Scot-Secure is Scotland’s largest annual cyber security conference. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.
The programme is focussed on improving awareness and best practice through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.
This Summit is geared for InfoSec & IT personnel.
Head of Engineering, Glean
Head of Counter Threat Unit, LEGO Group
Specialist Crime Division: Cybercrime Investigations, Police Scotland
Group Threat Intelligence Analyst, The Weir Group
Technology & Cyber Risk Manager, Tesco Bank
Security Manager, Tesco Bank
CISO, Flo Health
Chief Executive Officer, NCSC
Application Security Engineer, Flo Health
Cyber Incident Response & Threat Intelligence Manager, Cyber and Fraud Centre – Scotland
Director of IT & Operations, Secarma
Senior Enterprise Systems Engineer, SentinelOne
Information Security Awareness, Education and Communications Lead, DWS Group
Vice President, CTU, Secureworks
Director UK & Ireland Sales, BlackBerry Cybersecurity
Global Head, Cyber Security Practice, Business Transformation Group, TCS
Senior Sales Engineer, Arctic Wolf
Cyber Threat Intelligence, Technical Lead, Lloyds Banking Group
Head of Cyber Security, Tesco Bank
Journalist & Broadcaster, BBC Scotland
Thursday 30 March, Dynamic Earth
08.30 Registration desk and exhibition area opens. Tea, coffee and pastries provided.
SESSION 1 Re-watch on Youtube
The opening session will focus on improving the effectiveness of threat detection and response against a backdrop of increased organisational complexity. We will look at optimising internal process, prioritising high-risk attack paths, and addressing some of the persistent failings associated with behavioural security and culture.
09:15 Welcome and Introduction from the Conference Chair
Mark Stephen, Journalist & Broadcaster, BBC Scotland
09:25 Threat Detection and Response in a Product World
Marko Jung, Principal Engineer & Head of Counter Threat Unit, LEGO Group
09:50 Understanding and Prioritising Attack Paths Amid Growing Organisational Complexity
Elliott Went, Senior Enterprise Systems Engineer, SentinelOne
10:10 Why Are We Still Failing to Address the Human Factor?
Robin Lennon Bylenga, Information Security Awareness, Education and Communications Lead, DWS Group
10:35 Combined Q&A
11:00 Networking & Refreshments
SESSION 2 Re-watch on Youtube
Session 2 will explore a series of key topics in a longer presentation format. The session will be run in a breakout format across four parallel streams, providing delegates the opportunity to attend two options live. The alternative breakouts will be accessible on-demand post-event.
11:35 First Breakout Option
12:20 Second Breakout Option
12:50 Lunch and Networking
Breakout options include:
A. Threat Intelligence - Panel Session
• Mike Smith, Cyber Incident Response & Threat Intelligence Manager, Cyber and Fraud Centre – Scotland
• Nick Leitch, Cyber Threat Intelligence, Technical Lead, Lloyds Banking Group
• Jessica Amery, Group Threat Intelligence Analyst, The Weir Group
• DC Kelly Thorburn, Specialist Crime Division: Cybercrime Investigations, Police Scotland
B. API Security: I will IDOR Myself In
• How attackers could gain control of millions of devices by exploiting simple, yet critical API flaws
• How these flaws allow attackers to control and use devices as an initial foothold in large networks
• Exploring the types of devices affected - from routers and alarms to car chargers
• How the era of “central platform” handling that solves a variety of problems backfired by re-introducing a number of old vulnerabilities
Vangelis Stykas, CTO, Tremau
C. Improving Diversity, Inclusion and Resourcing within the Cybersecurity Industry
• Background context on the diversity picture within the industry
• Key objectives of the CIISec D&I programme
• Overview of the different streams and individual focus areas
• The role of the programme in addressing skills and resourcing challenges
• Next steps: opportunity to feedback and help shape future strategy and implementation
Grant Cairns, Cyber Security Manager, Tesco Bank
Durgesh Gaitonde, Technology & Cyber Risk Manager, Tesco Bank
Rory Alsop, Head of Cyber Security, Tesco Bank
D: Rethink your Cyber Resilience Strategy to address Emerging Threats
• How is Cyber Crime & Attack emerging
• Latest threat vectors in ever evolving landscape
• What readiness should organisations have
Kunal V. Pradhan, Global Head of Cyber Security Practice, Business Transformation Group, TCS
12:20 Second Breakout Option
Breakout options include:
E. Responding to the Ever Evolving Threat Landscape
• How threat actors’ tactics, techniques, and procedures have changed
• The severity of ransomware and how to defend against it
• First-hand experiences and best practices from cybersecurity experts
Don Smith, Vice President, CTU, Secureworks
F. From XDR to CSR: Using Prevent as a Strategy to Protect your Organisation & the Environment
• How mature AI modelling lessens the environmental burden
• More prepared does not equal more resource
• Extend your defence and your lifecycles
Lee Beard, Director UK & Ireland Sales, BlackBerry Cybersecurity
G: Stem the Tide: Rise Above Alert Fatigue and Improve Your Security Posture with Limited Resources
• How to maximise your security posture within your current resource set up
• Whether it’s possible to manage large exposures with limited resources
• What you can do to better develop your teams and raise cyber-awareness throughout your company
Brian Stewart, Senior Sales Engineer, Arctic Wolf
H: Introduction to Threat Modelling and its Benefits to Business
• What is threat modelling and when it is useful?
• Who can and should threat model?
• Threat modelling tools and techniques
• Threat Modelling as a risk management activity
• Threat Modelling Diagram basics
Jen Williams, Director of IT and Operations, Secarma
12:50 Lunch and Networking
SESSION 3 Re-watch on Youtube
The afternoon session will look at embedding a proactive security mindset across your organisation. We will explore how to engage with developers and engineering teams to establish genuine buy-in; how applications can be built with a security-first approach by leveraging tools like anonymisation, and how we can communicate effectively with the board and positively engage C-level decision makers.
13:40 Bringing the Party to Security
Gwen Diagram, Head of Engineering, Glean
14:05 Improving Privacy & Security Through Anonymisation
Leo Cunningham, CISO, Flo Health
Kajus Sestokas, Application Security Engineer, Flo Health
14:30 Talking to the Board
Lena Smart, CISO, MongoDB
14:55 Combined Q&A
15:25 Closing Remarks
15:30 End of Session
15:30 Networking Drinks
16:30 End of Summit
Virtual Keynote: On Demand WATCH ON YOUTUBE
An Overview of the 2023 Threat Landscape
Lindy Cameron CB OBE, Chief Executive Officer, NCSC
*The Conference Agenda is provisional and subject to change
The conference will be held live and in-person at the iconic Dynamic Earth in Edinburgh, a professional event space offering panoramic views of the city and Arthur's Seat.
The venue is centrally located in the old town, just 15 minutes walk from Waverly train station, making it easily accessible via public transport. We also offer discounted on-site parking to attendees if you wish to drive and provide light refreshments throughout the day.
DIGIT has rapidly grown into the largest business technology community in Scotland. We host an extensive series of events focused on emerging technology and practical innovation. We also run Scotland's leading IT & Digital News Platform www.digit.fyi with over 50,000 page views per month.
The events provide a unique platform for knowledge exchange, drawing stakeholders together to explore challenges, best practice, and business impact. Our conferences attract a senior delegate following and have become renowned as an important forum for high-level networking and engagement.
You can contact us with any questions on firstname.lastname@example.org