IN-PERSON

UK & Ireland CISO Executive Summit

7 June 2022 | Royal Lancaster London

7 June 2022
Royal Lancaster London

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Matt Broomhall

Lloyd's of London
CISO

Elaine Brown

Sky Plc
Group CISO & Group Director Technology

Jared Carstensen

CRH
CISO

Luke Fairless

Tesco Plc
Director, Technology (Security Program & Capability)

Matt Gordon-Smith

Gatwick Airport
CISO

Paula Kershaw

Barclays
Chief Controls Officer, Cyber & Resilience

Ewa Pilat

DWS Group
Global CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your UK & Ireland CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

6 June 2022

afternoon

7 June 2022

morning mid-afternoon afternoon

18:00 - 21:00 Governing Body Welcome Reception

Governing Body Private Dinner

Exclusive to Governing Body members and select guests, this dinner is a can’t-miss opportunity to connect with your peers prior to tomorrow’s Executive Summit. Please join your colleagues for an evening of good food, wine, and lively networking.

08:00 - 09:00 Registration & Breakfast

09:00 - 09:45 Keynote

Communicating Risk in key Stakeholders Terms

Imran Ali

Group Chief Information Security & Technology Officer

Compass Group

Craig Charlton

Group CIO

Compass Group

Effectively communicating cybersecurity risk has never been more critical. With security threats now rising to the top of the business agenda, security priorities are becoming business priorities. In this opening keynote session, we’ll explore the journey Imran Ali, Group CISO and CTO & Craig Charlton, Group CIO at Compass Group have gone through to successfully communicate cyber risk to their key stakeholders. We’ll assess the myriad of challenges faced when trying to be changemakers in a global organisation, and what it takes to establish a lasting security culture.

Join this keynote session to discuss:

Discussing the role played by the CISO and CIO in setting risk & compliance strategy
Assessing current risk and security cultures and identifying key metrics to evaluate the success
Examining the ongoing challenges affecting your risk & compliance strategy and how Imran & Craig collaborate to overcome them

09:45 - 10:00 Break

10:00 - 10:45 Breakout Session

CISOs can be Positive

Sarah Lawson

CISO

University College London

In the World of a CISO, doom and gloom can often prevail. Yet due to the heightened threat landscape, and security issues being pushed to the top of the business and news agenda, buy-in from board members has never been so easy. CISOs need to use this moment to progress things faster while they are in the limelight. We often focus on the negative stories, is it time to be positive at this moment?

Join Sarah Lawson, CISO at University College London to explore:

What is going well for you now and what are you not worrying about anymore?
Where are you still missing investment?
How do we view and change awareness to be more positive?

10:00 - 10:45 Breakout Session

Enabling Business Growth With Digital Trust

Ben King

Vice President, Customer Trust

Okta

Victor Shadare

Global Head of Cyber Security

Conde Nast Publications

The concept of digital trust refers to the confidence stakeholders have in an organisation's ability to protect their data, and if maintained successfully, can be a critical business enabler fostering lasting customer loyalty. With a rising threat level, CISOs must view the impact of the perception of their security posture as a driving factor in customer retention and consequently, achieving commercial objectives.

Join this session to explore:

Understanding what digital trust means for CISOs
Discussing the symbiotic relationship between digital trust and IAM
Building customer trust without building friction in the user experience

10:00 - 10:45 Executive Boardroom

Surviving the “Golden Age” of Ransomware

Scott Manson

Director of Cyber Security

Cisco Secure

Oliver Cheal

General Manager and Director of Sales EMEA

Cisco Secure

Matt Broomhall

CISO

Lloyd's of London

Lindsey Bateman

CISO

M&G Plc

Experts are warning that we are experiencing a “golden age” for ransomware. With new attacks reported almost daily, the pressure is on for CISOs to protect against not only sophisticated networks and Ransomware-as-a-Service (RaaS) schemes, but also outdated security mindsets within their own organisations.

Join this session to learn:

Key lessons from recent high-profile attacks
Emerging and evolving trends among threat actors and their targets
Innovative ways to reduce risk and improve resilience

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CxOs).

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

10:00 - 10:45 Executive Boardroom

The Modern CISO’s API Security Strategy – What’s Next?

Filip Verloy

Technical Evangelist EMEA

Noname Security

Mick Ebsworth

Director Information Security

Co-op

Nick Jones

CISO

TUI Group

In today’s climate, having a holistic view on API security is key to protecting organisations from the ever-expanding API attack surface. Proactively securing your environment from API security vulnerabilities, misconfigurations, and design flaws are among the biggest challenges that security leaders face. But how can CISOs identify and eliminate attack surfaces before an attack, and actively test APIs for vulnerabilities throughout the lifecycle, in addition to preventing real-time attacks?

