IN-PERSON

UK & Ireland CISO Executive Summit

18 October 2023 | The Landmark London

18 October 2023
The Landmark London

Collaborate with your peers

Get together with UK & Ireland's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Securing AI, Automation and New Technology

Building Operating Models that Foster Agility and Security by Design

Strengthening Cyber Risk's Role as a Driver for Enterprise Decision Making

UK & Ireland CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Jared Carstensen

CRH
CISO

Paula Kershaw

Barclays
MD CCO, Cyber & Resilience

Sarah Lawson

University College London
CISO

Ewa Pilat

DWS Group
Group CISO

Helen Rabe

BBC
CISO

Yolande Young

BUPA
CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your UK & Ireland CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


17 October 2023

18 October 2023

18:00 - 21:30  Governing Body Welcome Reception

Governing Body Welcome Reception

Ahead of the UK & Ireland Summit, Governing Body members will host an exclusive networking reception for all CISO attendees. Join your peers at Carousel in London for dynamic discussions over fantastic food, ethically sourced from farmers, foragers and fishermen. There will be drinks, canapés and food stations catering for all dietary requirements.

08:15 - 09:00  Registration & Breakfast

09:00 - 09:45  Keynote

What's Next for the CISO Role — Evolution or Revolution?

Naina Bhattacharya headshot

Naina Bhattacharya

Group CISO

Danone

Complex, high-pressure and stressful. Three words that many CISOs use to describe their role in improving their organisation's security posture. As the pace of change ever quickens, it's vital to question what the role of the modern CISO should look like, and if the role can be sustained under these current demands. Can you remain productive at this level of pressure for the next 5, 10, or even 20 years? Should the CISO be on the management board, moving to the ‘proper C-suite’? What skills are you missing for the next step? In this keynote address, Naina Bhattacharya Group CISO at Danone will explore these essential questions.

Join this keynote where Naina will discuss:

  • CISO as a technologist — where should the CISO focus be spent on, technology or management?
  • CISO as a business enabler — how is the role evolving into a key business contributor and leader within the business?
  • CISO as a storyteller — how can the CISO use storytelling skills to be seen as a thought leader and innovator?

09:45 - 10:00  Break

10:00 - 10:45  Breakout Session

Checking in on Your Operating Model — A CISO Deep Dive

Manish Chandela headshot

Manish Chandela

Group CISO

Sportradar

Tammy Archer headshot

Tammy Archer

CISO

Inchcape

Douglas Weekes headshot

Douglas Weekes

CISO and Director of Data Governance

Sainsbury's

As enterprises rapidly accelerate their digital initiatives, CISOs are tasked with striking a delicate balance between implementing the right structures and strategies to safeguard your organisation's assets and delivering services and applications faster than ever before. Join this interactive session for a conversation among peers, where you’ll share insights on the rationale behind your operating models and explore how you can leverage your unique perspective and expertise to drive innovation and secure your organisation's future.

Join this session to discover:

  • Sharing how you are evolving your operating model to deliver better speed, agility and security while optimising cost savings  
  • Assessing how your business unit may evolve in line with new technological innovations
  • Positioning your team as security advocates and demonstrating business value

10:00 - 10:45  Breakout Session

Navigating Compliance, Resilience, and Cybersecurity — Strategies for Convergence

Adenike Cosgrove headshot

Adenike Cosgrove

VP, Marketing EMEA

Proofpoint

Benedict Olaoya headshot

Benedict Olaoya

CISO

SGN

Compliance vs. security. Compliance and security. The dichotomy between compliance and security persists, yet their convergence remains a strategic imperative and has never been more paramount. Amid the time invested in regulatory engagement, the perception that compliance drives security strategies gains prominence. Compliance forms a baseline but as the threat landscape continues to evolve at an ever-increasing pace, we must convince the board to continue to invest beyond the baseline.

In this session, Benedict Olaoya, (CISO, SGN) and Adenike Cosgrove (VP EMEA Marketing, Proofpoint) will delve into the symbiotic relationship—the dance—between cyber resilience, regulatory compliance, and continued investment once compliance goals are met.

Join this session to:

  • Explore the intricate relationship between compliance and cyber resilience — fortifying your organisation's defences against emerging threats
  • Examine how compliance obligations can enhance proactive security change
  • Discuss methodologies and approaches to negotiating with the board to secure security investments

10:00 - 10:45  Executive Boardroom

How is Third-Party Risk Evolving?

