Agenda

Presentations already confirmed include:


► Technology as a Squid That Lost its Shell

Simon Goldsmith, Director of Information Security, OVO Energy

  • Discover why the traditional "fortress" model of cybersecurity failed in our cloud-native, interconnected world
  • Learn from Jurassic squid how to evolve beyond a rigid perimeter by developing three dynamic capabilities.
  • Explore a practical blueprint for this evolution, redefining what we protect (from "people" to "identities") and splitting our response into two distinct, high-velocity workflows for attacks and weaknesses.
  • Understand how to reset your operating model, transforming security from a reactive gatekeeper into a proactive enabler that builds "paved roads" to make the secure way the easy way.

►Fireside Chat: Time for a Reset: Why Resilience is Redefining Risk and the Role of the CISO

Simon Brady, Event Chairman (Moderator) 
Stuart Seymour, Group CISO and CSO, Virgin Media O2

  • Why has cyber lagged so badly behind other risk disciplines?

  • If resilience is the focus, is this really the CISO’s or CISOs need to reinvent themselves as risk leaders?

  • What are the practical impacts of a resilience-first model on budgets, metrics, and board engagement?

  • How does resilience change culture — from blame and prevention to acceptance and preparedness?

  • What skills or mindsets must the next-generation CISO have to thrive as a risk leader rather than just a technologist?


► Enterprise Security Architecture: Huh? What’s That?

Sam Rea, Head of Enterprise Security Architecture, Bupa Group

  • The importance of an integrated Enterprise Security Architecture (ESA) in aligning security with business goals and strategy technology planning and delivery.
  • Establishing a common language and reference architecture that can be used by all technology and security professionals.
  • Improving your organisation's security posture while aligning with industry recognised security frameworks and governance best practices.
  • Driving change within your organisation by building a cross-discipline community to democratise security design knowledge, improving consistency and reducing reliance on individual security SMEs.

►Identity as a Strategic Differentiator in the Age of Cyber Threats

Dr. Marina Egea, Cybersecurity Senior Director, Santander UK

  • The rising complexity of identity as both a business enabler and a critical organizational challenge.

  • Why identity situational awareness is essential to avoid misdiagnosis and guide maturity journeys.

  • Strengthening Internal Identity Governance with CIAM and Lessons Learned

  • Leveraging data and AI to turn identity into a resilience-building, threat-response advantage


►Curiosity to Cybercrime: The Rise of Teenage Hackers

Joe Tidy, Reporter, Presenter & Author, BBC

  • How teenage hacking has shifted from harmless exploration to organized cybercrime
  • The motivations driving young hackers—money, notoriety, and criminal recruitment
  • The typical journey: from gaming cheats and scams to advanced attacks

►Panel Discussion: Ransomware 360°: From First Click to Final Recovery

Simon Brady, Event Chairman (Moderator) 
Joe Tidy, Reporter, Presenter & Author, BBC 
Steve Davies, Head of Cyber Security, DLA Piper 
Federico Charosky, Founder & CEO, Quorum Cyber

  • What’s the smartest social engineering ploy you’ve seen lately — and why did it work?
  • When ransomware hits, where’s the biggest choke point?
  • Is paying ever OK — and when?
  • Where’s the bigger risk — your systems, your suppliers or teenage kids?
  • With limited budget, do you back prevention, detection, recovery, or training?

►Unified Human Risk Management: Connecting the Dots Between Technology, People, and Data

Khetan Gajjar, EMEA CTO, Mimecast

  • Explore how a unified Human Risk Management (HRM) strategy can bridge the gap between external threats and internal vulnerabilities

  • Discover actionable insights to strengthen your organisation’s cyber resilience by leveraging cutting-edge AI, automation, and contextual education to reduce risks and streamline security operations

  • Demonstrate how they can integrate email security with insider risk management to protect sensitive data, ensure compliance across collaboration platforms, and proactively educate employees to foster a culture of cyber awareness

  • Walk away with strategies to simplify operations, minimise incident response times, and stay ahead of emerging threats.


►From Reaction to Resilience: A New Path for Privileged Access

Rob Ainscough, Chief Identity Security Advisor, Silverfort

  • Understand why traditional Privileged Access Management (PAM) methods fall short in today’s evolving cyber threat landscape

  • Explore a modern, identity-centric approach that builds resilience at the core—moving from reactive controls to proactive defence

  • Learn about an agentless, continuous strategy for detecting and preventing privileged identity misuse in hybrid and cloud environments

  • Discover how to reduce attack surfaces, enforce adaptive access policies, and gain granular visibility—without disrupting operational workflows.

Education seminars


Beyond Privileged Accounts: Identity Security for Today’s Dynamic World


Lee Elliott, Senior Director of Solutions Engineering, BeyondTrust

Even with growing budgets and stricter compliance mandates, cyber risk is still on the rise. Identities are a top target, with attackers exploiting hidden Paths to Privilege™ to gain access. Managing elevated permissions across hybrid environments is complex, and traditional PAM tools—focused only on privileged accounts—often leave gaps. This session will look at how modern, identity-focused PAM secures all users, reduces risk, and simplifies access to keep your organization both protected and productive.


Your Forgotten Apps Are an Open Invitation: ADR or Incident Response — Your Choice”


John Wood, Senior Regional Sales Manager, Contrast Security

Here is the uncomfortable truth: most breaches do not start in your Tier 1 apps. They start in the forgotten corners of your estate, the expense tool, the vendor portal, the dusty middleware running on a server no one dares to touch. Attackers know this. They are not hacking your shiny new microservices; they are walking through the side door you left wide open. This talk is a wake-up call for CISOs, AppSec leads, and anyone still pretending “shift left” is enough. We will dismantle the myths, expose the blind spots, and show why ADR is the only control that can protect where you cannot patch, cannot test, and cannot even find the developer who wrote the code. 

Fast, sharp, and slightly dangerous — this session will make you laugh, make you sweat, and leave you with a battle plan that your board will thank you for (and your attacker will hate).

Attendees will learn:

  • “Tier 1 is theatre, Tier 3 is reality.” Learn where breaches actually begin
  • “Shift left is a fantasy, runtime is reality.” Why detection and defence have to live where the code runs
  • “You have 90 days to act — or the attackers will.” A ruthless plan to deploy ADR across your long tail in one quarter

Foundations of GenAI Application Security: Understanding and Mitigating Risks


Donato Capitella, Principal Security Consultant, Reversec

GenAI applications introduce new cybersecurity risks that developers, security professionals, and architects need to address. Attackers exploit these systems primarily through prompt injection and jailbreaking, turning AI capabilities against their intended use. This session breaks down how these attacks work, where traditional security approaches fall short, and what practical strategies can mitigate these risks.

Attendees will learn:

  • Core security challenges when integrating GenAI into software

  • Common attack techniques and real-world exploitation examples

  • What “good” looks like: securing GenAI applications in production