Join this session to discuss:

Remediating management and configuration issues before they become a problem
Security testing for DevOps that integrates into the tools your team is already using
How to build a framework and network architecture to support the rise in remote employees

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

10:45 - 11:30 Networking Break

10:55 - 11:20 Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:30 - 12:15 Breakout Session

Embedding a Meaningful Security Culture Within Your Organisation

Tony Jowett

CISO

ITV

Julian Osborne

CISO

Volkswagen Group UK

Douglas Weekes

Group CISO and Head of Data Governance

Sainsbury's

Security awareness continues to be a key tool for CISOs in the defense against attacks. Yet, it’s difficult to successfully embed a security culture into your organisation and keep at the top of the business agenda year-round. Security culture needs to be viewed in the same light as health and safety, and for this to materialise, CISOs need to be trailblazers to make it happen.

In this session, you will discuss:

What does getting a security culture “right” look like?
Validating your security message has landed and monitoring its progress
Strategies to change the narrative around CISOs being “cyber police”

11:30 - 12:15 Breakout Session

From the Front Lines – The Ransomware Defence Strategies that Worked

David Warshavski

VP, Enterprise Security

Sygnia

Azeem Aleem

Managing Director, Northern Europe

Sygnia

Over the past year, we partnered with more than 100 organizations to defeat ransomware attacks. Join our session to find out what strategies worked for these CISOs, and how you can build on their experience to secure your network. Ransomware attacks have evolved, but if you identify the threat early-on, technologies already in place can eliminate it with no need for additional spend.

Join us and discover:

Real-world case study: The anatomy of a heavyweight ransomware attack
Key pitfalls commonly overlooked by security teams
Quick wins for preventing ransomware attacks without investing in additional technologies

11:30 - 12:15 Executive Boardroom

Beyond Initial Intrusion – Combatting Advanced Threats on the Network

Jamie Moles

Senior Technical Marketing Manager

ExtraHop

Jane Corr

CISO Europe

Great West Life Europe

Jon Segger

Information Security Manager

Linklaters

Based on Gartner's research, 75 percent of cybersecurity budgets go to preventing initial intrusion and only 25 percent on detection and mitigation. However, the real damage to the enterprise happens once the attacker is already inside the network, working their way toward carrying out a costly breach or extortion.

Join this session to discuss:

Key areas to reduce cyber risk and build resilience
The advanced attack techniques that bad actors are forced to rely on and how to spot them
Strategies to increase the speed of detection and mitigation

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

11:30 - 12:15 Executive Boardroom

Overcoming Hurdles to Cloud Migration

Alasdair Anderson

General Manager EMEA

Protegrity

Clare Pryor

Head of Cyber Security Governance, Risk and Compliance

Visa Europe

Reza Salari

Business Information Security Officer

Pacific Life Re

One critical hurdle security teams face when overseeing a cloud migration is managing the plethora of technological benefits offered by cloud providers and the often limited and inadequate data protection. For cloud migration to be a secure success, CISOs must carefully consider how to securely piece together different cloud-security policies in conjunction with the business motivations for migrating their company's digital assets to the cloud.

During this peer-discussion you will explore:

Justifying the business case for cloud migration and aligning it with wider business objectives
Discussing the increased risk of cloud migration due to the current geopolitical cyber landscape
Sharing strategies to overcome blockers on your cloud migration journey

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

12:15 - 12:25 Break

12:15 - 13:30 Lunch Service

12:25 - 12:50 Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

12:50 - 13:30 Break

13:30 - 14:05 Keynote

Third-Party Cyber Risk — Zero-Day Findings and Mitigation Managing

Robert Hannigan

Chairman

BlueVoyant

Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier and partner ecosystem is now your enterprise attack surface.

Join this session to learn:

How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers and partners
Approaches to identify, prioritise and mitigate active threats and critical/zero-day vulnerabilities
Strategies to reduce supply chain/external ecosystem risk associated with zero-day

14:05 - 14:20 Break

14:20 - 15:05 Breakout Session

Keeping Pace With Security Talent Acquisition

Paula Kershaw

Chief Controls Officer, Cyber & Resilience

Barclays

Simon Langley

CISO

ASDA

Ian Snelling

Senior Security Manager

Skipton Building Society

The threat landscape continues to evolve faster than hiring efforts, and CISOs' security teams can’t get left behind. It’s no longer enough to manage your team and hope they stick around. Instead, long-term retention calls for a plan.

Join this conversation to discuss:

Identifying and addressing skill gaps within internal talent mobility
Leveraging career development opportunities to attract and retain talent
Sharing best practices for talent retention and attracting new staff

14:20 - 15:05 Breakout Session

Accounting for Third-Party Risk in Strategic Planning

Rigo Van den Broeck

Executive Vice President, Cyber Security Product Innovation, Cyber & Intelligence

Mastercard

Malcolm Norman

Chief Information Security Officer

Wood

Third parties expose businesses to strategic, operational, financial, and compliance risks. Moreover, leaders have less visibility into third parties than into their own businesses. For many organisations, the pandemic exposed the fragility of the organisation’s third-party network and impressed the need to flex quickly to new third and fourth parties in the extended enterprise to meet demand without increasing risk exposure.