Jason Huggett headshot

Jason Huggett

Regional Director

RiskRecon - A MasterCard Company

Stuart Seymour headshot

Stuart Seymour

Director of Security (Group CISO and CSO)

Virgin Media O2

Simon Langley headshot

Simon Langley

CISO

ASDA

Third-Party Risk remains a key priority for CISOs globally, as dependence on third-party services continues to escalate. In today's age of perpetual digital transformation, organisations are heavily reliant on third-party services. However, given the escalating frequency of breaches among third parties, it is crucial to evaluate how this risk is evolving and for CISOs to stay ahead of the threat curve.

Join this session to discuss:

  • Assessing how the Third-Party Risk landscape is developing
  • Discussing methods for CISOs to better collaborate on how vetting suppliers
  • Debating who should be on the hook for a breach, where should the responsibility fall

10:00 - 10:45  Executive Boardroom

The CISO as a Savvy Board Communicator

Ash Hunt headshot

Ash Hunt

Global CISO

Apex Group

Charl Brits headshot

Charl Brits

Group CISO

Laing O'Rourke

Toks Oladuti headshot

Toks Oladuti

Global CISO

Dentons

Translating the organisation's cybersecurity posture to the board can be a catalyst in improving organisational resilience and building strong rapport. How do you communicate security initiatives clearly when the stakes are high?

Join this session to discuss:

  • Leveraging your expertise to build trust
  • Demystifying cybersecurity spending
  • Translating cybersecurity into actionable language

10:45 - 11:45  Networking Break

10:55 - 11:40  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:45 - 12:30  Breakout Session

Securing Your Organisation — A CISO's Perspective on NIST

Derek Cheng headshot

Derek Cheng

CISO

Deliveroo

The Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) is an essential tool for managing cyber risks. It offers a comprehensive approach that helps organisations identify, assess, and handle cybersecurity threats more effectively. Despite its widespread use, the framework is often overlooked and deserves further exploration, particularly from the perspective of a seasoned CISO like Derek Cheng, who has been implementing it for many years. In this session, Derek Cheng, the CISO at Deliveroo, will share his insights into the framework's strengths and weaknesses.

Join Derek, where he’ll unpack the NIST Cybersecurity Framework:

  • Lessons learned from NIST adoption — what you need to be cognisant of when implementing NIST
  • Considering why NIST may be the best framework for you 
  • Addressing NIST’s shortcomings — managing complexity and budget constraints

11:45 - 12:30  Breakout Session

Challenging the Rules of Security — There Has to be a Better Way to Protect the Enterprise!

Oliver Madden headshot

Oliver Madden

Chrome Browser Enterprise Lead

Google Chrome Enterprise

Reza Salari headshot

Reza Salari

Head of Business Information Security (BISO)

Pacific Life Re

Dan Burns headshot

Dan Burns

Head of Information Security

Next

The threats are constantly growing and so are the costs. Protecting endpoints is one of the many challenges faced by CISOs. Faced with continuously evolving attacks, CISOs must now escape from this quagmire and make game-changing improvements in cybersecurity and administration to prevent cyberattacks and ransomware. Every endpoint could provide an attacker access to the corporate network, but IT organisations today can capitalise on several layers of control to ensure stronger security and operations, whilst ensuring productivity is not compromised. Join this session to discuss:

  • Rethinking your capabilities for strengthening endpoint security and simplifying endpoint management
  • Looking at defence in-depth, securing devices as well as connections, and creating innovative multi-layered defences at different levels
  • Striking the balance between effectively protecting the enterprise without compromising the overall productivity of users

11:45 - 12:30  Executive Boardroom

A CISO's Guide to Shifting Your AppSec Focus — Advancing Your Developer's Experience With AppSec

Fabiano Lima headshot

Fabiano Lima

Head of Global Sales

Checkmarx

Ian Snelling headshot

Ian Snelling

Senior Security Leader

Skipton Building Society

Effective application security (AppSec) requires developers to play a critical role. However, they often face the challenge of balancing productivity with security and resisting top-down solutions. Not understanding this can create friction, and lead to a negative impact on developer experience, engagement and overall output. To establish a long-term successful AppSec framework, it is crucial to engage with developers early and frequently.

Join this Executive Boardroom and leave with actionable insights on:

  • Best practices on improving collaboration between DevOps, Security and Technology teams — accelerating secure applications and transformations
  • Case studies on improving developer experience and engagement to maximise the value of AppSec
  • Recasting AppSec teams as security facilitators and maintaining oversight of the developer teams’ security efforts

11:45 - 12:30  Executive Boardroom

Securing and Driving the Business – The Power of Security Operations

Eduardo Mastranza headshot

Eduardo Mastranza

VP, TM EMEA SRM Executive Partners

Gartner

Soraya Viloria-Montes de Oca headshot

Soraya Viloria-Montes de Oca

Group Information Security Officer

Harvey Nichols

Paul Key headshot

Paul Key

CISO & VP Information Security

Smith & Nephew

Sure, your SOC’s strength is the make-or-break factor when it comes to threat detection, but that’s simply the beginning. With the right security operations culture, you can increase efficiencies and, through that, drive the business forward.

