teiss logo
Browse the teissLondon2020 agenda and speakers below.

08:00 Registration and welcome refreshments

Chair’s Opening Remarks

by Thom Langford, Founder, TL(2) Security Show Profile

09:00

Password administration for system owners: The NCSC strategies that can help your organisation remain secure

Plenary keynote

  • Examining and challenging existing corporate password policies, and updating to a modern approach
  • Understanding the decisions to be made when determining password policy
  • Guidance on implementing password policies which support the ways in which people naturally work

by A senior representative (confirmed), NCSC Show Profile

09:10

Technology ethics: How can we create and use technologies so that they deliver maximum benefit and pose minimum harm?

Plenary keynote

  • How can ethical frameworks be deployed across a diverse range of stakeholders?
  • The four areas which urgently require our ethical lens: biometrics, big data, data protection and children’s data.
  • Which approaches could be used to better engage ethical frameworks in the deployment and design of emerging technologies?

by Dr Stephanie Hare, Author of the forthcoming book "Technology Ethics" Show Profile

09:30

Security and Privacy by design: How can information security leaders ensure their organisations avoid a “bolt-on” approach and minimise risk

Plenary panel discussion

  • Where and why does DevSecOps work, and how can Information Security professionals ensure security is not an afterthought
  • Which legal, policy and operational processes need to be considered when implementing privacy engineering?
  • Evaluating whether your systems fulfil users’ privacy needs

by Dr Stephanie Hare, Author of the forthcoming book "Technology Ethics" Show Profile

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

by Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic Show Profile

by Barry J Coatesworth, Chief Security Officer, Non-Executive Director, Technology executive Show Profile

09:50

The Information Commissioner’s Office GDPR investigations and decisions, and expectations in 2020 and beyond

Plenary keynote

  • GDPR investigations and justification behind the decisions on the prominent fines of British Airways and Marriot in 2019
  • What is the current level and nature of GDPR-related complaints being received?
  • What are the ICOs expectations concerning changes in its activity for 2020 and onwards?

by Stephen Eckersley, Director of Investigations, Information Commissioner's Office Show Profile

10:40

11:00 Morning refreshments & networking

How to detect, investigate and respond to insider threats before damage is done

Roundtable discussion

  • Are you able to successfully avoid data loss surprises as a result of employee departures?
  • 90% of insider data loss, leak and theft goes undetected internally. Are you able to detect and respond to insider threats?
  • Why your IT and security teams need to focus on the employee offboarding workflow in order to protect company IP when employees and contractors quit

by Paul Martin CISSP, Senior Systems Engineer, Code42 Show Profile

11:30

Enhancing red and blue teaming with Breach and Attack Simulation

Roundtable discussion

by Tim Ager, VP Sales EMEA, Cymulate Show Profile

11:30

Defending your cyber space with a Threat Intelligence programme

Roundtable discussion

  • What is the consensus view of common definitions, understanding and business value of Cyber Threat Intelligence (CTI) programs?
  • How much external threat monitoring are organisations doing today?  What is the level of organisational awareness of free and paid for CTI services and capabilities?
  • Can you see a way to use CTI for offensive cyber operations against malicious actors? Can CTI programs be leveraged in different ways such as give advanced warning of insider attacks or add value to strategic planning?
  • What are the easy steps to take to build a CTI program for your organization?

by Ian Thornton-Trump, CISO, Cyjax Show Profile

11:30

How do you ensure simple and secure Access Management?

Roundtable discussion

  • What are the challenges that you are facing in the post-perimeter world?
  • How can you be address the 4 key IAM challenges?
  • What is the impact of an IAM investment on your business?

by Charles James, Sales Director, Onelogin Show Profile

11:30

Why would I outsource my SOC?

by Martin Cook, Strategy Director, Cyberseer Show Profile

11:30

State of Security and the State of SOAR

Roundtable discussion

by Toby Van de Grift, Sales Director - UK & Ireland, Swimlane Show Profile

11:30

Live Cyber Attack Workshop

Interactive workshop

  • Watch an attack happen from the “other” side, and how attackers can easily build fake login pages for phishing campaigns
  • Two threat models that can help detect the initial intrusion, even before any data is touched
  • How to spot abnormal access or sharing behaviour in Office 365 the minute it happens
  • How attackers can use malware to move laterally from cloud apps to corporate endpoints

by Matt Lock, Technical Director, Varonis Show Profile

by Matthew Radolec, Director Security Architecture & Incident Response, Varonis Show Profile

11:30

Once more into a breach: A live cyber crisis simulation

Interactive workshop

The best breach response plans cannot factor in the human element when the worst happens. How do time and pressure impact on decision-making? How can organizations be sure that the right people are involved in breach response and know what the wider business impact is? In this live simulation, use your mobile device to control how a fictional company reacts – all in near real time.

