7th Annual Cyber Security for Business Conference

​

Wed 24th & Thurs 25th March 2021 | 08:00 - 16:30 | Virtual Event

The must-attend online conference for the cyber security community with keynote talks, breakouts and an exhibition hall - all hosted live on a virtual platform. Free to attend for end users working in IT/ Security  - join us from anywhere in the world.

​

The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: however is now open to the world. The virtual event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. 

The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

​

The conference is free* to attend for InfoSec & IT personnel.

The Summit

Participants

350

Topics

12

Sessions

8

Speakers

24

2021 Speakers

​

Agenda 2021

Day 1, Wednesday 24th March

SESSION 1 - The Security Landscape

The last twelve months have been one of the most tumultuous periods in recent history, and has proved to be a hugely challenging time for cyber security practitioners. The opening session will contextualise the impact of recent disruptions on the security function, and discuss how we can reshape security to adapt effectively to new threats and organisational demands.  

   
09:15    Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20    Building Sustainable Security in Reset Normality
Maxine Holt, Senior Research Director, Omdia

09:40    Protecting Today's Hyper-Distributed Digital Workspace
Ady Ringrose, Threat Prevention Specialist, Check Point

10:00    Dot to Dot: The Dangers of Siloed Solutions to Security
Ed Tucker, Snr Director of Cyber Security & Former European CISO of the Year

10:20    Combined Q&A
10:45    Break

​

​

​

SESSION 2 - Practical Security

Session 2 will hone-in on a variety of key security topics in longer, individual slots. Presentations will be run in 30-minute increments across three parallel streams, providing delegates the opportunity to attend three of the options live. The alternative breakouts will be accessible on-demand post event.

​

11:00     Breakout Option 1

11:30     Breakout Option 2

12:00     Breakout Option 3

11:00     Breakout Session: Choose one option from A, B or C

STREAM 1 (A) Understanding Threat Actors

• What are Threat Actors, their motivations, and attack types?

• Why are Threat Actors such a concern for new emerging businesses such as Startups?

• How has Flo Health adapted to threats and what can other Startups learn from our experiences

Leo Cunningham, CISO, Flo Health

​

STREAM 2 (B) 3 Tips for Gaining Risk Insights​

• Learn a new approach and benefits of a repeatable risk scoring method. ​

• Maximize data collected from integrated business applications. ​

• Identify improved methods for trusting your risk scores and creating meaningful data for the first line of defence. ​

• Understand how identifying data relationships can identify and prioritize your most important risks

Scott Bridgen, Offering Manager, OneTrust

​

STREAM 3 (C) Addressing the Human Challenge of Cybersecurity 
•    2021 Cybersecurity Threat Landscape 
•    Driving efficiency and boosting your ROI with Cybersecurity as a System
•    Endpoint Detection Response and Firewall challenges
Jonathan Hope, Senior Engineer, Sophos

​

11:30     Breakout Session: Choose one option from D, E or F

STREAM 1 (D) Purple Teaming for Budget Analysis

• How PurpleTeaming provides an insight into security weaknesses in infrastructure and applications

• Where PurpleTeaming can be applied to shine a light on process failures, poorly utilized tools, and failings in people, processes, and procedures.

• How the output of a budget optimization assessment can be employed to ensure security budgets are used in the most efficient way possible.

Eliza May Austin, CEO, th4ts3cur1ty.company

​

STREAM 2 (E) Changing Cyber Landscapes: The Battle of Algorithms 
•    Paradigm shifts in the cyber-threat landscape 
•    Advancements in offensive AI attack techniques 
•    How defensive AI can fight back  
•    Real-world examples of emerging threats that were stopped with Cyber AI

Georgia Bell, Account Director, Darktrace

​

STREAM 3 (F) Your Organization Through the Eyes of an Attacker

• Why hackers are targeting your organization    

• Three key questions you need to be able to answer about your network security

• The common mistakes your organization can make when building your defences

• How your end users can help you can defend against ever-evolving threats

Jai Aenugu, CEO, TechForce

Javvad Malik, Security Awareness Advocate, KnowBe4

​

​

​

12:00     Breakout Session: Choose option G

STREAM 1 (G) Implementing a Voluntary Security Assessment Scheme for Suppliers

• Supplier security is a major risk, many recent high-profile attacks are the result of an initial third-party breac

• With the introduction of GDPR through DPA 2018, it is no longer the sole responsibility of a supplier to manage their own security

• See a case study into a voluntary supplier security assessment scheme for the digital telecare market, that demonstrates voluntary schemes can be effective

• Hear the key elements that ensure both suppliers and customers benefit, and therefore maximum voluntary market participation is achieved

Andy Grayland, CISO, Digital Office
 

12:30    Lunch Break: Exhibition & Networking

​

​

​

SESSION 3 - Staying Ahead of the Threat

The final session of Day 1 will reflect on how the Cyber Security landscape is evolving, examining key trends, emerging threats and the future of the sector. The session will also consider how well positioned the industry is to respond to the challenges ahead, and explore opportunities for greater collaboration and increased international cooperation.