Join your C-level peers for:

  • An interactive conversation on winning security operations strategies
  • A chance to measure your security operations program against those of your peers
  • A proactive approach to keeping your business ahead and risk free

12:30 - 13:30  Lunch Service

13:30 - 14:00  Keynote

Realising Business Value with Zero Trust Security

Marc Lueck headshot

Marc Lueck

CISO - EMEA

Zscaler

Ian Buffey headshot

Ian Buffey

CISO

AtkinsRéalis

Uncertain economic times force leaders to do more with less. The tech industry is going through a period of downsising and cybersecurity budgets are not immune from cuts. Executives must be creative if they want to maintain or expand their operations with fewer resources. Fortunately, cloud technology offers businesses several ways to maximise their investments.

Join this session to learn:

  • How the cloud can reduce security risks while driving greater productivity
  • Ways software-defined solutions can securely transform your business into a supercharged connectivity engine
  • Tricks for performing simplified M&As and reducing network complexity without exposing your organization to new risks

14:00 - 14:15  Break

14:15 - 15:00  Breakout Session

Overcoming Third-Party Risks & BYOD Challenges with the Enterprise Browser

Steve Tchejeyan headshot

Steve Tchejeyan

President

Island

Third-party contractors are becoming increasingly important to organisations due to the rise of the gig economy and the need for specialised project work. However, hiring these contractors can lead to additional Third-Party Risks, costs, and complexities. When using contractors CISOs may choose to allow them to bring-your-own-device (BYOD), but this comes with its own set of security challenges. One solution could be to adopt cutting-edge enterprise browser technologies to overcome this and ensure secure Third-Party Access.

Join this session for an interactive, open discussion on the community's viewpoint on the relationship between Third-Party Risk, Third-Party Access and BYOD:

  • Your chance to brainstorm with your fellow CISOs an approach to Third-Party Risk, access and BYOD
  • Applying technologies like the enterprise browser to secure your company’s assets and limit the potential risks of Third-Party Access
  • Streamline and secure third-party contractor access and BYOD strategies

14:15 - 15:00  Executive Boardroom

Moving Past the Noise — Exploring the Benefits of Generative AI For CISOs

Luke Fairless headshot

Luke Fairless

Director, Technology (Security Program & Capability)

Tesco Plc

Khadir Fayaz headshot

Khadir Fayaz

SVP, Digital & Cyber

CBRE

Generative AI "Gen AI" is the buzzword of the moment, and it has the potential to bring about transformative changes in the business world. However, it also poses significant risks, such as ad hoc employee adoption that creates new attack surfaces, as well as increased risks to privacy, sensitive data, and intellectual property. Nevertheless, there are ample opportunities for CISOs to capitalise on this AI boom. In this session, we will have an open benefit-focused discussion to explore how you can leverage Gen AI to their advantage.

Join this boardroom to discuss:

  • Sharing AI uses cases that benefited your cyber team
  • Striking the balance between security risks and AI innovation
  • Questioning the limits of where AI can assist your team

14:15 - 15:00  Executive Boardroom

The Harsh Truth About Navigating Ransomware Response

Neil Binnie headshot

Neil Binnie

Head of Information Security

Morgan Sindall Group

Thomas Harvey headshot

Thomas Harvey

CISO

Santander UK

Martina Costelloe headshot

Martina Costelloe

SVP Information & Technology

SMBC Aviation Capital

IT leaders across the globe are asking themselves that question as ransomware grows increasingly prevalent and as attackers continue to raise their demands. It may seem difficult to prioritise building out your recovery plan when you could spend that time focused on increasing defensive measures but recovering from ransomware is not a process you want to wing.

