6th Annual Cyber Security for Business Conference

 24/25th March 2021 
Virtual Event - delivered online
Headline Sponsor
check-point_logo_horizontal.png

Supporters 

 

The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. 


The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

The conference is free* to attend for InfoSec & IT personnel

The Conference

2020 Sponsors 

Co-sponsors

Quorum Cyber.jpeg

Exhibitors

TheTechForce.jpeg

Tech Toolbox Sponsors

Lanyard & Registration Sponsors

 

About DIGIT

DIGIT has rapidly grown into the largest independent business technology community in Scotland. We run an extensive series of conferences focused on core areas of emerging Technology, Digital and IT. We also run Scotland's leading IT & Digital News Platform www.digit.fyi with over 100,000 page views per month.

The events provide a unique platform for knowledge exchange, drawing stakeholders together to explore best practice, technological innovation and business outcomes. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.

2020 Speakers

 
CISO, Just Eat
Lecturer in Cybersecurity and Digital Forensics, Edinburgh Napier University
Partner, Red Goat Cyber
Deputy Chief Constable, Police Scotland
Senior Manager, Accenture
CEO, 7 Elements
Non-Executive Director, Decipher Cyber
Head of Information Security, FreeAgent
Deputy CISO, TSB
Enterprise Security Specialist, SonicWall
Strategic Transformation Director, Wallet.Services
Deputy CISO, The University of Edinburgh
Security Researcher & Ethical Hacker
Penetration Tester & Technical Director, Secarma
Director, Information Security, Charles River
Principal Cloud Security Engineer, Just Eat
Head of Information Security, The University of Salford
Product Lead, Adarma
Senior Manager, CSO Supplier Assurance, Lloyds Banking Group
Journalist & Broadcaster - BBC Scotland
Show More

Agenda 2020

Day 1 - Wednesday 19th February

 

8:30               Registration & Networking

SESSION 1

The opening session will consider some of the key security challenges that organisations and InfoSec practitioners are facing. Specific areas of focus will include: business alignment and speed of delivery, the insider threat, and the security landscape for 2020.

09:20     Welcome and Introduction from the conference Chair

Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:30     Security at the Speed of Business: Delivering Security in an Agile World

Kevin Fielder, CISO, Just Eat

09:50     Insider Threats: Looking After Number One

Lisa Forte, Partner & Insider Threat Specialist, Red Goat Cyber

10.10     The Threat Landscape for 2020

Mark Mitchell, Security Engineer, Check Point

10:30     Q&A

11:05     Refreshments & Networking  

   

 

SESSION 2

This session will explore key aspects of cyber security in a smaller group environment. Four breakout sessions will be run in parallel and then repeated, providing delegates an opportunity to attend two of the options on offer.

11:40     First Breakout

12:10     Transition

12:15     Second Breakout

Delegates will select two of the below Breakouts to attend

A. Third-Party Risk Management: Overcoming Today’s Most Common Security & Privacy Challenges

  • Review the drivers and challenges organizations face when managing third-party vendor risk 

  • Identify priorities before, during and after vendor procurement

  • Takeaway a six-step approach for automating the third-party vendor risk lifecycle 

  • Hear real case studies from privacy experts on how to practically tackle the third-party vendor risk

Chris Paterson, Enterprise Solutions Engineer, OneTrust
 

B. Automate or Die

  • Learn how to remediate open source vulnerabilities

  • Over 12% open source is vulnerable, how do you compare

  • What did Equifax do when they got hacked and how could they have prevented it?

Ryan Sheldrake, International Principle Architect, Sonatype
 

C. The New Era of Cyber Threats: The Shift to Self-Learning, Self-Defending Networks

  • Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats

  • How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time

  • How to achieve 100% visibility of your entire business including cloud, network and IoT environments

  • Why automation and autonomous response is enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk

Stuart King, Account Executive, Darktrace
Georgia Terry, Account Executive, Darktrace

 

D. Why Understanding Your Attack Surface Matters

  • What does it mean to obtain and use ‘cyber intelligence’ in a manner that effectively prioritises scarce resources

  • Threats arise for two main reasons; weakness in IT infrastructure and an interest taken by an attacker

  • Ensuring an organisation has the skills, agility, platforms and processes to understand, detect and manage cyber-threats

  • What should the priority be for an organisation that wants to improve its cyber security posture?

 

Wicus Ross, Senior Research Lead, SecureData

 

12:45     Lunch, Exhibition & Networking

 

SESSION 3

This session will provide an opportunity to attend a longer presentation on a specific area of interest. These will cover three distinct areas: security architecture, security awareness and cloud forensics.

Delegates will select one of the streams below to attend.

13:35     Stream 1. Proactive Security Architecture: Changing the Game & Securing the Future

  • How to build a forward looking security architecture capability

  • Embedding strategic threat intelligence in product development

  • Choosing security standards and moving the bar

  • Managing security change in an impatient world

  • Agile? DevOps? No problemo!