  • See the impact of the human element in data breach response
  • Gain a greater understanding of how decisions in a breach scenario have a business-wide impact
  • Examine missteps in responses to recent publicized breaches

by Max Vetter, Chief Cyber Officer, Immersive Labs Show Profile

12:10

ISO27001 and the GDPR: Identifying overlap and streamlining efforts

Roundtable discussion

  • Map the most common security operations standard, ISO 27001 to the world’s most influential piece of privacy legislation, the GDPR
  • Identify how much work toward GDPR compliance that security teams have likely already done
  • Outline six main areas of common ground that should help every organisation align their security and privacy operations
  • Develop a framework to reduce the risk of a damaging incident while increasing productivity and customer trust Understand the importance of building a cohesive compliance strategy across privacy and security teams Learn about the stakeholders, teams, tools and processes that should come together for a comprehensive privacy and security strategy Take away a roadmap and action plan for bridging privacy and security in your organisation

by Alan MacGillivray, Account Executive, OneTrust Show Profile

11:30

Break the Bottleneck: Speed up your vendor onboarding process

Roundtable discussion

  • Review the drivers and challenges organisations face when onboarding vendors
  • Understand the benefits of a proactive onboarding process across functional teams a part of third-party risk management
  • Takeaway a step-by-step guide to vet and validate potential vendors while not slowing down business needs

by Will Wheeler, Strategic Account Executive, OneTrust Show Profile

11:30

90% of critical data breaches are the result of human error. How are you securing against what you don’t know?

Roundtable discussion

  • Securing the human is one of the toughest challenges facing us today; how can we do better?
  • Have you seen a downward trend after education and awareness programmes?
  • How do you successfully address proliferation of shadow IT in an agile, results focused world?
  • How do you know what data is on the wrong side of your firewall and accessible if you aren’t looking for it?

by Thom Langford, Founder, TL(2) Security Show Profile

11:30

How do you involve your supply chain partners in assessing their cyber risk?

Roundtable discussion

11:30

How do you detect and manage your internal threats?

Roundtable discussion

by Jeremy Swinfen Green, Head of Consulting, teiss Show Profile

11:30

How to secure your data in the cloud?

Roundtable discussion

  • The importance of securing your data in the cloud and the challenges that organisations face to ensure data privacy and security.
  • What threats there are when needing to share information securely and quickly?
  • What steps can be taken to manage users who have access to confidential information?

by John Michael, CEO, iStorage Show Profile

11:30

Roundtables are repeated at 12:10 – 12:50

12:50 Lunch & networking

Chair’s opening remarks

by Paul Taylor, Partner - Cyber Security, KPMG Show Profile

13:50

Securing innovation at the speed and scale of DevOps

Case study presentation

  • Why a classic approach to security is no longer scalable, sustainable or rapid enough in a DevOps world
  • How to continuously assess your cloud security risks
  • How to build security directly into all of your cloud deployments regardless of which tools you are using for your CICD process

by David Okeyode, Public Cloud Security Architect, Sophos Show Profile

14:00

Strategies to quantify your organisation’s cyber risk, and making your messages effective at board level

Case study presentation

  • Translating C Suite priorities to your security team
  • Communicating threats and risks upwards to your C Suite
  • Measuring and reporting progress and impact

by Dr Keyun Ruan, Google Cloud Specialist Engineering, Computer Scientist & Author, Google Show Profile

14:20

A CISO’s Guide to Continuous Security Testing

Case study presentation

  • Using pen testing, vulnerability assessments, and other traditional testing methods, the security team can evaluate the organisation’s security posture.
  • However, a quarterly pen-test does not allow the CISO to know on a daily basis if the organization is protected at that moment.
  • What should a CISO’s security posture programme include?