Join this session to discuss:

  • Best practices for ransomware recovery
  • Key pitfalls most organisations make when attempting a ransomware recovery and how to avoid them
  • How to build a foundation for developing a thorough, practical, and well-documented plan of action and why timing is critical

15:00 - 15:30  Networking Break

15:30 - 16:15  Breakout Session

Securing the Future — Staying Ahead of the Security and Risk Management Curve

Eduardo Mastranza headshot

Eduardo Mastranza

VP, TM EMEA SRM Executive Partners

Gartner

Gartner's annual predictions have become a source of inspiration for leaders across multiple industries. In this presentation, we have gathered the top cybersecurity predictions from our expert team, providing a valuable resource for security and risk management leaders seeking to stay ahead in the digital era. By monitoring these trends, leaders can prepare themselves and their organisations for the challenges ahead. With global change a constant factor, the ability to anticipate and adapt to crises is crucial. Join us as we explore the strategies and insights that can help you succeed in an ever-changing world.

In this interactive session, Eduardo Mastranza VP, TM EMEA SRM Executive Partners at Gartner will explore:

  • What are the major trends affecting the security and risk management leader?
  • What are the top priorities for the security and risk management leader?
  • What actions and best practices should the security and risk management leader initiate?

15:30 - 16:15  Executive Boardroom

Rethinking Security Awareness — One Size Does Not Fit All

Neil Weller headshot

Neil Weller

Group CISO

OCS Group

Paul Griffiths headshot

Paul Griffiths

CISO

Delinian

Michell Martins headshot

Michell Martins

CISO

Scania

Joseph Da Silva headshot

Joseph Da Silva

CISO

RS Group

Security awareness can often be cliché. Many CISOs have implemented company-wide security awareness training once or twice a year, but is this effective? Not all business units are the same and a tailored, innovative approach is needed to deliver a culture and behaviour change. In this Executive Boardroom, CISOs will discuss different approaches to security awareness and explore ways to engage staff and change their mindset to see security in the same vein as health and safety.

Join this boardroom session to discuss:

  • Debating different approaches to dynamic and bespoke security awareness programmes
  • Keeping an adaptive security awareness programme in line with the pace of business change — accommodating staff turnover and business transformations
  • Overcoming cultural security awareness challenges from operating across a global footprint

15:30 - 16:15  Executive Boardroom

Maximising the Value of Your Security Investments

Tony Jowett headshot

Tony Jowett

CISO

ITV

Matt Mcbride headshot

Matt Mcbride

Head of Transformation

Tesco Mobile

James Edwards-Scott headshot

James Edwards-Scott

CISO

Williams Lea

Business leaders today are faced with two major challenges: an increasing number of attack surfaces and threats to cover and looming macroeconomic challenges. Cybersecurity is not an area where organisations can afford to cut back, but leaders are being asked to achieve greater results with the same or even fewer resources, including budgets, technology, and personnel. As security continues to grow as a critical business function, how can CISOs evaluate spending without compromising on risk?

Join this session to discuss:

  • Ways organisations are improving ROI on existing security investments
  • How leaders can translate risk into business outcomes for leadership and boards, enabled by security investment
  • How to overcome challenges security leaders face as they work to scale, grow, and innovate without sacrificing security

16:15 - 16:25  Break

16:25 - 17:00  Keynote

Stress and the CISO — Practical Strategies to Mitigate Burnout

Don Gibson headshot

Don Gibson

CISO

Kinly

Dr. Marcia Goddard headshot

Dr. Marcia Goddard

Chief Culture Officer, The Contentment Foundation

Guest Speaker

Within the security function, stress is a given. Between managing vulnerabilities, implementing new solutions, and navigating governance and company-wide risk assessments, it’s no surprise that security professionals — especially CISOs — are experiencing such high levels of burnout. In this keynote session, Don Gibson (CISO, Kinly) will share his own personal experience of Burnout and will be joined by Marcia Goddard (Chief Culture Officer, The Contentment Foundation), to walk you through why and how burnout occurs, signs to watch for, along with tricks and tips to help manage and reduce the potential of it happening to you.

In this keynote session Don & Marica will discuss:

  • How to recognise the signs and symptoms of toxic stress and burnout
  • How to remain engaged, energised, and focused during turbulent times
  • Methods to reduce stress at work and how to not let the stress overlap into personal lives

17:00 - 18:00  Closing Reception & Prize Drawing

17 October 2023

18 October 2023

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

The Landmark London
MORE INFORMATION

A block of rooms has been reserved at the The Landmark London at a reduced conference rate. Reservations should be made online or by calling 020 7631 8000. Please mention Evanta to ensure the appropriate room rate.

Deadline to book using the discounted room rate of £409 GBP (plus tax) is 25 September 2023.

Your Community Partners


Global Thought Leaders
CISO Thought Leader
Key Partners
Program Partner

Community Programme Manager


For inquiries related to this community, please reach out to your dedicated contact.

Luis Arango Abello

Senior Community Programme Manager

+44 (0)1784 267 880

luis.arangoabello@gartner.com