SCOT-SECURE 2021 Cyber Security Conference

7th Annual Cyber Security for Business Conference

RE-WATCH ON YOUTUBE

Wed 24th & Thurs 25th March 2021 | 08:00 - 16:30 | Virtual Event

The must-attend online conference for the cyber security community with keynote talks, breakouts and an exhibition hall - all hosted live on a virtual platform. Free to attend for end users working in IT/ Security - join us from anywhere in the world.

Headline Sponsor

Supporters

The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: however is now open to the world. The virtual event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.

The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

The conference is free* to attend for InfoSec & IT personnel.

The Summit

2021 Sponsors

Co-sponsors

Skills-Development-Scotland-1-1024x660.p

Exhibitors

Participants

350

Topics

12

Sessions

8

Speakers

24 About DIGIT

DIGIT has rapidly grown into the largest independent business technology community in Scotland. We run an extensive series of virtual conferences and online events focused on core areas of emerging Technology, Digital and IT. We also run Scotland's leading IT & Digital News Platform www.digit.fyi with over 100,000 page views per month.

The virtual events provide a unique platform for knowledge exchange, drawing stakeholders together to explore best practice, technological innovation and business outcomes. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking.

We are delighted to announce that DIGIT will be running our conference programme in a virtual environment. Not only will you be able to enjoy our full events line-up, but you’ll be able to log-in remotely and join us from anywhere in the world.

EXPLORE EVENTS

SEE NEWS SITE

JOIN MAILING LIST

2021 Speakers

SCOT-SECURE 2021 Cyber Security Conferen

Maxine Holt

Senior Research Director, Omdia

Bob Carver

Principal Cybersecurity Threat Intelligence, Verizon

Stu Hirst

CISO, TrustPilot

Sonya Moisset

Lead Security Engineer, Photobox

Prof. Bill Buchanan OBE

Professor, School of Computing, Edinburgh Napier University

Ed Tucker

Snr Director of Cyber Security and former European CISO of the Year

Ciaran Martin

Ciaran Martin, Board Member, SBRC & Former CEO, NCSC

Mahbubul Islam

CISO, HM Courts & Tribunal Services

Andy Grayland

CISO, Digital Office, Scottish Local Government

Leo Cunningham

CISO, Flo Health

Eliza May Austin

CEO, th4ts3cur1ty.company & Founder, Ladies of London Hacking Society

Mohamed Khamis

Lecturer, School of Computing Science, University of Glasgow

Holly Grace Williams

Managing Director, Secarma

Jude McCorry

CEO, SBRC

Jordan Schroeder

Managing CISO

Chris Green

Head of Communications EMEA, (ISC)²

Ceri Jones

Technology Security Manager, NatWest Group

Cristina Costache

EMEA Privacy Lead, Strauss Coffee

Harry McLaren

Product Lead, Adarma

Sophie Lanc

Chief Creative Technology Officer, Ionburst

Richard Grey

Head of Information Security, FreeAgent

Javvad Malik

Security Awareness Advocate, KnowBe4

Federico Charosky

Managing Director, Quorum Cyber

Heather Burns

Policy Manager, Open Rights Group

Georgia Bell

Account Director, Darktrace

Jai Aenugu

CEO, TechForce

Jonathan Hope

Senior Engineer, Sophos

Claire Gillespie

Digital Technologies Sector Skills Manager, SDS

Mark Stephen

Journalist and Broadcaster, BBC Scotland

Ray Bugg

Founder, DIGIT

Agenda 2021

Day 1, Wednesday 24th March

SESSION 1 - The Security Landscape

The last twelve months have been one of the most tumultuous periods in recent history, and has proved to be a hugely challenging time for cyber security practitioners. The opening session will contextualise the impact of recent disruptions on the security function, and discuss how we can reshape security to adapt effectively to new threats and organisational demands.

09:15 Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20 Building Sustainable Security in Reset Normality
Maxine Holt, Senior Research Director, Omdia

09:40 Protecting Today's Hyper-Distributed Digital Workspace
Ady Ringrose, Threat Prevention Specialist, Check Point

10:00 Dot to Dot: The Dangers of Siloed Solutions to Security
Ed Tucker, Snr Director of Cyber Security & Former European CISO of the Year

10:20 Combined Q&A
10:45 Break

SESSION 2 - Practical Security

Session 2 will hone-in on a variety of key security topics in longer, individual slots. Presentations will be run in 30-minute increments across three parallel streams, providing delegates the opportunity to attend three of the options live. The alternative breakouts will be accessible on-demand post event.

