UKI Summit
Hybrid Summit May 24 - 25, 2022
A Letter from the Summit Chair
The ISMG team along with the hand-picked cadre of Cyber Security professionals have come together to help design, build and deliver to you a conference that we hope you will find engaging, stimulating and rewarding. We are exploring diverse topics from the art and science of risk (essentially a new way to approach it), Mental Health of CISOs and how to protect both us and high-performing teams, the future threat landscape and many more topics for you.

We expect these sessions to be innovative in content, interactive, challenging to the norm, and most of all, incredibly useful to you going forward. I hope to see you there.

Don Gibson
Head of Cyber, Department of International Trade, HM Gov.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
etc. venues
Name :
etc. venues
Address :
County Hall, Belvedere Road, London, UK
Eric Anderson
Director, Enterprise Security
Adobe
Anderson is the director of the Enterprise Security team at Adobe, where he is a strategic leader driving proactive cybersecurity for the enterprise, including security reference architecture, zero trust architecture, identity and access management, and endpoint security. His team is...
Matt Aldridge
Principal Solutions Consultant
Carbonite + Webroot, OpenText Security Solutions
Aldridge is a cybersecurity veteran with over 25 years of experience. In 2014, he moved to Webroot to work with new customers and partners across EMEA and beyond. He is focused on the integration of BrightCloud Threat Intelligence services and...
Ash Hunt
Group Head of Information Security
Sanne Group
Ash Hunt is the group head of information security at Sanne Group, a FTSE 250 financial services organization. He is a CISO and information security/risk specialist with a decade of experience in complex, multinational environments and has worked extensively across...
Que Tran
Head of IT, Europe
DP World
Tran leads technology across Europe at DP World, a leading enabler of global trade and an integral part of the supply chain. He has over 20 years of senior technology and leadership experience across a range of global organizations and...
Don Smith
Vice President, CTU, Cyber Intelligence Cell
Secureworks
Smith leads the Secureworks Counter Threat Unit’s Cyber Intelligence Cell, or CTU-CIC, a global team of experienced threat analysts who deliver actionable and timely intelligence products on the threats most relevant to Secureworks clients. Based in the U.K., he also...
Clare Messenger
Global Commercial Head of Fraud Protection Services
JT Group
Messenger heads up the Fraud Protection Services division for JT Group - a Tier 1 telecom company with over 600 mobile network operator partners worldwide. Her key priority has been successfully scaling the fraud protection business for JT, and her...
Nick Coleman
Chief Security Officer, Real Time Payments
Mastercard
Coleman is chief security officer for real-time payments at Mastercard, leading the security of cross-border and domestic payments services internationally. He was previously IBM's global head of cybersecurity, risk and intelligence across its 170-plus operating countries. Coleman served as the...
Douglas Mujana
Vice President Information Technology Risk
Societe Generale
Ben Jenkins
Director of Cybersecurity
ThreatLocker
Jenkins is the director of cybersecurity at ThreatLocker. With over eight years of experience working within the technology sector, he specializes in working with SMEs, helping them implement technical solutions that will grow and scale their businesses. As a cybersecurity...
Deborah Haworth
CISO
Penguin Random House UK
With more than twenty years’ experience as an information security professional across multiple industries, Haworth has been at the sharp end of changing attitudes to this discipline. With a gift for cutting through and telling it how it is, regularly...
Mark Read
Head of Data Breach Solutions
TransUnion
Read joined TransUnion in February 2021 and leads the U.K. data breach support service. This encompasses a broad range of TransUnion products, including the leading TrueIdentity platform. Read has worked within financial services for 11 years and spent four years...
Jay Coley
Lead Security Strategy
Fastly
Coley brings over 25 years of security experience to Fastly, where his role is to increase industry focus and visibility on the Fastly Edge platform. After spending time in the U.S. military, Coley started his security career at Prolexic Technologies...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Glen Hymers
Head of Data Privacy and Compliance
Cabinet Office
Manish Chandela
Group CISO
Unipart Group
Chandela leads development, implementation and monitoring of a strategic and comprehensive enterprise information and cybersecurity program across Unipart’s global footprint. Previously, he held senior security positions at Sainsbury’s Group and IberiaBank.
Balaji Anbil
Lead Enterprise Architect
Independent at MOD, UK
Anbil is currently leading a Cyber mission data architecture initiative at MOD, UK and supporting Data & Cyber startups in UK. In his previous roles as a CISO/CTO, he has led and successfully delivered Enterprise wide Digital, Data and Cyber...
Mark Mitchell
Technical Evangelist, Office of the CTO
Check Point
Mark Mitchell is a Check Point Technical Evangelist for the Office of the CTO. With over 25 years’ experience in IT, in both the commercial and public sectors in Scotland, Mark has worked as an end user and supplier in...
Mikil Tamakuwala
Operational Risk Supervisor, VP
Societe Generale
Tamakuwala has eighteen years of experience in the business and operational risk and controls first and second line of defence roles. He has worked in the front and back-office roles developing a very good understanding of the front to back...
Milos Pesic
Vice President of InfoSec & CyberSec
FSI Sector
Pesic is an award-winning leader utilising two decades of global experience from strategic, operational, advisory and technical leadership roles across highly regulated industry sectors, such as finance, telecom and healthcare. A professional leader with a track record of successful delivery...
Fraser King
Head of Commercial Strategy & Global Business Development- Vodafone Identity Hub
Vodafone Carrier Services
King is head of commercial strategy and global business development for Vodafone Identity Hub, Vodafone Carrier Services. He is a founding member of Vodafone’s Big Data and Advanced Analytics business unit and heads up commercial strategy and business development for...
Mat Schwartz
Executive Editor
ISMG
Casey Ellis
CTO and Founder
BugCrowd
Ellis is the founder, chairman and CTO of Bugcrowd. He is an 18-year veteran of information security, servicing clients ranging from startups to multinational corporations as a pen tester, security and risk consultant and solutions architect, and most recently as...
Don Gibson
Head of Cyber
Department of International Trade, HM Gov.
Don has been a Global Security Architect and a Head of Cyber/CISO across a number of businesses in a wide variety of sectors. He’s seen some things…
Anna Delaney
Director of Productions
ISMG
Ian Thornton-Trump
CISO
CYJAX
Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF...
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Marsha Quallo-Wright
Deputy Director - Critical National Infrastructure
National Cyber Security Centre (NCSC) 
Marsha heads up the NCSC team that supports private sector companies, that operate the UK's most critical infrastructure delivering essential services (energy, water, transport, telecoms, finance, civil nuclear, food, space, post).  The team works with industry to make the UK...
Scott Taylor
Fraud Protection & Compliance Domain, Consultant, EMEA
FICO
Taylor joined FICO in 2018 as fraud protection and compliance consultant for EMEA. He has over 34 years of financial services experience and previously worked at Royal Bank of Scotland as the head of investigations and support, fraud and chargeback...
Ariel Kriger
VP Global Sales & Business Development
Infinipoint
Kriger is a seasoned business veteran in the tech and cybersecurity industry. He is very experienced with introducing new technologies to global markets; developing GTM strategies for both direct and indirect businesses, strategic partnerships and alliances; and bringing companies from...
Adam Wedgbury
Head of Enterprise Digital Security Architecture
Airbus
Wedgbury is the head of enterprise digital security architecture at Airbus, reporting directly to the global CISO. He is responsible for building and maintaining the core security controls framework, alongside the design of security standards and architecture patterns. Wedgbury started...
Severin Collins
Senior Enterprise Sales Engineer
LogRhythm
As a Senior Enterprise Sales Engineer at LogRhythm, Severin is responsible for pre-sales activities, working directly with customers and partners in EMEA. With over 20 years’ experience in Information Security, Severin’s experience includes technical pre-sales, risk assessment and analysis, technical...
View Agenda
Future Threat Landscape: If Blended Warfare Isn’t the Threat We Imagined, What Is?
Ash Hunt, Group Head of Information Security, Sanne Group
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
Ian Thornton-Trump, CISO, CYJAX

