since it was launched earlier in 2021.

13:35 - 13:55

A GENETIC APPROACH TO SUPPLY CHAIN SECURITY – UNDERSTANDING CODE REUSE

Constantly evolving attacks mean organisations should ensure that they also evolve defences. A large part of this evolution is predicated on understanding risk; how it presents and where it presents threats to your organisation. Historically there has been comfort in maintaining air gapped systems, on-premise walled gardens and staying away from the cloud. Practicality and economics make this more and more difficult to maintain and in any case, your supply chain will already be more cloudy than you think! Cloud based or not, what if the real threat to your organisation resided in software that you deemed as legitimate? In this talk we will explore the concept of code reuse and how a genetic understanding of the software you want, as well as the malware that you don’t, can help turn your weakest links into your strongest asset in the fight against cyber threat.

13:55 - 14:30

HOW TO ENSURE DIVERSITY IN CYBERSECURITY ACROSS THE PUBLIC SECTOR

It is 2021 and cybersecurity has never been more of an issue for organisations, including government bodies. Social engineering and phishing continue to be the weapons of choice by criminals intent on data theft, ransomware infection and general harm. Cybercriminals are naturally diverse in their scams, they do not differentiate by ethnic background, sex, gender, or sexuality. Conversely, the industry and the people devoted to mitigating the activities of fraudsters do not represent the make-up of society. A National Cyber Security Center paper “Decrypting Diversity” still show numbers of females in the sector are too low and members of the LGB community are under-represented. This panel will look at the blocks to minorities and women entering cybersecurity and how these blocks can be removed.

14:30 - 14:40

AFTERNOON COMFORT BREAK

14:40 - 15:15

WHAT CYBER LESSONS CAN GOVERNMENT LEARN FROM LISTENING TO THE PRIVATE SECTOR?

This session explores insight from the supplier community on lessons that have learned in their cybersecurity battles away from the public sector.

15:15 - 15.55

HOW CAN THE GOVERNMENT STEP UP TO THE CHALLENGES IT FACES FROM THE MODERN CYBERCRIMINAL?

A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?

15:55 - 16:00

CHAIR'S SUMMARY

Our chair, David Bicknell, summarises some of the of the sessions that you have heard throughout the event.

Listen to the Event Speakers

JILL TREBILCOCK

Director Chartered Institute of Information Security

DAVID FERGUSON

Cyber Development Lead and Head of Data ScotlandIS

GABRIEL CURRIE

Cyber Defence Lead Cabinet Office

MEZ DEMARAIS

Enterprise Architecture: Principal Security Manager, Derbyshire County Council

MOHAMED HUSSEIN

Cyber Security Analyst Cabinet Office

SUSAN MORROW

Head of Research & Development, Avoco Secure

RICHARD KNOWLTON

Director of Security Studies Oxford Cyber Academy

PAUL MCKAY

Senior Analyst, Security & Risk Forrester

JAMES HUGHES

EMEA Enterprise CTO & VP of Systems Engineering Rubrik

BRADLEY BOSHER

Senior Systems Engineer Varonis

JESSICA FIGUERAS

Vice-Chair, UK Cyber Security Council

MAX FAUN

Head of Consulting, Europe Okta

ANDY FERNANDEZ

Senior Manager, Product Marketing Zerto

ROB MACKLE

Co-Founder and Managing Director EMEA Assured Data Protection

NICK WILDING

Chief Innovation Officer Cyber Risk Aware

PROFESSOR PHILLIP MORGAN

Director of the Human Factors Excellence Research Group Cardiff University

ELIZABETH MURRAY

Security Culture and Awareness Lead FNZ Group

JOHN DEE

Director of Strategy Somerford Associates

CHRIS GREEN

Head of PR and Communications EMEA (ISC)2

ANDY HARRIS

CTO Osirium

LEE BEARD

Public Sector, Sales Manager Intezer

DAVID BICKNELL

Principal Analyst, Technology Thematic Research, GlobalData