Join this session to discuss:

Standardising third-party risk management assessments to be used by business units
Maintaining visibility of all ongoing third-party relationships
Identifying and mitigating the risks of the third-party network

14:20 - 15:05 Executive Boardroom

Streamlining Security Operations in 2022

Ofir Har-Chen

COO

Hunters.ai

Charl Brits

Head of IT Network & Security

Laing O'Rourke

Don Gibson

Head of Cyber

Department for International Trade

Demand for security roles is constantly increasing and organisations everywhere are facing the same issues time and again – from difficulties hiring and retaining staff to keeping up with security operational challenges. So how can CISOs make their SOCs run more effectively to enhance their security posture and ultimately evolve their security strategy around their workforce?

Join this boardroom to hear more on:

Improving data retention through automation and efficient processes
Amplifying and correlating the right signals while filtering out the noise
Dealing with complex supply chain attacks, insider threats and vulnerabilities

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

15:05 - 15:35 Networking Break

15:35 - 16:20 Breakout Session

CISOs, how are you Feeling Today?

Deborah Saffer

Global Deputy CISO

Cushman & Wakefield

Simon Hodgkinson

Board Advisor

Various Organisations

Steven Trippier

Group CISO

Anglian Water Services

CISOs are under immense stress and pressure, and this is only rising. They are the "silent warriors" who keep their companies safe and don’t seek any recognition for it. But who is looking out for them? CISOs are not an island, and in this session, we’ll explore how CISOs are coping with this pressure, its impact on mental health and emotional wellbeing and tactics to support one another.

Join this panel to discuss:

Sharing different examples of crises and discussing their emotional impact
Identifying methods CISOs can support each other’s wellbeing
Assessing the human side of cybersecurity

15:35 - 16:20 Executive Boardroom

Reframing the Perception of Cyber Risk

Mike Heredia

Vice President EMEA & APAC

XM Cyber

Paul Key

CISO

Smith & Nephew

Quentyn Taylor

Director of Information Security

Canon EMEA

The cyber threat has never been greater, and identifying the impact associated has never been easier, yet successfully reporting this to the board remains a critical hurdle to overcome. Operational teams drown in alerts and long lists of technical weaknesses to fix, but can’t see how these all combine to form paths that attackers exploit to disrupt the business.

Join this Executive Boardroom to discuss:

Resetting the security function to become an enabler of modern digital business
Examining how digital business models are driving greater integration with suppliers and partner
Understanding how current reporting fails to get buy-in from the board

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

15:35 - 16:20 Executive Boardroom

How Autonomous Action Augments Human Teams

Dave Palmer

Chief Product Officer

Darktrace

Manish Chandela

Group CISO

Unipart Group Limited

Soraya MontesdeOca

Group Information Security Officer

Harvey Nichols

The sheer scale and complexity of cyber-threats have meant the challenge of securing your business has gone beyond a human-scalable problem. Security teams are inundated with alerts, while simultaneously trying to monitor data and activity spread across disparate environments, and respond to attacks in real-time. To rise to this challenge, the next phase of security must be automated!

During this peer-discussion you will explore:

Why mounting incidents across organisations is leading to alert fatigue
How to trust the efficacy of autonomous response capabilities to stop in-progress attacks
How automation can help to build cyber resilience and more effectively allocate resources

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

16:20 - 16:35 Break

16:35 - 17:10 Keynote

Getting new Voices into Security

Carole Drape

CISO

John Lewis Partnership

Amanda Finch

CEO

Chartered Institute of Information Security

Andy Powell

Global CISO

A.P. Møller - Maersk

Sarah Self

UK CISO

Aviva

For any industry to be inclusive, innovative and productive a diversity of voices and perspectives is central to achieving this. It's no secret that IT and cybersecurity have fallen short in this area and those at the top have a central part to play in being change-makers.

Join this keynote panel to discuss:

Prompting different ways to think about security and wider business objectives
Clear steps to drive awareness, foster a sense of belonging, and create lasting change
Strategies for building the next generation of security professionals

17:10 - 17:40 Closing Reception & Prize Drawing

6 June 2022

afternoon

7 June 2022

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Location

Venue & Accommodation

Royal Lancaster London

MORE INFORMATION

A block of rooms has been reserved at the Royal Lancaster London at a reduced conference rate. Reservations should be made online or by calling +44 (0) 20 7551 6229 | . Please mention Evanta CISO and CIO Executive Summits to ensure the appropriate room rate.

Deadline to book using the discounted room rate of £309 GBP (plus tax) is 23 May 2022.

RESERVE ROOM