According to recent research released by the Ponemon Institute, 60 percent of those hit by a breach attributed the root cause to an unpatched known vulnerability. So why do so many systems remain unpatched and how can we close the vulnerability gap efficiently?

This expert panel will share insights and strategies, including:

  • Vulnerability gap challenges and patching prioritization;
  • Separating signal from noise;
  • Assessing vulnerabilities across third parties' systems and software. 
Ash Hunt
Don Gibson
Ian Thornton-Trump
  • 09:10 AM
  • 09:39 AM
Zero Trust Networks = Better Enterprise Security
Eric Anderson, Director, Enterprise Security, Adobe

Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. If you do not find the right balance, users may revolt! This was especially true when Adobe, like you, were faced with the major shift towards more remote and hybrid work as a result of the COVID-19 pandemic. For example, when the pandemic first started and the world began shutting down, we had to move the entire Adobe workforce of more than 22,000 global employees to remote work over a single weekend. Such a massive change all at once requires network security controls that can readily adapt.

Adobe was well-prepared for this change thanks in part to our investment in what we call “Project ZEN.” Project ZEN is an internal initiative at Adobe based upon zero-trust principles. Since there is no “off-the-shelf” solution to fully deliver on these principles, ZEN consists of pioneering technology and policies to make the path to a zero-trust network more efficient and attainable. This effort enabled us to deliver on a more novel approach to managing our user encounters and authentication across the company – increasing security while improving the overall user experience.

In this session Eric Anderson, Director of Enterprise Security at Adobe, will talk about the benefits of a zero-trust approach to network security, our path to Project ZEN, and the benefits we have seen, including how it helped us better navigate the big changes in how our people work precipitated by the pandemic. Eric will provide insights from our experience here at Adobe in building and deploying zero-trust networking that you can use to help improve how your own organizations approach the new hybrid and remote work reality.

Eric Anderson
  • 09:45 AM
  • 10:15 AM
  • 10:20 AM
  • 10:49 AM
Track A
Marsha Quallo-Wright
Track A: Critical Infrastructure Protection: Improving Resilience
Marsha Quallo-Wright, Deputy Director - Critical National Infrastructure, National Cyber Security Centre (NCSC) 

As part of its remit, the U.K.'s National Cyber Security Center, or NCSC, safeguards the nation's critical infrastructure - much of which is controlled within the private sector. Marsha Quallo-Wright, an NCSC deputy director, is responsible for improving critical infrastructure resilience, and in this exclusive session she discusses:

  • The state of critical infrastructure security;
  • The heightened cyberthreat resulting from Russia's invasion of Ukraine;
  • Public/private sector partnerships that can improve critical infrastructure security and resilience.
  • 10:20 AM
  • 10:49 AM
Track B
Adam Wedgbury
Ash Hunt
Milos Pesic
Track B: Awareness and Behavior Change- Is This the True Driver of Risk Reduction in Information Security?
Adam Wedgbury, Head of Enterprise Digital Security Architecture, Airbus
Ash Hunt, Group Head of Information Security, Sanne Group
Milos Pesic, Vice President of InfoSec & CyberSec, FSI Sector

Running user awareness programs continues to be a cornerstone of many corporate information security programs, often driven in part by regulatory requirements. But can, and should, user training be relied on to better secure organizations? Should organizations instead focus their efforts more broadly, for example, by attempting not to train users, but to more effectively influence their behavior? 

Join this session to hear three leading cybersecurity executives share their experiences regarding: 

  • The use, abuse and limits of user training 
  • Working with behavioral psychologists and marketing professionals 
  • The role of user behavior in risk reduction
  • 10:55 AM
  • 11:09 AM
Track A
Mark Read
Track A: The Current Data Breach Landscape
Mark Read, Head of Data Breach Solutions, TransUnion

Rapid digital acceleration seen since the start of the pandemic has transformed the way businesses operate as they adapt to changing consumer behaviors and consumers' expectations of both customer experience and security. Recent world events have increased the risk of cyberthreats and elevated the importance of having a strategic incident response plan in place to deal with a data breach, should it happen.

