Agenda

Breakfast Networking Break

Chairs Welcome

►Defining and Securing AI Responsibilities in Financial Service

Ioan Nascu, GenAI Security Assurance specialist, Citi 

• Introducing a pragmatic framework that clarifies cybersecurity accountabilities between financial institutions and AI providers
• Leveraging familiar IaaS, PaaS, and SaaS structures to map security responsibilities for AI systems
• Applying the model to Foundation Models to support secure and responsible AI adoption
• Enabling a flexible, high-level approach tailored to the financial sector’s evolving needs

►The Imperative for Cyber Resilience in Financial Services

Guy Batey, Head of Specialist Engineering EMEA, Rubrik

• Attack Reality: Hyper-innovation and Industrialized AI are accelerating attacks, rendering traditional prevention ineffective and expanding the regulatory/technological attack surface
• Strategic Mandate: The security posture must adopt the "Assume Breach" Mandate, acknowledging inevitable compromise
• Shift in Focus: Security emphasis must move from perimeter control to robust in-network capabilities
• Core Pillars: The strategy hinges on rapid Detection, effective Response, and, most critically, Rapid Recovery of business operations post-compromise
• Ultimate Metric: Cyber Resilience—the capacity to withstand the attack and reliably recover—is the only meaningful metric for protecting firm stability and meeting regulatory obligations

►Getting Supply Chain Risk Management Right

Evie Wild, Information Security Officer, EMEA Region, LBBW Bank

• How to build a culture that drives quality awareness and early risk detection
• How to apply focused due diligence and tiering to target the highest-impact risks
• How to empower SMEs and shift left to influence decisions before they solidifGetting supply chain risk management right
• How to control hidden risks by addressing shadow IT/procurement and gating spend before payment

►Education Seminar 1

Delegates will be able to choose from a range of topics:

• Transparent AI & Automation: Taking Control of Phishing Defence, James Hickey, Principle Sales Engineering, Cofense
• Beyond Compliance: Securing AI-Driven Financial Services Against Insider Risk and Emerging Threats, Sven Dehnert, Principal Solutions Consultant, OpenText 

Networking Break

►The Calming of the "Cs"

Gill Fenney, Former Head of IT Risk Governance, Bupa

• Compliance - the ever increasing burden on Financial Services
• Complexity - the nuances of various compliance commitments
• Cost - the cost of attaining and maintaining compliance
• Chaos - the risk of an unstructured approach

►Mapping Criminal Infrastructure: Reducing Financial Exposure from Abused RDP and Bulletproof Hosting

Nick Palmer, Technical Lead, Censys

• Criminal groups use resilient hosting and abused remote access to sustain ransomware and fraud
• Censys + honeypots map patterns in exposed RDP and bulletproof hosting
• Persistent infrastructure increases ongoing financial risk
• Actionable signals help prioritize mitigation despite unclear attribution

►AI in the Financial Trenches: Securing Digital Trust

Paul Fearns, Senior Enterprise Security Architect, EMEA, Akamai Technologies

• Recognise emerging AI-enabled attack patterns in financial ecosystems
• Learn controls that prevent prompt-injection, model-poisoning, and synthetic automation
• Understand frameworks to align AI security with FFIEC, NIST, and OWASP guidance

►Zero Trust Controls at the Endpoint

Raphael Marranghello, Account Executive, Threatlocker

• Discover how ThreatLocker applies Zero Trust at the endpoint, eliminating implicit trust by continuously verifying every application, executable, and action before authorisation
• Learn how a deny-by-default, malware-proofing approach reduces ransomware risk, stopping unauthorised software and scripts even when other security layers are bypassed
• Understand how least-privilege enforcement limits attacker capability, ensuring applications and users can perform only explicitly approved actions on enterprise devices
• Explore how granular, policy-based endpoint control safeguards against modern threats, reducing enterprise exposure to ransomware and other advanced attacks

►Education Seminar 2

Delegates will be able to choose from a range of topics:

• Shadow API: Find Them, Test Them, Fix What Matters, Mark Schembri, Field Software Engineering Manager, Invicti Security
• Adopting AI Across the Workforce with Confidence, James Derbyshire, Cybersecurity Entrepreneur, Harmonic Security

Lunch Networking Break

►Securing the AI Revolution in Banking, Insurance and Asset Management

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Steph Phelps, Global Operational Resilience Specialist, RGA
Claire Schrader, Senior Responsible AI Lead, AI Centre of Excellence, Lloyds Banking Group
Gill Fenney, Former Head of IT Risk Governance, Bupa
Ioan Nascu, GenAI Security Assurance specialist, Citi

For security leaders, the challenge is stark: how do you secure these systems, ensure compliance, and maintain resilience when the technology itself is evolving faster than the controls designed to protect it?

• Future-Proofing Security: Designing adaptive governance and security frameworks that evolve alongside AI, rather than always playing catch-up
• DORA and AI Compliance: How the Digital Operational Resilience Act reshapes resilience expectations in banking, insurance, and asset management, especially for fast-evolving AI systems
• Securing the AI Supply Chain: Managing third-party and model risks, from external data providers to cloud-based AI platforms, in line with DORA’s ICT risk requirements
• Balancing Innovation and Control: Embedding resilience testing and security guardrails without stifling AI-driven innovation

►Keeping Security Teams Sharp in the Absence of Incidents

Steve Armstrong-Godwin, Lead of Security Incident Response and Threat Management, Danske Bank

• Experience-led insights into keeping security teams sharp when incidents are rare but stakes remain high
• Practical methods for building confidence and coordination through low-friction, high-impact exercises
• Design principles for simulations and training that fit real-world constraints, not fantasy budgets
• Tactics to avoid drift, burnout, and complacency—without waiting for a crisis to galvanise the team

►The new CISO deal 

Ryan Virani, Founder, Cyber Moves LTD 

• CISO and Head of Security briefs have changed in the last 2–3 years
• What “good” now looks like in successful CISO appointments, from a talent and behaviours perspective
• Snapshot of current salary and day-rate ranges for CISOs and Heads of Security 
• Where mandate, support and reward are misaligned, and what CISOs are now asking for before they say yes

Networking Break

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Simon Brady, Event Chairman, AKJ Associates (moderator) 
Jonathan Freedman, Director of Technology & Security, Howard Kennedy 
Jonathan Turner, Head of Cyber Security, Farrer & Co 
Federico Iaschi, Information Security Director, Starling Bank
Will Packard, Director - Operational Resilience, Ernst & Young LLP

• How do we turn risk appetite statements into real decision levers instead of paperwork?
• With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
• What cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
• How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?

Closing Remarks

Drinks Reception