11:00 Breakout Option 1

11:30 Breakout Option 2

12:00 Breakout Option 3

11:00 Breakout Session: Choose one option from A, B or C

STREAM 1 (A) Understanding Threat Actors

What are Threat Actors, their motivations, and attack types?
Why are Threat Actors such a concern for new emerging businesses such as Startups?
How has Flo Health adapted to threats and what can other Startups learn from our experiences

Leo Cunningham, CISO, Flo Health

STREAM 2 (B) 3 Tips for Gaining Risk Insights

Learn a new approach and benefits of a repeatable risk scoring method.
Maximize data collected from integrated business applications.
Identify improved methods for trusting your risk scores and creating meaningful data for the first line of defence.
Understand how identifying data relationships can identify and prioritize your most important risks

Scott Bridgen, Offering Manager, OneTrust

STREAM 3 (C) Addressing the Human Challenge of Cybersecurity
• 2021 Cybersecurity Threat Landscape
• Driving efficiency and boosting your ROI with Cybersecurity as a System
• Endpoint Detection Response and Firewall challenges
Jonathan Hope, Senior Engineer, Sophos

11:30 Breakout Session: Choose one option from D, E or F

STREAM 1 (D) Purple Teaming for Budget Analysis

How PurpleTeaming provides an insight into security weaknesses in infrastructure and applications
Where PurpleTeaming can be applied to shine a light on process failures, poorly utilized tools, and failings in people, processes, and procedures.
How the output of a budget optimization assessment can be employed to ensure security budgets are used in the most efficient way possible.

Eliza May Austin, CEO, th4ts3cur1ty.company

STREAM 2 (E) Changing Cyber Landscapes: The Battle of Algorithms
• Paradigm shifts in the cyber-threat landscape
• Advancements in offensive AI attack techniques
• How defensive AI can fight back
• Real-world examples of emerging threats that were stopped with Cyber AI

Georgia Bell, Account Director, Darktrace

STREAM 3 (F) Your Organization Through the Eyes of an Attacker

Why hackers are targeting your organization
Three key questions you need to be able to answer about your network security
The common mistakes your organization can make when building your defences
How your end users can help you can defend against ever-evolving threats

Jai Aenugu, CEO, TechForce

Javvad Malik, Security Awareness Advocate, KnowBe4

12:00 Breakout Session: Choose option G

STREAM 1 (G) Implementing a Voluntary Security Assessment Scheme for Suppliers

Supplier security is a major risk, many recent high-profile attacks are the result of an initial third-party breac
With the introduction of GDPR through DPA 2018, it is no longer the sole responsibility of a supplier to manage their own security
See a case study into a voluntary supplier security assessment scheme for the digital telecare market, that demonstrates voluntary schemes can be effective
Hear the key elements that ensure both suppliers and customers benefit, and therefore maximum voluntary market participation is achieved

Andy Grayland, CISO, Digital Office

12:30 Lunch Break: Exhibition & Networking

SESSION 3 - Staying Ahead of the Threat

The final session of Day 1 will reflect on how the Cyber Security landscape is evolving, examining key trends, emerging threats and the future of the sector. The session will also consider how well positioned the industry is to respond to the challenges ahead, and explore opportunities for greater collaboration and increased international cooperation.

13:30 Fireside Chat with Ciaran Martin
Ciaran Martin, Former CEO, NCSC & Jude McCorry, CEO, SBRC

14:00 Cybersecurity Now and in the Future...Are we Ready?
Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

14:30 Q&A Panel: Future Security – Trends, Threats & Collaborative Opportunity
• Mark Stephen, Journalist & Broadcaster, BBC Scotland
• Jude McCorry, CEO, SBRC
• Bob Carver, Principal Cybersecurity Threat Intelligence, Verizon

• Holly Grace Williams, Managing Director, Secarma

15:00 Close of Session

Day 2, Thursday 25th March

SESSION 1 - Building Effective Internal Process & Security Engagement

The opening session of Day 2 will consider practical steps to improve organisational security: examining the foundations of a straightforward and scalable security programme, looking at DevSecOps and embedding security within continuous delivery pipelines, and then examining the language that we use as practitioners, and how we can improve the effectiveness of our messaging and engagement.