TransUnion’s data breach solutions can help you take a proactive approach to dealing with data breaches and better protect consumers while helping to reduce financial losses. We do this by developing an efficient and effective response strategy that can help your organization equip customers with tools for combating identity theft, mitigate impacts to reputation and credibility and rebuild trust.

Mark Read, head of data breach solutions for TransUnion in the U.K. and part of TransUnion’s award-winning consumer solutions team, will share his insights into the current data breach landscape, covering the pressing issues faced by businesses across the U.K. and the role TransUnion’s data breach support services can play in helping businesses to reduce the impact of a data breach.

  • 10:55 AM
  • 11:09 AM
Track B
Ariel Kriger
Track B: Apply Device Identity for True Zero Trust Access
Ariel Kriger, VP Global Sales & Business Development, Infinipoint

Zero Trust reference architectures prioritize granular security controls for user devices to protect critical data and services. This includes requirements like continuous device security posture checks, adaptive access controls and end-user self remediation. Infinipoint will discuss how to use device identity to enable a true Zero Trust Access posture for any identity provider and any service.

Exhibits & Networking Break
  • 11:10 AM
  • 11:24 AM
  • 11:25 AM
  • 11:54 AM
Track A
Mark Mitchell
Track A: The Good, the Bad and the Ugly
Mark Mitchell, Technical Evangelist, Office of the CTO, Check Point

While a huge amount of attention is being payed to the concept and attempted actualisation of Zero Trust Security Architectures, the actual practical implementation of a successful trust environment requires a number of steps to deliver a comprehensive and actually useable environment.

This talk will outline practical approaches to the three main challenges for deploying Zero Trust architectures and will touch upon a number of options which will allow for enhanced security while the ZTA is being brought online.

  • 11:25 AM
  • 11:54 AM
Track B
Matt Aldridge
Track B: Threat Watch 2022: Shifts and Trends Shaping our World
Matt Aldridge, Principal Solutions Consultant, Carbonite + Webroot, OpenText Security Solutions

We've looked into our crystal ball to predict the types of threats and potential cybersecurity weaknesses businesses can anticipate and prepare for in 2022. The changes in how we work and do business that arose during 2020 paved the way for new vulnerabilities in 2021, offering attackers unrestricted possibilities to exploit security flaws. Criminals targeted organizations of all sizes and took advantage of a lack of cyber resilience and cybersecurity infrastructure. We anticipate that in 2022 these hacks will only continue to grow and damage all types of organisations. Therefore, it's pivotal to learn how to reduce risks and defend your business from existing and future threats.

  • 12:00 PM
  • 12:29 PM
Track A
Don Smith
Track A: Ransomware and Beyond: Evolution of the Threat Landscape
Don Smith, Vice President, CTU, Cyber Intelligence Cell, Secureworks

The business world has been through a massive evolution in the past few years. Threat actors are no different. They change with the times, preying on unsuspecting organizations and looking for any way to slip past your defenses. No single industry is immune to an attack, but you can be prepared with an understanding of the rapidly evolving threat landscape. After all, cyberthreats change quickly, and your cybersecurity must do the same to keep up.

Join Don Smith, vice president of IT security in the Secureworks Counter Threat Unit, as he discusses the changing threat landscape - including the growing risk of ransomware - as well as how your organization’s security program can keep pace, even with today’s most nefarious threat actors. In this session, Smith will discuss:

  • How cybercriminals have changed their tactics, techniques, and procedures;
  • How your organization’s strategy can evolve with the threats and stay ahead of the curve;
  • The severity of ransomware and how to defend against it;
  • Front-line experiences and best practices from cybersecurity experts.
  • 12:00 PM
  • 12:29 PM
Track B
Ben Jenkins
Track B: Securing Applications from Vulnerabilities with Zero Trust
Ben Jenkins, Director of Cybersecurity, ThreatLocker

In order to protect against the evolving threat landscape, we must change the way in which we protect our data against vulnerabilities. To adapt, organizations are operating within the framework that no user, network, or device can be trusted by default until proven otherwise. Join ThreatLocker’s Director of Cybersecurity, Ben Jenkins, as he discusses how to secure applications from vulnerabilities using a Zero Trust model.

CyberEdBoard, A CISO Community

View our CyberEdBoard Profiles in Leadership Interviews with Marene Allison, CISO at Johnson & Johnson, Diego Souza, Global CISO at Cummins, Nicole Ford, VP & CISO at Carrier and more.

  • 12:30 PM
  • 01:17 PM
  • 01:15 PM
  • 01:24 PM
Track A
Ian Thornton-Trump
Track A: Is There Such a Thing as a Global Talent Pool
Ian Thornton-Trump, CISO, CYJAX
  • 01:15 PM
  • 01:24 PM
Track B
Don Gibson
Track B: The Reality of Ransomware
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
  • 01:30 PM
  • 01:59 PM
Track A
Nick Coleman
Track A: The Future of Secure Digital Payments
Nick Coleman, Chief Security Officer, Real Time Payments, Mastercard

Real-time digital payments: In barely a decade's time, they have gone from vision to broad reality. In his role at Mastercard, Nick Coleman oversees real-time payments and has an inside view of the maturation, evolving threatscape and emerging regulations. In this exclusive session, Coleman discusses:

  • The present and future of real-time digital payments;
  • Threatcasting to determine tomorrow's biggest risks;
  • Emerging technologies that fuel the future of cyber defense.
  • 01:30 PM
  • 01:59 PM
Track B
Clare Messenger
Scott Taylor
Fraser King
Track B: Utilizing Mobile Network Data Insights for Customer Fraud Protection
Clare Messenger, Global Commercial Head of Fraud Protection Services, JT Group
Scott Taylor, Fraud Protection & Compliance Domain, Consultant, EMEA, FICO
Fraser King, Head of Commercial Strategy & Global Business Development- Vodafone Identity Hub, Vodafone Carrier Services
  • 02:05 PM
  • 02:34 PM
Track A
Casey Ellis
Track A: Evolving Your Security Strategy to the Challenges of 2022
Casey Ellis, CTO and Founder, BugCrowd

The cyberthreat landscape continued to evolve and expand in 2021 as attackers found new vulnerabilities and ways to infiltrate organizations. There was also a significant rise in supply chain attacks in the past year, meaning hundreds or even thousands of organizations are at risk of being breached because of a security flaw in a single third party.