13:30    Fireside Chat with Ciaran Martin
Ciaran Martin, Former CEO, NCSC & Jude McCorry, CEO, SBRC

14:00    Cybersecurity Now and in the Future...Are we Ready? 
Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

14:30    Q&A Panel: Future Security – Trends, Threats & Collaborative Opportunity
•    Mark Stephen, Journalist & Broadcaster, BBC Scotland
•    Jude McCorry, CEO, SBRC
•    Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

•    Holly Grace Williams, Managing Director, Secarma

15:00    Close of Session

​

​

​

Day 2, Thursday 25th March

​

SESSION 1 - Building Effective Internal Process & Security Engagement

The opening session of Day 2 will consider practical steps to improve organisational security: examining the foundations of a straightforward and scalable security programme, looking at DevSecOps and embedding security within continuous delivery pipelines, and then examining the language that we use as practitioners, and how we can improve the effectiveness of our messaging and engagement.

09:15    Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20    Security Never Just ‘Happens’: Building a Resilient Security Programme That Can Scale
Jordan Schroeder, Managing CISO

09:40    DevSecOps: Keep Calm and Secure Your CI/CD Pipeline
Sonya Moisset, Lead Security Engineer, Photobox

10:00    The Importance of Language in Effective Security Engagement
Ceri Jones, Technology Security Manager, NatWest

10:20    Q&A
10:45    Break

​

​

​

SESSION 2 - Security and Privacy in the Data Age

Technological advancements across mobiles, AI and IoT have brought huge benefits for individuals, businesses and society - but computing developments and the explosion in data generation also poses a wide array of privacy and security concerns. This session will explore some of the dangers, examine how we can align security and privacy functions, and discuss how we can better protect personal data in the age of ubiquitous computing.

11:00    Security and Privacy in the Age of Ubiquitous Computing
Mohamed Khamis, Lecturer, School of Computing Science, University of Glasgow

11:20    Cyber Security in Privacy Frameworks
Cristina Costache, Privacy Lead, Strauss Coffee

11:40    Promoting Privacy-Centric Technologies, Policy & Culture
Heather Burns, Policy Manager, ORG

12:00    Combined Q&A
12:30    Lunch Break: Exhibition & Networking

---

11:00    CSC Interactive Workshops (11:00 – 12:30)
In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.

​

CSC Interactive Workshop A: Geopolitics of Hacking (Round Table and Q&A)

A panel discussion reviewing the latest nation-state cyber-attacks and their impact around the world for private and public organisations.

​

• Federico Charosky, Managing Director, Quorum Cyber

• Robert Hayes, former Head of the National Technical Assistance

• Rami Shaath, Senior Intelligence Analyst, Crowdstrike & Founder, 971Sec

• Ahmed Ali,  VP EMEA at Cyware

• Don Smith, Director CTU-CIC, SecureWorks

​

CSC Interactive Workshop B: Securing the Estate (Round Table and Discussion)

​

• Discussing all the risks

• What do we do? People, Technologies, Remote, Cloud

• What are we not doing? Threat Hunting? Dark web intelligence?

• How do we prioritise and resource effectively?

• What metrics can we provide - how do we know we are doing a good job?

​

Richard Grey, Head of Information Security, FreeAgent

​

SESSION 3 - Preparing for the Future

The final session will look at preparing the industry for the future, and ensuring that we have the skills, talent and depth within the workforce to respond to the increasing demands upon the sector. The main agenda will then conclude with the closing keynote, looking at one of the most politicised areas of cyber security, and considering whether encryption and cryptography is a force for good or ill within society.

13:30    The Cyber Security Workforce: Key Trends, Challenges and Opportunity
Chris Green, Head of Communications EMEA, (ISC)² 

13:50    Q&A Panel - Skills & Development: Preparing for the Future of Cyber Security

•    Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University
•    Claire Gillespie, Digital Technologies Sector Skills Manager, SDS
•    Mahbubul Islam, CISO, HM Courts & Tribunal Services & Director, The Security Institute

•    Chris Green, Head of Communications EMEA, (ISC)² 

14:25    Closing Keynote: Encryption and Cryptography: Saviours or Destroyers of Our Society
Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University

14:55    Closing Remarks
15:00    Close of Session

---

13:30    CSC Interactive Workshops (13:30 – 15:00)

In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.
 

CSC Interactive Workshop C: Training and Awareness (Round Table Discussion)

• What approaches have proved most effective?

• How do you target awareness/training to different areas of the business?

• Has remote working changed how to approach Security education

• What doesn’t work/what to avoid

​

Stu Hirst, CISO, Trustpilot & Co-Founder, CSC

​

CSC Interactive Workshop D: Modernising Security Operations (Presentation & Discussion)

Moderator - Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

​

• What are some of the common components of security operations

• What we’re struggling with: analyst fatigue, false positives, low fidelity alerts, poor hygiene

• What we can do about it: improving across people, process, technology and governance

​

Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

​

---

​

15:30    Exercise in a Box (15:30 – 16:30)

A 60 minute non technical workshop organised by SBRC which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment. Exercise in a Box can be best described as a tool that recreates real world business scenarios and tests your cyber resilience in each scenario. This session will be focusing on the "Phishing Attack Leading to a Ransomware Infection."

​

Declan Doyle, Head of Ethical Hacking, SBRC 
 

16:30   End of Session

--

​

End of event.

​

*The conference agenda is provisional and subject to revision