by Tim Ager, VP Sales EMEA, Cymulate Show Profile

14:40

Overcoming CISO Communication issues and the issue of cybersecurity excuses

Case study presentation

 

by Allan Alford, Delivery CISO, NTT Data Services Show Profile

15:00

Chair’s opening remarks

by Jeremy Swinfen Green, Head of Consulting, teiss Show Profile

13:50

Aligning home-life security and company security: Making your people the CISO of their own homes

Case study presentation

  • Instilling the concept that security belongs to everyone in the organisation
  • Focusing on awareness – in work and at home – and beyond
  • Rewarding and recognising colleagues who do the right thing for security

by Sarb Sembhi, CTO & CISO, Virtually Informed Show Profile

14:00

Short-cut Thinking: Working with human nature in security awareness and training

Case study presentation

  • Does your ‘aggregate bias’ lead you wrongly direct your focus to the wrong individuals?
  • How do successful phishing attackers use known cognitive biases to make colleagues behave illogically?
  • Steps towards identifying and eliminating cognitive bias-driven decision-making

by Bridget Kenyon, DIS EMEA CISO and Information Security Programmes, Thales Show Profile

14:20

The ways that your security awareness programme is failing, and what you should do about it

Panel discussion

  • Should awareness focus on implementing good security related behaviours?
  • The failing of the hacker mentality and “telling people not to do that”
  • Avoid treating awareness as a casual activity

by Lucy Payne, Security Awareness and Engagement Lead, Aviva Show Profile

by Reena Shah, Director Cyber Security Culture and Strategy, Refinitiv Show Profile

by Daniela Somerscales, CISO, ClearBank Show Profile

by Dora Ross, Security Awareness & Business Change Professional, Penguin Random House Show Profile

by Oz Alashe, CEO, CybSafe Show Profile

14:40

Secure authentication: balancing security and usability

Case study presentation

  • How to create a seamless authentication experience for customers and employees
  • Learn about the strongest level of defence against phishing and man-in-the-middle attacks
  • Through use cases, learn how organisations provide secure access to business systems, without putting a burden on users with complex security practices

by John Gilbert, GM & Regional VP of Sales, Yubico Show Profile

by James Perkins, Sales Engineer, Okta Show Profile

14:00

Harnessing Artificial Intelligence – Making AI an enabler for cyber professionals rather than an imminent threat

Case study presentation

  • False positives or ‘innocent anomalies’ are a huge distraction for over-stretched security teams
  • How can a unique AI approach gather context and triangulate threats across the entire digital estate?
  • Automate investigation, reduce false positives and simplify the security stack

by Naina Bhattacharya, Director - Cyber Security, EMEIA, EY Show Profile

14:20

Threats in the supply chain: Balancing your internal and the external requirements and competing risk agendas

Panel discussion

  • Which compliance questions reveal the biggest security risks with 3rd parties?
  • Alternative approaches to identifying risk in the supply chain
  • How to work up and down the supply chain to improve information security

by Naina Bhattacharya, Director - Cyber Security, EMEIA, EY Show Profile

by Mike Seeney, Head of Supply Chain Information Risk, Pinsent Masons Show Profile

by Quentyn Taylor, Director of Information Security, Canon EMEA Show Profile

by Holly Grace Williams, Technical Director, Secarma Show Profile

14:40

15:20 Afternoon refreshments & networking

How to create and sustain a high-performance security culture

Case study presentation

  • Is a lack of organisational commitment to proactively prepare and execute effectively the difference between relative success and failure?
  • How is this commitment one of the defining characteristics of a high-performance security culture?
  • Which other characteristics translate into success factors and best practices?

by Dr Dave Chatterjee, World-Renowned Technology Thought Leader and Business Strategist Show Profile

15:50

Empower your people, strengthen your culture and reduce your cyber risk

Keynote presentation

by Dr Jessica Barker, Chair, ClubCISO Show Profile

16:10

Tailoring your security awareness programmes to overcome colleagues’ inbuilt biases

Panel discussion

  • The importance of establishing benchmarks before engaging in any change exercise, both qualitative and quantitative
  • Recognising and reflecting behavioural psychology, cognitive abilities, social attitudes and modern work-environments
  • Definitions and objectives – what do we want the end ‘culture’ to look like, so that we can establish progress against this

by Dr Jessica Barker, Chair, ClubCISO Show Profile

by Dr Dave Chatterjee, World-Renowned Technology Thought Leader and Business Strategist Show Profile

by Marilise de Villiers, Founder & CEO, MDVB Consulting Show Profile

16:30

High-end, regulatory-driven, red-teaming: What are the techniques and how quickly are they evolving?