In this environment, security teams must shift to a risk-based approach, prioritizing the most important areas of their organization. They should also not be afraid to seek outside help, leveraging the growing number of highly skilled white hat hackers to discover unique types of vulnerabilities across their network.

In this session, Ellis will discuss:

  • The evolving threat landscape and expected trends for 2022;
  • The importance of adopting a risk-based approach;
  • The growth of crowdsourced security and how it works.
  • 02:05 PM
  • 02:34 PM
Track B
Severin Collins
Track B: Ready to Defend – Don’t Bring Flipflops to a 100m Sprint
Severin Collins, Senior Enterprise Sales Engineer , LogRhythm

Cyberattacks and threats such as phishing, malware and ransomware challenge security teams on a daily basis. During the pandemic and with the new increased flexibility of work, office and data locations, it’s never been more critical for security teams to be efficient and effective.

The constant evolution of security tooling is all about providing real-time visibility to detect and respond earlier, faster and more effectively to threats and attacks, all to circumvent existing security controls of the ever-changing attack surface.

During this session, we will discuss how you can ensure your security operations team has the visibility and tools it needs to reduce your organization's response times.

As part of this discussion, we’ll explore:

  • The evolution of security tooling and what is critical to any organisation’s tech stack
  • The Gartner SOC Visibility Triad and why it is still relevant
  • Real-life use-cases and tips for getting buy in from your board to support your investment requirements

Join us for this interactive session and gain actionable insights to help you defend and protect critical data and infrastructure from emerging cyberthreats.

  • 02:40 PM
  • 03:09 PM
Track A
James Blake
Track A: Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

  • 02:40 PM
  • 03:09 PM
Track B
Jay Coley
Track B: Why WAFs Are Running on Empty
Jay Coley, Lead Security Strategy, Fastly

Modern WAFs are powerful, but they can be complex to manage and operate. From deciding on deployment architecture and requirement mapping to DEVOPs (CI/CD) integration and finalizing the myriad of other considerations before moving to the tuning and operationalization phase, all this creates complexity and confusion.

As a result, modern WAFs can be costly to implement in both commercial and staffing terms. Join Jay Coley, lead of security strategy at Fastly, as he demonstrates how you can reduce these issues to ensure your WAF deployments are as flexible and as simple as possible, all the while maintaining rule accuracy and WAF usability.

Exhibits & Networking Break
  • 03:10 PM
  • 03:24 PM
The Art and Science of Translating Cyber Risk and Loss Exposure Into Quantifiable Measures
Douglas Mujana, Vice President Information Technology Risk, Societe Generale
Milos Pesic, Vice President of InfoSec & CyberSec, FSI Sector
Balaji Anbil, Lead Enterprise Architect, Independent at MOD, UK

Because every business is unique, so too are the risks facing each one. Hence the answer to the question "what are the biggest cyber risks we face?" depends on who's asking. Regardless of the answer, however, it's up to the cybersecurity team to not only identify cyber risks, but help business leaders understand the operational risks each one poses, to help them quantify the resulting business risks each one poses and to take responsibility for what happens next.

This expert panel discusses: 

  • Creating a common risk language across the organization 
  • Building a playbook that helps the business identify actual exposure 
  • Strategies for making cyber everyone's responsibility
Douglas Mujana
Milos Pesic
Balaji Anbil
  • 03:25 PM
  • 03:54 PM
Resilience in an Era of Ransomware- Why It Is Important to You and Your Business?
Que Tran, Head of IT, Europe, DP World
Mikil Tamakuwala, Operational Risk Supervisor, VP, Societe Generale
Adam Wedgbury, Head of Enterprise Digital Security Architecture, Airbus
Que Tran
Mikil Tamakuwala
Adam Wedgbury
  • 04:00 PM
  • 04:29 PM
Health Held to Ransom: Protecting the Health of Our Cybersecurity Teams
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
Ian Thornton-Trump, CISO, CYJAX
Deborah Haworth, CISO, Penguin Random House UK

Late last year, the UK government announced its National Cyber Strategy for 2022, a comprehensive plan that aims to establish “a more secure and resilient nation, better prepared for evolving threats and risks.” But what about the personal resilience of our security leaders and their teams? A constantly shifting threat landscape, long work hours, a lack of resources, high staff turnover are all factors that can lead to burnout.

How can a more secure and resilient nation be achieved if we don't look after our people?

This expert panel will share insights and strategies, including:

  • How stress and burnout are emerging in the workplace today;
  • The importance of showing vulnerability as a leader;
  • Tools to build personal resilience and prevent burnout;
  • How organizations can protect the wellbeing of their people.
Don Gibson
Ian Thornton-Trump
Deborah Haworth
  • 04:35 PM
  • 05:04 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM BST on Day 2, Wednesday, May 25th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

A Letter from the Summit Chair
The ISMG team along with the hand-picked cadre of Cyber Security professionals have come together to help design, build and deliver to you a conference that we hope you will find engaging, stimulating and rewarding. We are exploring diverse topics from the art and science of risk (essentially a new way to approach it), Mental Health of CISOs and how to protect both us and high-performing teams, the future threat landscape and many more topics for you.

We expect these sessions to be innovative in content, interactive, challenging to the norm, and most of all, incredibly useful to you going forward. I hope to see you there.

