SS21 LOGO 1200MM (1).png

8th Annual Cyber Security for Business Conference

Wed 23rd March 2022 | 08:00 - 16:30 | Edinburgh
Free to Attend
Headline Sponsor 

Supporters 2021

SBRC LOGO MAIN (002).png

The Summit

Scot-Secure is Scotland’s largest annual cyber security conference. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.


The programme is focussed on improving awareness and best practice through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.


The Summit will be planned as a hybrid event, with sessions hosted live at Dynamic Earth with an in-person audience and streamed via a virtual platform.

The conference is FREE to attend for InfoSec & IT personnel*.

2022 Sponsors 




NCC Group.png









DIGIT has rapidly grown into the largest business technology community in Scotland. We host an extensive series of events focused on emerging technology and practical innovation. We also run Scotland's leading IT & Digital News Platform with over 100,000 page views per month.

The events provide a unique platform for knowledge exchange, drawing stakeholders together to explore challenges, best practice, and business impact. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking and engagement.

​DIGIT will be running this conference as a Hybrid event: you can attend the in-person Summit in Edinburgh or you can log-in remotely and join us from anywhere in the world.

2021 Speakers
(2022 coming soon

SS21 LOGO 1200MM (1).png

Agenda 2021
(2022 coming soon)

SS21 LOGO 1200MM (2).png

Day 1, Wednesday 24th March

SESSION 1 - The Security Landscape

The last twelve months have been one of the most tumultuous periods in recent history, and has proved to be a hugely challenging time for cyber security practitioners. The opening session will contextualise the impact of recent disruptions on the security function, and discuss how we can reshape security to adapt effectively to new threats and organisational demands.  

09:15    Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20    Building Sustainable Security in Reset Normality
Maxine Holt, Senior Research Director, Omdia

09:40    Protecting Today's Hyper-Distributed Digital Workspace
Ady Ringrose, Threat Prevention Specialist, Check Point

10:00    Dot to Dot: The Dangers of Siloed Solutions to Security
Ed Tucker, Snr Director of Cyber Security & Former European CISO of the Year

10:20    Combined Q&A
10:45    Break

SESSION 2 - Practical Security

Session 2 will hone-in on a variety of key security topics in longer, individual slots. Presentations will be run in 30-minute increments across three parallel streams, providing delegates the opportunity to attend three of the options live. The alternative breakouts will be accessible on-demand post event.

11:00     Breakout Option 1

11:30     Breakout Option 2

12:00     Breakout Option 3


11:00     Breakout Session: Choose one option from A, B or C

STREAM 1 (A) Understanding Threat Actors

  • What are Threat Actors, their motivations, and attack types?

  • Why are Threat Actors such a concern for new emerging businesses such as Startups?

  • How has Flo Health adapted to threats and what can other Startups learn from our experiences

Leo Cunningham, CISO, Flo Health

STREAM 2 (B) 3 Tips for Gaining Risk Insights​

  • Learn a new approach and benefits of a repeatable risk scoring method. ​

  • Maximize data collected from integrated business applications. ​

  • Identify improved methods for trusting your risk scores and creating meaningful data for the first line of defence. ​

  • Understand how identifying data relationships can identify and prioritize your most important risks

Scott Bridgen, Offering Manager, OneTrust

STREAM 3 (C) Addressing the Human Challenge of Cybersecurity 
•    2021 Cybersecurity Threat Landscape 
•    Driving efficiency and boosting your ROI with Cybersecurity as a System
•    Endpoint Detection Response and Firewall challenges

Jonathan Hope, Senior Engineer, Sophos

11:30     Breakout Session: Choose one option from D, E or F

STREAM 1 (D) Purple Teaming for Budget Analysis

  • How PurpleTeaming provides an insight into security weaknesses in infrastructure and applications

  • Where PurpleTeaming can be applied to shine a light on process failures, poorly utilized tools, and failings in people, processes, and procedures.

  • How the output of a budget optimization assessment can be employed to ensure security budgets are used in the most efficient way possible.

Eliza May Austin, CEO,

STREAM 2 (E) Changing Cyber Landscapes: The Battle of Algorithms 
•    Paradigm shifts in the cyber-threat landscape 
•    Advancements in offensive AI attack techniques 
•    How defensive AI can fight back  
•    Real-world examples of emerging threats that were stopped with Cyber AI

Georgia Bell, Account Director, Darktrace

STREAM 3 (F) Your Organization Through the Eyes of an Attacker

  • Why hackers are targeting your organization    

  • Three key questions you need to be able to answer about your network security

  • The common mistakes your organization can make when building your defences

  • How your end users can help you can defend against ever-evolving threats

Jai Aenugu, CEO, TechForce

Javvad Malik, Security Awareness Advocate, KnowBe4

12:00     Breakout Session: Choose option G


STREAM 1 (G) Implementing a Voluntary Security Assessment Scheme for Suppliers

  • Supplier security is a major risk, many recent high-profile attacks are the result of an initial third-party breac

  • With the introduction of GDPR through DPA 2018, it is no longer the sole responsibility of a supplier to manage their own security

  • See a case study into a voluntary supplier security assessment scheme for the digital telecare market, that demonstrates voluntary schemes can be effective

  • Hear the key elements that ensure both suppliers and customers benefit, and therefore maximum voluntary market participation is achieved

Andy Grayland, CISO, Digital Office

12:30    Lunch Break: Exhibition & Networking

SESSION 3 - Staying Ahead of the Threat

The final session of Day 1 will reflect on how the Cyber Security landscape is evolving, examining key trends, emerging threats and the future of the sector. The session will also consider how well positioned the industry is to respond to the challenges ahead, and explore opportunities for greater collaboration and increased international cooperation.