Case study presentation

  • How the depth of your security assurance isn’t good enough
  • Developing a programme of red-teaming based upon high-end near nation state grade attacks
  • How fast are high-end compromise techniques evolving?

by Ken Munro, Security writer & pentester Show Profile

15:50

Tackling the insider threat – understanding what the risk is through real world examples and how to create an insider threat programme that mitigates that risk

Case study presentation

  • Ensuring evidence-based visibility into user activity to reduce investigation time
  • Making uncovering the intent of the insider your priority
  • Eliminating a mis-allocation of resources when investigating insider threats

by David Boda, CISO, Camelot (National Lottery) Show Profile

16:10

Threat trends in 2020 and beyond; Deep fakes, misinformation and reputational attacks

Panel discussion

  • Meeting the challenge of destructive and disruptive attacks from defence in depth intended to deter intrusive attacks
  • Managing the nuances of a threat management discipline in a risk management culture
  • Changing geo-political context affecting the threat environment for commerce and industry

by Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic Show Profile

by Eamonn Keane, Head of Cyber Security & Innovation, Scottish Business Resilience Centre Show Profile

by Dr Janet Bastiman, Chief Science Officer, Storystream Show Profile

by Nitin Devanand, Technical Evangelist, Manage Engine Show Profile

16:30

17:20 Drinks reception & networking

08:00 Welcome refreshments & networking

Chair’s opening remarks

by Paul Taylor, Partner - Cyber Security, KPMG Show Profile

09:00

‘How secure are we?’: Bringing together cyber, physical and personnel security to address risk, deliver compliance and benefit from common processes

Case study presentation

  • Increasing overlap between security issues/threats that no longer fit within the silos of physical or information
  • 3rd party suppliers and how their (cyber) risk assessments don’t take physical issues into account
  • Benefiting from common policies, processes and skills

by Peter Gibbons, Chief Security Officer, Network Rail Show Profile

09:10

Password-less authentication: Where is biometric or behavioural authentication deployed, and best-practice in implementation

Case study presentation

  • Can SFA securely replace 2FA and MFA?
  • When should something you have replace something you are or something you know?
  • Best-practice in deploying SFA across whole organisations
09:30

Evaluating and minimising information security risks across multi-Cloud estate

Panel discussion

  • Best practice in identifying, mitigating and managing cloud risks
  • Developing a consistent organisation view of cloud risks to make well-informed decisions about vendors and services
  • Using a risk framework for measuring multi-cloud risk

by Nick Taylor, Cloud Programme Manager, Google Show Profile

by Thom Langford, Founder, TL(2) Security Show Profile

by Francesco Cipollone, Chapter Chair, Cloud Security Alliance Show Profile

by Marco Rottigni, Chief Technical Security Officer EMEA, Qualys Show Profile

09:50

Developing and retaining your cyber security professionals using career road-mapping and skills competency frameworks

Case study presentation

  • Defining your organisation’s expectations for Foundational, Industry-related and Occupation-related competencies
  • Which are the most critical security professional competencies for your organisation?
  • Implementing a Cybersecurity Competency Model and measuring impact

by Bharat Thakrar, CISO and Cyber Advocate Show Profile

09:10

Behavioural economics and calculating the impact of your Information Security policies

Case study presentation

  • How your colleagues make mistakes in processing information and planning for the future
  • How do these mistakes distort the information security learning processes?
  • How do emotions and visceral factors affect colleagues’ actions and their connection between information, learning and choices

by James Watson, Advisor, Fraud & Cyber Security, The Behavioural Insights Team Show Profile

09:30

Recruitment, retention and diversity in information security – energising the talent market

Panel discussion

  • Are some skills sets more transferable than others for cyber security careers?
  • Moving away from a blame culture to retain your best security staff
  • Do we have a misalignment of expectations, rather than a skills shortage?

by Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic Show Profile

by Ian Thornton-Trump, CISO, Cyjax Show Profile

by Nicole Keeley, Head of Cyber Security Oversight, Civil Aviation Authority Show Profile

by Holly Foxcroft, Neurodiversity consultant Show Profile

09:50

Cyber AI response in an era of Machine-Speed attacks

Case study presentation

  • The digital battleground has shifted from nation-states to corporations. With attacks causing damage in seconds, it’s critical that security technology can fight back.
  • It’s not enough to merely automate encoded human knowledge from a predefined playbook – as threats become smarter and stealthier, our defences must be equally intelligent.
  • Across cloud, network, IoT devices, and email, autonomous response takes precise action, thwarting threats without causing business disruption.

by Andrew Tsonchev, Director of Technology, Darktrace Show Profile

09:10

Building a people-centric security strategy

Case study presentation

  • More than 99% of all targeted attacks rely on your people to activate them
  • How do you reveal who is being targeted or most at risk of inadvertent error?
  • Hear how building a people centric approach to security can help mitigate the risk from those attacks that

 

by Matt Cooke, Cybersecurity Strategist - International, Proofpoint Show Profile

09:30

Using blockchain for information security in identity management and compliance

Panel discussion

  • How can information security specialists engage with this technology?
  • Insight in the adoption opportunities and challenges for the wider business economy
  • Is blockchain technology in itself secure?

by Dr Maria Grazia Vigliotti, Cybersecurity Expert, Author "The Executive Guide to Blockchain" Show Profile

by Fernando Martinho, Co-Founder & CTO, Naoris Show Profile

09:50

10:40 Morning refreshments & networking

The CISO Balancing Act: Getting the right balance between risk management and resilience

Case study presentation

by Mark Chaplin, Principal, Information Security Forum Show Profile

11:10

Predicting the unpredictable: How you can prevent email data breaches

Interactive workshop

  • As the rise in email data breaches shows, static email security solutions can’t keep pace with growing threats and are failing to protect sensitive information
  • How is it possible for CISOs and security professionals to predict the unpredictable, and mitigate this risk?
  • Understand the psychology behind insider data breaches; how traditional technologies have failed to mitigate this threat; and the role of emerging technology to empower employees to work more securely and prevent email data breaches

by Sudeep Venkatesh, Chief Product Officer, Egress Software Technologies Show Profile

11:10

Data Loss Protection from Insider Threats

Product demonstration

by Paul Martin CISSP, Senior Systems Engineer, Code42 Show Profile

11:10

Okta Adaptive MFA and YubiKey: Simple, Secure Authentication

Product demonstration

by Nic Sarginson, Senior Solutions Engineer, Yubico Show Profile

by James Perkins, Sales Engineer, Okta Show Profile

11:30

How to use automation to address today’s security policy challenges

Product demonstration

by Andy Ellis, Regional Manager Northern Europe, FireMon Show Profile

11:50

12:10 Lunch & networking

Protecting your human resources: Strategies to identify and avoid Information Security professional burn-out during the day-to-day and during a crisis

Plenary panel discussion

  • How to recognise burn out in your team and yourself, and ways in which we can reduce the stress of individuals
  • Building a team culture and values, and how your culture influences honesty and openness
  • Align expectations with vulnerability and remembering the forgotten victims of a data breach

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

by Ian Thornton-Trump, CISO, Cyjax Show Profile

by Allan Alford, Delivery CISO, NTT Data Services Show Profile

by Paul Watts, CISO, Kantar Show Profile

by Marilise de Villiers, Founder & CEO, MDVB Consulting Show Profile

13:40

The InfoSec Leaders’ Legal Briefing: GDPR, Brexit and Data protection changes in global, regional and national jurisdictions

Plenary panel discussion

  • GDPR – Profiling Overview including; Data; Subject; Fundamental Rights
  • Article 22 – Interpretational challenges for sole automated processing
  • What of the future? – identifying risk; working towards more efficient compliance; DPIAs; Privacy by Design and Certification

by Dan Whitehead, Senior Associate, Privacy & Cybersecurity, Hogan Lovells Show Profile

by Joel Harrison, Partner, Milbank Show Profile

by Marta Dunphy Moriel, Commercial Technology Partner, Kemp Little Show Profile

by Rocio de la Cruz, Principal Associate: Lead of Privacy Law and Global DP Projects, Gowling WLG Show Profile

14:40

Chair’s closing remarks

15:30

15:40 Conference close

back to top
teiss logo

Copyright © Lyonsdown Ltd. 2018. All rights reserved. TEISS® is a registered trademark of Lyonsdown Limited.