Don Gibson
Head of Cyber, Department of International Trade, HM Gov.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

etc. venues
Name :
etc. venues
Address :
County Hall, Belvedere Road, London, UK

Eric Anderson
Director, Enterprise Security
Adobe
Anderson is the director of the Enterprise Security team at Adobe, where he is a strategic leader driving proactive cybersecurity for the enterprise, including security reference architecture, zero trust architecture, identity and access management, and endpoint security. His team is...
Matt Aldridge
Principal Solutions Consultant
Carbonite + Webroot, OpenText Security Solutions
Aldridge is a cybersecurity veteran with over 25 years of experience. In 2014, he moved to Webroot to work with new customers and partners across EMEA and beyond. He is focused on the integration of BrightCloud Threat Intelligence services and...
Ash Hunt
Group Head of Information Security
Sanne Group
Ash Hunt is the group head of information security at Sanne Group, a FTSE 250 financial services organization. He is a CISO and information security/risk specialist with a decade of experience in complex, multinational environments and has worked extensively across...
Que Tran
Head of IT, Europe
DP World
Tran leads technology across Europe at DP World, a leading enabler of global trade and an integral part of the supply chain. He has over 20 years of senior technology and leadership experience across a range of global organizations and...
Don Smith
Vice President, CTU, Cyber Intelligence Cell
Secureworks
Smith leads the Secureworks Counter Threat Unit’s Cyber Intelligence Cell, or CTU-CIC, a global team of experienced threat analysts who deliver actionable and timely intelligence products on the threats most relevant to Secureworks clients. Based in the U.K., he also...
Clare Messenger
Global Commercial Head of Fraud Protection Services
JT Group
Messenger heads up the Fraud Protection Services division for JT Group - a Tier 1 telecom company with over 600 mobile network operator partners worldwide. Her key priority has been successfully scaling the fraud protection business for JT, and her...
Nick Coleman
Chief Security Officer, Real Time Payments
Mastercard
Coleman is chief security officer for real-time payments at Mastercard, leading the security of cross-border and domestic payments services internationally. He was previously IBM's global head of cybersecurity, risk and intelligence across its 170-plus operating countries. Coleman served as the...
Douglas Mujana
Vice President Information Technology Risk
Societe Generale
Ben Jenkins
Director of Cybersecurity
ThreatLocker
Jenkins is the director of cybersecurity at ThreatLocker. With over eight years of experience working within the technology sector, he specializes in working with SMEs, helping them implement technical solutions that will grow and scale their businesses. As a cybersecurity...
Deborah Haworth
CISO
Penguin Random House UK
With more than twenty years’ experience as an information security professional across multiple industries, Haworth has been at the sharp end of changing attitudes to this discipline. With a gift for cutting through and telling it how it is, regularly...
Mark Read
Head of Data Breach Solutions
TransUnion
Read joined TransUnion in February 2021 and leads the U.K. data breach support service. This encompasses a broad range of TransUnion products, including the leading TrueIdentity platform. Read has worked within financial services for 11 years and spent four years...
Jay Coley
Lead Security Strategy
Fastly
Coley brings over 25 years of security experience to Fastly, where his role is to increase industry focus and visibility on the Fastly Edge platform. After spending time in the U.S. military, Coley started his security career at Prolexic Technologies...
Tom Field
SVP of Editorial
ISMG
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world,...
Glen Hymers
Head of Data Privacy and Compliance
Cabinet Office
Manish Chandela
Group CISO
Unipart Group
Chandela leads development, implementation and monitoring of a strategic and comprehensive enterprise information and cybersecurity program across Unipart’s global footprint. Previously, he held senior security positions at Sainsbury’s Group and IberiaBank.
Balaji Anbil
Lead Enterprise Architect
Independent at MOD, UK
Anbil is currently leading a Cyber mission data architecture initiative at MOD, UK and supporting Data & Cyber startups in UK. In his previous roles as a CISO/CTO, he has led and successfully delivered Enterprise wide Digital, Data and Cyber...
Mark Mitchell
Technical Evangelist, Office of the CTO
Check Point
Mark Mitchell is a Check Point Technical Evangelist for the Office of the CTO. With over 25 years’ experience in IT, in both the commercial and public sectors in Scotland, Mark has worked as an end user and supplier in...
Mikil Tamakuwala
Operational Risk Supervisor, VP
Societe Generale
Tamakuwala has eighteen years of experience in the business and operational risk and controls first and second line of defence roles. He has worked in the front and back-office roles developing a very good understanding of the front to back...
Milos Pesic
Vice President of InfoSec & CyberSec
FSI Sector
Pesic is an award-winning leader utilising two decades of global experience from strategic, operational, advisory and technical leadership roles across highly regulated industry sectors, such as finance, telecom and healthcare. A professional leader with a track record of successful delivery...
Fraser King
Head of Commercial Strategy & Global Business Development- Vodafone Identity Hub
Vodafone Carrier Services
King is head of commercial strategy and global business development for Vodafone Identity Hub, Vodafone Carrier Services. He is a founding member of Vodafone’s Big Data and Advanced Analytics business unit and heads up commercial strategy and business development for...
Mat Schwartz
Executive Editor
ISMG
Casey Ellis
CTO and Founder
BugCrowd
Ellis is the founder, chairman and CTO of Bugcrowd. He is an 18-year veteran of information security, servicing clients ranging from startups to multinational corporations as a pen tester, security and risk consultant and solutions architect, and most recently as...
Don Gibson
Head of Cyber
Department of International Trade, HM Gov.
Don has been a Global Security Architect and a Head of Cyber/CISO across a number of businesses in a wide variety of sectors. He’s seen some things…
Anna Delaney
Director of Productions
ISMG
Ian Thornton-Trump
CISO
CYJAX
Ian Thornton-Trump CD is an ITIL certified IT professional with 25 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF...
James Blake
Field CTO EMEA, Security
Rubrik
With over three decades of operational experience, James Blake is the Field CTO for Security for Rubrik where he assists customers in designing & delivering transformation programs around their cyber resiliency capabilities. James was formerly the Advisory CISO for ServiceNow,...
Marsha Quallo-Wright
Deputy Director - Critical National Infrastructure
National Cyber Security Centre (NCSC) 
Marsha heads up the NCSC team that supports private sector companies, that operate the UK's most critical infrastructure delivering essential services (energy, water, transport, telecoms, finance, civil nuclear, food, space, post).  The team works with industry to make the UK...
Scott Taylor
Fraud Protection & Compliance Domain, Consultant, EMEA
FICO
Taylor joined FICO in 2018 as fraud protection and compliance consultant for EMEA. He has over 34 years of financial services experience and previously worked at Royal Bank of Scotland as the head of investigations and support, fraud and chargeback...
Ariel Kriger
VP Global Sales & Business Development
Infinipoint
Kriger is a seasoned business veteran in the tech and cybersecurity industry. He is very experienced with introducing new technologies to global markets; developing GTM strategies for both direct and indirect businesses, strategic partnerships and alliances; and bringing companies from...
Adam Wedgbury
Head of Enterprise Digital Security Architecture
Airbus
Wedgbury is the head of enterprise digital security architecture at Airbus, reporting directly to the global CISO. He is responsible for building and maintaining the core security controls framework, alongside the design of security standards and architecture patterns. Wedgbury started...
Severin Collins
Senior Enterprise Sales Engineer
LogRhythm
As a Senior Enterprise Sales Engineer at LogRhythm, Severin is responsible for pre-sales activities, working directly with customers and partners in EMEA. With over 20 years’ experience in Information Security, Severin’s experience includes technical pre-sales, risk assessment and analysis, technical...