Scott Barnett, Deputy CISO, TSB

 

13:35     Stream 2. Security Awareness in Practice

  • Identifying the challenges to overcome when introducing a security awareness program

  • An overview of real-life attacks on the organisation; making the abstract concrete, helping to shape our thinking on awareness training

  • Suggested solutions using the current awareness program at The University of Edinburgh as an example

Garry Scobie, Deputy CISO, The University of Edinburgh

 

13:35     Stream 3. Cloud Forensics: Opportunities and Challenges

  • Facets of cloud forensics: in-cloud, on-cloud and cloud storage forensics

  • Technical, Organisational and Legal dimensions

  • Artefacts and Methods: What’s special about cloud forensics and IR in the cloud?

  • Client-side and server-side, and the role of the CSP

  • Common challenges and opportunities

  • Forensic readiness: what we should do to prepare

Dr Petra Leimich, Lecturer in Cybersecurity and Digital Forensics, Edinburgh Napier University

 

14:10     Transition

 

SESSION 4

Session 4 will explore the offensive tools and techniques used by attackers; examining past security incidents, illustrating how systems were compromised, and considering how breaches could have been prevented. The session will then explore the psychology, tactics and motivations behind hackers, examining how methods have evolved and what the future of cybercrime might look like.


14:10     Incident Analysis: Learning From Past Security Breaches

Holly Grace Williams, Technical Director, Secarma


14:30     Journey from Blackhat to Whitehat: the Psychology, the Tactics and the Future of Cybercrime

Mike Jones, Security Researcher & Former Hacker with Anonymous

 

14:50     Q&A

15:35     Closing Remarks

15:40     Networking Drinks Reception

17:00     Close of Day 1

 

Day 2 - Thursday 20th February

SESSION 1

Day two of the conference will focus on practical steps to improve your organisational resilience and response. The opening session will explore how we think about security strategy within the business; how we set objectives, communicate to the board, measure success and respond to crisis situations.

 

09:20     Welcome from the conference Chair

Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:25     Rethinking Information Security for Maximum Effectiveness

Greg van der Gaast, Head of Information Security, University of Salford


09:45     The A,B,C Don’ts of Incident Response and Crisis Management

Sarah Armstrong-Smith, Non-Executive Director, Decipher Cyber

10:05     Threat Modelling at Board Level

Federico Charosky, Managing Director, Quorum Cyber

10:25     Q&A

10:55     Refreshments & Networking     

 

SESSION 2

Continuing the theme of improving organisational resilience, the main hall session will look at key challenges of securing the estate; examining the main threat factors, exploring practical advice for safeguarding security within complex organisations, and looking at supplier assurance and vulnerabilities from third parties.

In addition to the main hall session, four parallel streams will be run in a smaller group environment, giving delegates the choice to attend a live demo session or participate in an interactive workshop run by a moderator from Cyber Scotland Connect.

11:30     Delegates will choose one of the Session 2 streams to attend

 

Stream 1. Main Hall

11:30     The Five Threat Factors Testing Organisational Resilience

Freha Arshad, Senior Manager, Accenture

11:50     Securing a Complex Enterprise

Ian Chisholm, Director, Information Security, Charles River

12:10     Supplier Assurance – Why Bother?

Val Mann, Senior Manager, CSO Supplier Assurance, Lloyds

12:30     Q&A

 

Stream 2. Security Toolbox: Live Tool Demonstrations

11:30     Prep Your Organisation to Face 2020’s Most Advanced Cyber Threats

  • Findings of the SonicWall 2020 Cyber Threat Report

  • Overview of Security Industry Advancements & Cybercriminal Trends

  • Blueprints and guidance for 2020 and beyond


Colin Gracie, Enterprise Security Specialist, SonicWall

12:00     Q&A

12:10     A More Secure Everywhere

  • Cloud visibility, alerting, security & compliance reporting

  • Network monitoring and analytics

  • User entity & behaviour analytics

  • Cloud configuration drifts/monitoring

  • Incident response management and threat investigation

Phil Taylor, Systems Engineer, Palo Alto Networks

12:40     Q&A

Stream 3. (Interactive Workshop) Mental Health and Burnout

  • What are the causes of Burnout, stress and mental health issues within workplaces?

  • What are businesses currently doing to tackle the problem?

  • What can the Cyber industry do to help?

  • What tangible outcomes can we produce, as a group, to share with the wider community?

Richard Grey, Head of Information Security, FreeAgent

Stream 4. (Interactive Workshop) Implementing the Basics

  • What are the top 5 things a business should focus on with regards to security?

  • How do we develop and recruit great talent?

  • What frameworks can businesses use and how good are they?

  • What are the ‘crown jewels’ for a business and how do we capture and define them?

  • How do ‘the basics’ differ from business to business? What factors are at play?

David Stubley, CEO, 7 Elements

Stream 5. (Interactive Workshop) Security Training and Awareness

  • What are businesses currently lacking when it comes to awareness?