13:30    Fireside Chat with Ciaran Martin
Ciaran Martin, Former CEO, NCSC & Jude McCorry, CEO, SBRC

14:00    Cybersecurity Now and in the Future...Are we Ready? 
Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

14:30    Q&A Panel: Future Security – Trends, Threats & Collaborative Opportunity
•    Mark Stephen, Journalist & Broadcaster, BBC Scotland
•    Jude McCorry, CEO, SBRC
•    Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

•    Holly Grace Williams, Managing Director, Secarma

15:00    Close of Session

Day 2, Thursday 25th March

SESSION 1 - Building Effective Internal Process & Security Engagement

The opening session of Day 2 will consider practical steps to improve organisational security: examining the foundations of a straightforward and scalable security programme, looking at DevSecOps and embedding security within continuous delivery pipelines, and then examining the language that we use as practitioners, and how we can improve the effectiveness of our messaging and engagement.

09:15    Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20    Security Never Just ‘Happens’: Building a Resilient Security Programme That Can Scale
Jordan Schroeder, Managing CISO

09:40    DevSecOps: Keep Calm and Secure Your CI/CD Pipeline
Sonya Moisset, Lead Security Engineer, Photobox

10:00    The Importance of Language in Effective Security Engagement
Ceri Jones, Technology Security Manager, NatWest

10:20    Q&A
10:45    Break

SESSION 2 - Security and Privacy in the Data Age

Technological advancements across mobiles, AI and IoT have brought huge benefits for individuals, businesses and society - but computing developments and the explosion in data generation also poses a wide array of privacy and security concerns. This session will explore some of the dangers, examine how we can align security and privacy functions, and discuss how we can better protect personal data in the age of ubiquitous computing.

11:00    Security and Privacy in the Age of Ubiquitous Computing
Mohamed Khamis, Lecturer, School of Computing Science, University of Glasgow

11:20    Cyber Security in Privacy Frameworks
Cristina Costache, Privacy Lead, Strauss Coffee

11:40    Promoting Privacy-Centric Technologies, Policy & Culture
Heather Burns, Policy Manager, ORG

12:00    Combined Q&A
12:30    Lunch Break: Exhibition & Networking


11:00    CSC Interactive Workshops (11:00 – 12:30)
In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.

CSC Interactive Workshop A: Geopolitics of Hacking (Round Table and Q&A)

A panel discussion reviewing the latest nation-state cyber-attacks and their impact around the world for private and public organisations.

  • Federico Charosky, Managing Director, Quorum Cyber

  • Robert Hayes, former Head of the National Technical Assistance

  • Rami Shaath, Senior Intelligence Analyst, Crowdstrike & Founder, 971Sec

  • Ahmed Ali,  VP EMEA at Cyware

  • Don Smith, Director CTU-CIC, SecureWorks

CSC Interactive Workshop B: Securing the Estate (Round Table and Discussion)

  • Discussing all the risks

  • What do we do? People, Technologies, Remote, Cloud

  • What are we not doing? Threat Hunting? Dark web intelligence?

  • How do we prioritise and resource effectively?

  • What metrics can we provide - how do we know we are doing a good job?

Richard Grey, Head of Information Security, FreeAgent

SESSION 3 - Preparing for the Future

The final session will look at preparing the industry for the future, and ensuring that we have the skills, talent and depth within the workforce to respond to the increasing demands upon the sector. The main agenda will then conclude with the closing keynote, looking at one of the most politicised areas of cyber security, and considering whether encryption and cryptography is a force for good or ill within society.

13:30    The Cyber Security Workforce: Key Trends, Challenges and Opportunity
Chris Green, Head of Communications E
MEA, (ISC)² 

13:50    Q&A Panel - Skills & Development: Preparing for the Future of Cyber Security

•    Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University
•    Claire Gillespie, Digital Technologies Sector Skills Manager, SDS
•    Mahbubul Islam, CISO, HM Courts & Tribunal Services & Director, The Security Institute

•    Chris Green, Head of Communications EMEA, (ISC)² 

14:25    Closing Keynote: Encryption and Cryptography: Saviours or Destroyers of Our Society
Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University

14:55    Closing Remarks
15:00    Close of Session


13:30    CSC Interactive Workshops (13:30 – 15:00)

In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.

CSC Interactive Workshop C: Training and Awareness (Round Table Discussion)

  • What approaches have proved most effective?

  • How do you target awareness/training to different areas of the business?

  • Has remote working changed how to approach Security education

  • What doesn’t work/what to avoid

Stu Hirst, CISO, Trustpilot & Co-Founder, CSC

CSC Interactive Workshop D: Modernising Security Operations (Presentation & Discussion)

Moderator - Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

  • What are some of the common components of security operations

  • What we’re struggling with: analyst fatigue, false positives, low fidelity alerts, poor hygiene

  • What we can do about it: improving across people, process, technology and governance

Harry McLaren, Product Lead, Adarma & Co-Founder, CSC


15:30    Exercise in a Box (15:30 – 16:30)

A 60 minute non technical workshop organised by SBRC which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment. Exercise in a Box can be best described as a tool that recreates real world business scenarios and tests your cyber resilience in each scenario. This session will be focusing on the "Phishing Attack Leading to a Ransomware Infection."

Declan Doyle, Head of Ethical Hacking, SBRC 

16:30   End of Session


End of event.

*The conference agenda is provisional and subject to revision