View Agenda
Future Threat Landscape: If Blended Warfare Isn’t the Threat We Imagined, What Is?
Ash Hunt, Group Head of Information Security, Sanne Group
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
Ian Thornton-Trump, CISO, CYJAX

According to recent research released by the Ponemon Institute, 60 percent of those hit by a breach attributed the root cause to an unpatched known vulnerability. So why do so many systems remain unpatched and how can we close the vulnerability gap efficiently?

This expert panel will share insights and strategies, including:

  • Vulnerability gap challenges and patching prioritization;
  • Separating signal from noise;
  • Assessing vulnerabilities across third parties' systems and software. 
Ash Hunt
Don Gibson
Ian Thornton-Trump
  • 09:10 AM
  • 09:39 AM
Zero Trust Networks = Better Enterprise Security
Eric Anderson, Director, Enterprise Security, Adobe

Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. If you do not find the right balance, users may revolt! This was especially true when Adobe, like you, were faced with the major shift towards more remote and hybrid work as a result of the COVID-19 pandemic. For example, when the pandemic first started and the world began shutting down, we had to move the entire Adobe workforce of more than 22,000 global employees to remote work over a single weekend. Such a massive change all at once requires network security controls that can readily adapt.

Adobe was well-prepared for this change thanks in part to our investment in what we call “Project ZEN.” Project ZEN is an internal initiative at Adobe based upon zero-trust principles. Since there is no “off-the-shelf” solution to fully deliver on these principles, ZEN consists of pioneering technology and policies to make the path to a zero-trust network more efficient and attainable. This effort enabled us to deliver on a more novel approach to managing our user encounters and authentication across the company – increasing security while improving the overall user experience.

In this session Eric Anderson, Director of Enterprise Security at Adobe, will talk about the benefits of a zero-trust approach to network security, our path to Project ZEN, and the benefits we have seen, including how it helped us better navigate the big changes in how our people work precipitated by the pandemic. Eric will provide insights from our experience here at Adobe in building and deploying zero-trust networking that you can use to help improve how your own organizations approach the new hybrid and remote work reality.

Eric Anderson
  • 09:45 AM
  • 10:15 AM
  • 10:20 AM
  • 10:49 AM
Track A
Marsha Quallo-Wright
Track A: Critical Infrastructure Protection: Improving Resilience
Marsha Quallo-Wright, Deputy Director - Critical National Infrastructure, National Cyber Security Centre (NCSC) 

As part of its remit, the U.K.'s National Cyber Security Center, or NCSC, safeguards the nation's critical infrastructure - much of which is controlled within the private sector. Marsha Quallo-Wright, an NCSC deputy director, is responsible for improving critical infrastructure resilience, and in this exclusive session she discusses:

  • The state of critical infrastructure security;
  • The heightened cyberthreat resulting from Russia's invasion of Ukraine;
  • Public/private sector partnerships that can improve critical infrastructure security and resilience.
  • 10:20 AM
  • 10:49 AM
Track B
Adam Wedgbury
Ash Hunt
Milos Pesic
Track B: Awareness and Behavior Change- Is This the True Driver of Risk Reduction in Information Security?
Adam Wedgbury, Head of Enterprise Digital Security Architecture, Airbus
Ash Hunt, Group Head of Information Security, Sanne Group
Milos Pesic, Vice President of InfoSec & CyberSec, FSI Sector

Running user awareness programs continues to be a cornerstone of many corporate information security programs, often driven in part by regulatory requirements. But can, and should, user training be relied on to better secure organizations? Should organizations instead focus their efforts more broadly, for example, by attempting not to train users, but to more effectively influence their behavior? 

Join this session to hear three leading cybersecurity executives share their experiences regarding: 

  • The use, abuse and limits of user training 
  • Working with behavioral psychologists and marketing professionals 
  • The role of user behavior in risk reduction
  • 10:55 AM
  • 11:09 AM
Track A
Mark Read
Track A: The Current Data Breach Landscape
Mark Read, Head of Data Breach Solutions, TransUnion

Rapid digital acceleration seen since the start of the pandemic has transformed the way businesses operate as they adapt to changing consumer behaviors and consumers' expectations of both customer experience and security. Recent world events have increased the risk of cyberthreats and elevated the importance of having a strategic incident response plan in place to deal with a data breach, should it happen.