  • What are some of the tried and tested approaches that a business could leverage?

  • How do businesses measure awareness? Can it be measured effectively?

Maggie de Jager, Cyber Security Manager, Scott Moncrieff

 

13:00     Lunch, Exhibition & Networking

 

SESSION 3

The final session will consider the future of security, it will explore the evolution of current cyber trends, the rise of new and emerging technologies, and the challenges and opportunities these will present for business, society and law enforcement. Specific areas of focus within the session will be IoT Security, Artificial Intelligence, DLT and ethical issues.

In addition to the main hall session, three parallel streams will be run in a smaller group environment, giving delegates the choice to attend an interactive workshop run by a moderator from Cyber Scotland Connect.

13:50     Delegates will choose one of the Session 3 streams to attend

 

Stream 6. Main Hall

13:50     IoT Security: Vulnerabilities and Future Challenges

Paul Patras, Associate Professor, The School of Informatics, The University of Edinburgh

14:10     Improving Cyberbreach Reporting with Trust and Security Enabled by DLT

Hannah Rudman, Strategic Transformation Director, Wallet.Services

14:30     Ethical Dilemmas of Policing in the Digital Age

Malcolm Graham, Deputy Chief Constable, Police Scotland

14:50     Q&A

 

Stream 7. (Interactive Workshop) Incident and Breach Response

  • Outlining some types of common incidents and the most appropriate responses

  • Examples of where incident and breach response fell short

  • What are some good examples of incident management from your experience?

  • What do the bad guys want and how does understanding their motives help?

  • What makes up a good incident playbook (response plan)?

  • How might a business respond to a ransomware attack or data breach?

Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

 

Stream 8. (Interactive Workshop) Supply Chain & Third Party Security

  • Large vs small business - dedicated department vs an individual

  • Categorising 3rd parties based on your risk profile

  • Certifications - are these enough?

  • Right to Audit - how easy is this in practice?

  • A consistent approach across all providers

  • What tools can help

Sean Wright, Software Security Engineer

 

Stream 9. (Interactive Workshop) Cloud Security

  • What frameworks are available for cloud risk? Are they any good?

  • What might a business need from a third party when looking to move into the Cloud? Is the Shared Responsibility Model understood?

  • How does Cloud security differ from on-prem security?

  • How important is automation and what should be automated?

  • How might business increase its Cloud Security knowledge?

Stu Hirst, Principal Cloud Security Engineer, Just Eat & Co-founder, CSC

 

15:20     Networking & Drinks Reception

16:30     Close of Conference

*The conference agenda is provisional and subject to change and revision

 

 Registration

Delegate Terms and Conditions (2020)
 The online booking form constitutes a legally binding agreement. We cannot be held responsible for the non-arrival of registration information.

Cancellations must confirmed in writing by 5pm 17th February 2020 to hannah@digit.fyi

Substitutions will be accepted if notified in writing before the event.  It may be necessary for reasons beyond the control of the organisers to alter the content and the timing of the programme or the identity of the speakers. Where conferences are free to attend, a £99 + VAT charge will be levied should the delegate fail to attend on the day and not notify the organisers before the specified time & date.
 
Data Protection
The personal information provided by you will be held on a database by DIGIT and will be shared with exhibitors, sponsors and supporting organisations of the conference.
 
If you do not wish your details to be used for this purpose, please do not check the box on the registration form. For more information and any further enquiries, please contact by email hannah@digit.fyi
 
For sponsorship enquiries, please contact Ray Bugg - ray@digit.fyi or 0131 553 9381.

THE 2020 CONFERENCE HAS NOW FINISHED. THE 2021 EVENT DATE WILL BE ANNOUNCED SOON, WITH REGISTRATION OPENING IN NOVEMBER 2020. FOLLOW US ON SOCIAL MEDIA FOR UPDATES. 

 

IF YOU HAVE ANY QUESTIONS OR WOULD LIKE TO SPEAK, EXHIBIT OR SPONSOR IN 2020 PLEASE CONTACT RAY BUGG ON RAY@DIGIT.FYI OR 0131 553 9381. 

 

Scot-Secure is an end-user event which is free to attend for Security/IT Personnel and Business Leaders working in the Security/IT sector.

​If you are outwith this criteria, or sell technology, security, professional services, consulting & recruitment, a £299 + VAT delegate fee will apply (both days) or £199 + VAT (one day).

Survey

Attended Scot-Secure 2020 and didn't receive the link to survey monkey via email? Please head to https://www.surveymonkey.co.uk/r/Scot-secure2020 or click the button below now.

 

Doing so makes a huge difference and gives you access to the event slides, and allows us to continue bringing free events to Scotland. 

Thank you.

 

Catchpell House

Carpet Lane

Edinburgh

EH6 6SS

Tel: 0131 553 9381

https://digit.fyi/

  • Twitter Social Icon
  • LinkedIn Social Icon
  • Facebook Social Icon
  • Instagram Social Icon

#scotsecure

© 2019 by DIGIT