09:15 Welcome from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:20 Security Never Just ‘Happens’: Building a Resilient Security Programme That Can Scale
Jordan Schroeder, Managing CISO

09:40 DevSecOps: Keep Calm and Secure Your CI/CD Pipeline
Sonya Moisset, Lead Security Engineer, Photobox

10:00 The Importance of Language in Effective Security Engagement
Ceri Jones, Technology Security Manager, NatWest

10:20 Q&A
10:45 Break

SESSION 2 - Security and Privacy in the Data Age

Technological advancements across mobiles, AI and IoT have brought huge benefits for individuals, businesses and society - but computing developments and the explosion in data generation also poses a wide array of privacy and security concerns. This session will explore some of the dangers, examine how we can align security and privacy functions, and discuss how we can better protect personal data in the age of ubiquitous computing.

11:00 Security and Privacy in the Age of Ubiquitous Computing
Mohamed Khamis, Lecturer, School of Computing Science, University of Glasgow

11:20 Cyber Security in Privacy Frameworks
Cristina Costache, Privacy Lead, Strauss Coffee

11:40 Promoting Privacy-Centric Technologies, Policy & Culture
Heather Burns, Policy Manager, ORG

12:00 Combined Q&A
12:30 Lunch Break: Exhibition & Networking

---

11:00 CSC Interactive Workshops (11:00 – 12:30)
In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.

CSC Interactive Workshop A: Geopolitics of Hacking (Round Table and Q&A)

A panel discussion reviewing the latest nation-state cyber-attacks and their impact around the world for private and public organisations.

Federico Charosky, Managing Director, Quorum Cyber
Robert Hayes, former Head of the National Technical Assistance
Rami Shaath, Senior Intelligence Analyst, Crowdstrike & Founder, 971Sec
Ahmed Ali, VP EMEA at Cyware
Don Smith, Director CTU-CIC, SecureWorks

CSC Interactive Workshop B: Securing the Estate (Round Table and Discussion)

Discussing all the risks
What do we do? People, Technologies, Remote, Cloud
What are we not doing? Threat Hunting? Dark web intelligence?
How do we prioritise and resource effectively?
What metrics can we provide - how do we know we are doing a good job?

Richard Grey, Head of Information Security, FreeAgent

SESSION 3 - Preparing for the Future

The final session will look at preparing the industry for the future, and ensuring that we have the skills, talent and depth within the workforce to respond to the increasing demands upon the sector. The main agenda will then conclude with the closing keynote, looking at one of the most politicised areas of cyber security, and considering whether encryption and cryptography is a force for good or ill within society.

13:30 The Cyber Security Workforce: Key Trends, Challenges and Opportunity
Chris Green, Head of Communications EMEA, (ISC)²

13:50 Q&A Panel - Skills & Development: Preparing for the Future of Cyber Security

• Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University
• Claire Gillespie, Digital Technologies Sector Skills Manager, SDS
• Mahbubul Islam, CISO, HM Courts & Tribunal Services & Director, The Security Institute

• Chris Green, Head of Communications EMEA, (ISC)²

14:25 Closing Keynote: Encryption and Cryptography: Saviours or Destroyers of Our Society
Prof. Bill Buchanan OBE, Professor, School of Computing, Edinburgh Napier University

14:55 Closing Remarks
15:00 Close of Session

---

13:30 CSC Interactive Workshops (13:30 – 15:00)

In addition to the main hall session, two 90 min interactive workshops will be run in separate parallel streams, giving delegates the choice to participate in a practical discussion in a smaller group. The interactive workshops will be run by a moderator from Cyber Scotland Connect.

CSC Interactive Workshop C: Training and Awareness (Round Table Discussion)

What approaches have proved most effective?
How do you target awareness/training to different areas of the business?
Has remote working changed how to approach Security education
What doesn’t work/what to avoid

Stu Hirst, CISO, Trustpilot & Co-Founder, CSC

CSC Interactive Workshop D: Modernising Security Operations (Presentation & Discussion)

Moderator - Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

What are some of the common components of security operations
What we’re struggling with: analyst fatigue, false positives, low fidelity alerts, poor hygiene
What we can do about it: improving across people, process, technology and governance

Harry McLaren, Product Lead, Adarma & Co-Founder, CSC

---

15:30 Exercise in a Box (15:30 – 16:30)

A 60 minute non technical workshop organised by SBRC which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment. Exercise in a Box can be best described as a tool that recreates real world business scenarios and tests your cyber resilience in each scenario. This session will be focusing on the "Phishing Attack Leading to a Ransomware Infection."

Declan Doyle, Head of Ethical Hacking, SBRC

16:30 End of Session

End of event.

*The conference agenda is provisional and subject to revision