TransUnion’s data breach solutions can help you take a proactive approach to dealing with data breaches and better protect consumers while helping to reduce financial losses. We do this by developing an efficient and effective response strategy that can help your organization equip customers with tools for combating identity theft, mitigate impacts to reputation and credibility and rebuild trust.

Mark Read, head of data breach solutions for TransUnion in the U.K. and part of TransUnion’s award-winning consumer solutions team, will share his insights into the current data breach landscape, covering the pressing issues faced by businesses across the U.K. and the role TransUnion’s data breach support services can play in helping businesses to reduce the impact of a data breach.

  • 10:55 AM
  • 11:09 AM
Track B
Ariel Kriger
Track B: Apply Device Identity for True Zero Trust Access
Ariel Kriger, VP Global Sales & Business Development, Infinipoint

Zero Trust reference architectures prioritize granular security controls for user devices to protect critical data and services. This includes requirements like continuous device security posture checks, adaptive access controls and end-user self remediation. Infinipoint will discuss how to use device identity to enable a true Zero Trust Access posture for any identity provider and any service.

Exhibits & Networking Break
  • 11:10 AM
  • 11:24 AM
  • 11:25 AM
  • 11:54 AM
Track A
Mark Mitchell
Track A: The Good, the Bad and the Ugly
Mark Mitchell, Technical Evangelist, Office of the CTO, Check Point

While a huge amount of attention is being payed to the concept and attempted actualisation of Zero Trust Security Architectures, the actual practical implementation of a successful trust environment requires a number of steps to deliver a comprehensive and actually useable environment.

This talk will outline practical approaches to the three main challenges for deploying Zero Trust architectures and will touch upon a number of options which will allow for enhanced security while the ZTA is being brought online.

  • 11:25 AM
  • 11:54 AM
Track B
Matt Aldridge
Track B: Threat Watch 2022: Shifts and Trends Shaping our World
Matt Aldridge, Principal Solutions Consultant, Carbonite + Webroot, OpenText Security Solutions

We've looked into our crystal ball to predict the types of threats and potential cybersecurity weaknesses businesses can anticipate and prepare for in 2022. The changes in how we work and do business that arose during 2020 paved the way for new vulnerabilities in 2021, offering attackers unrestricted possibilities to exploit security flaws. Criminals targeted organizations of all sizes and took advantage of a lack of cyber resilience and cybersecurity infrastructure. We anticipate that in 2022 these hacks will only continue to grow and damage all types of organisations. Therefore, it's pivotal to learn how to reduce risks and defend your business from existing and future threats.

  • 12:00 PM
  • 12:29 PM
Track A
Don Smith
Track A: Ransomware and Beyond: Evolution of the Threat Landscape
Don Smith, Vice President, CTU, Cyber Intelligence Cell, Secureworks

The business world has been through a massive evolution in the past few years. Threat actors are no different. They change with the times, preying on unsuspecting organizations and looking for any way to slip past your defenses. No single industry is immune to an attack, but you can be prepared with an understanding of the rapidly evolving threat landscape. After all, cyberthreats change quickly, and your cybersecurity must do the same to keep up.

Join Don Smith, vice president of IT security in the Secureworks Counter Threat Unit, as he discusses the changing threat landscape - including the growing risk of ransomware - as well as how your organization’s security program can keep pace, even with today’s most nefarious threat actors. In this session, Smith will discuss:

  • How cybercriminals have changed their tactics, techniques, and procedures;
  • How your organization’s strategy can evolve with the threats and stay ahead of the curve;
  • The severity of ransomware and how to defend against it;
  • Front-line experiences and best practices from cybersecurity experts.
  • 12:00 PM
  • 12:29 PM
Track B
Ben Jenkins
Track B: Securing Applications from Vulnerabilities with Zero Trust
Ben Jenkins, Director of Cybersecurity, ThreatLocker

In order to protect against the evolving threat landscape, we must change the way in which we protect our data against vulnerabilities. To adapt, organizations are operating within the framework that no user, network, or device can be trusted by default until proven otherwise. Join ThreatLocker’s Director of Cybersecurity, Ben Jenkins, as he discusses how to secure applications from vulnerabilities using a Zero Trust model.

CyberEdBoard, A CISO Community

View our CyberEdBoard Profiles in Leadership Interviews with Marene Allison, CISO at Johnson & Johnson, Diego Souza, Global CISO at Cummins, Nicole Ford, VP & CISO at Carrier and more.

  • 12:30 PM
  • 01:17 PM
  • 01:15 PM
  • 01:24 PM
Track A
Ian Thornton-Trump
Track A: Is There Such a Thing as a Global Talent Pool
Ian Thornton-Trump, CISO, CYJAX
  • 01:15 PM
  • 01:24 PM
Track B
Don Gibson
Track B: The Reality of Ransomware
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
  • 01:30 PM
  • 01:59 PM
Track A
Nick Coleman
Track A: The Future of Secure Digital Payments
Nick Coleman, Chief Security Officer, Real Time Payments, Mastercard

Real-time digital payments: In barely a decade's time, they have gone from vision to broad reality. In his role at Mastercard, Nick Coleman oversees real-time payments and has an inside view of the maturation, evolving threatscape and emerging regulations. In this exclusive session, Coleman discusses:

  • The present and future of real-time digital payments;
  • Threatcasting to determine tomorrow's biggest risks;
  • Emerging technologies that fuel the future of cyber defense.
  • 01:30 PM
  • 01:59 PM
Track B
Clare Messenger
Scott Taylor
Fraser King
Track B: Utilizing Mobile Network Data Insights for Customer Fraud Protection
Clare Messenger, Global Commercial Head of Fraud Protection Services, JT Group
Scott Taylor, Fraud Protection & Compliance Domain, Consultant, EMEA, FICO
Fraser King, Head of Commercial Strategy & Global Business Development- Vodafone Identity Hub, Vodafone Carrier Services
  • 02:05 PM
  • 02:34 PM
Track A
Casey Ellis
Track A: Evolving Your Security Strategy to the Challenges of 2022
Casey Ellis, CTO and Founder, BugCrowd

The cyberthreat landscape continued to evolve and expand in 2021 as attackers found new vulnerabilities and ways to infiltrate organizations. There was also a significant rise in supply chain attacks in the past year, meaning hundreds or even thousands of organizations are at risk of being breached because of a security flaw in a single third party.

In this environment, security teams must shift to a risk-based approach, prioritizing the most important areas of their organization. They should also not be afraid to seek outside help, leveraging the growing number of highly skilled white hat hackers to discover unique types of vulnerabilities across their network.

In this session, Ellis will discuss:

  • The evolving threat landscape and expected trends for 2022;
  • The importance of adopting a risk-based approach;
  • The growth of crowdsourced security and how it works.
  • 02:05 PM
  • 02:34 PM
Track B
Severin Collins
Track B: Ready to Defend – Don’t Bring Flipflops to a 100m Sprint
Severin Collins, Senior Enterprise Sales Engineer , LogRhythm

Cyberattacks and threats such as phishing, malware and ransomware challenge security teams on a daily basis. During the pandemic and with the new increased flexibility of work, office and data locations, it’s never been more critical for security teams to be efficient and effective.

The constant evolution of security tooling is all about providing real-time visibility to detect and respond earlier, faster and more effectively to threats and attacks, all to circumvent existing security controls of the ever-changing attack surface.

During this session, we will discuss how you can ensure your security operations team has the visibility and tools it needs to reduce your organization's response times.

As part of this discussion, we’ll explore:

  • The evolution of security tooling and what is critical to any organisation’s tech stack
  • The Gartner SOC Visibility Triad and why it is still relevant
  • Real-life use-cases and tips for getting buy in from your board to support your investment requirements

Join us for this interactive session and gain actionable insights to help you defend and protect critical data and infrastructure from emerging cyberthreats.

  • 02:40 PM
  • 03:09 PM
Track A
James Blake
Track A: Cyber Resiliency: Achievable Goal or Flight-of-Fancy?
James Blake, Field CTO EMEA, Security, Rubrik

Most organisation’s IT infrastructures remain fragile to cyber attacks, especially the current scourge of ransomware operators sweeping across all verticals and all countries across the globe.  Becoming cyber resilient to these kinds of attack is an emergent property, not a collection of products you can buy.  In this session James will discuss those emergent properties and how he has seen organisations best achieve them using best-practice frameworks and solid engineering principles.

  • 02:40 PM
  • 03:09 PM
Track B
Jay Coley
Track B: Why WAFs Are Running on Empty
Jay Coley, Lead Security Strategy, Fastly

Modern WAFs are powerful, but they can be complex to manage and operate. From deciding on deployment architecture and requirement mapping to DEVOPs (CI/CD) integration and finalizing the myriad of other considerations before moving to the tuning and operationalization phase, all this creates complexity and confusion.

As a result, modern WAFs can be costly to implement in both commercial and staffing terms. Join Jay Coley, lead of security strategy at Fastly, as he demonstrates how you can reduce these issues to ensure your WAF deployments are as flexible and as simple as possible, all the while maintaining rule accuracy and WAF usability.

Exhibits & Networking Break
  • 03:10 PM
  • 03:24 PM
The Art and Science of Translating Cyber Risk and Loss Exposure Into Quantifiable Measures
Douglas Mujana, Vice President Information Technology Risk, Societe Generale
Milos Pesic, Vice President of InfoSec & CyberSec, FSI Sector
Balaji Anbil, Lead Enterprise Architect, Independent at MOD, UK

Because every business is unique, so too are the risks facing each one. Hence the answer to the question "what are the biggest cyber risks we face?" depends on who's asking. Regardless of the answer, however, it's up to the cybersecurity team to not only identify cyber risks, but help business leaders understand the operational risks each one poses, to help them quantify the resulting business risks each one poses and to take responsibility for what happens next.

This expert panel discusses: 

  • Creating a common risk language across the organization 
  • Building a playbook that helps the business identify actual exposure 
  • Strategies for making cyber everyone's responsibility
Douglas Mujana
Milos Pesic
Balaji Anbil
  • 03:25 PM
  • 03:54 PM
Resilience in an Era of Ransomware- Why It Is Important to You and Your Business?
Que Tran, Head of IT, Europe, DP World
Mikil Tamakuwala, Operational Risk Supervisor, VP, Societe Generale
Adam Wedgbury, Head of Enterprise Digital Security Architecture, Airbus
Que Tran
Mikil Tamakuwala
Adam Wedgbury
  • 04:00 PM
  • 04:29 PM
Health Held to Ransom: Protecting the Health of Our Cybersecurity Teams
Don Gibson, Head of Cyber, Department of International Trade, HM Gov.
Ian Thornton-Trump, CISO, CYJAX
Deborah Haworth, CISO, Penguin Random House UK

Late last year, the UK government announced its National Cyber Strategy for 2022, a comprehensive plan that aims to establish “a more secure and resilient nation, better prepared for evolving threats and risks.” But what about the personal resilience of our security leaders and their teams? A constantly shifting threat landscape, long work hours, a lack of resources, high staff turnover are all factors that can lead to burnout.

How can a more secure and resilient nation be achieved if we don't look after our people?

This expert panel will share insights and strategies, including:

  • How stress and burnout are emerging in the workplace today;
  • The importance of showing vulnerability as a leader;
  • Tools to build personal resilience and prevent burnout;
  • How organizations can protect the wellbeing of their people.
Don Gibson
Ian Thornton-Trump
Deborah Haworth
  • 04:35 PM
  • 05:04 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM BST on Day 2, Wednesday, May 25th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

May 24 - 25, 2022

UKI Summit