Breakfast Briefing

​

08:20    ​Ransomware, Resilience, and Regulation: Preparing for the Next Wave of Threats​

​

• Rising Ransomware Threats: Retail and other critical sectors face increasing ransomware attacks, causing major disruption and data loss

• Breach Analysis & Lessons:  High-profile incidents, common vulnerabilities, and cross-sector takeaways

• Cyber Resilience Bill Impact: How the UK Cyber Resilience Bill will affect governance, risk, and response strategies

• Building Resilience: Practical steps to improve cyber hygiene and resilience using threat intelligence beyond compliance

​

Jack McCurley, Intelligence Advisory Consultant, Recorded Future

​

SESSION 1

The opening plenary session will consider some of the key changes currently facing security leaders; looking at the increasing complexity of the threat landscape, the challenges and opportunities of AI, and balancing strategic ambition with organisational reality.

​

09:15    Welcome and Introduction

​​

Mark Stephen, Journalist & Broadcaster

​​

09:25    Odd SOCs: Platform Scale Security Operations in an Evolving Threat Landscape

​

• A walk from the humble beginnings of home computing to the AI-assisted adversaries of today

• Uncovering a birds-eye view of the latest attack trends

• Drilling down into how platform scale security can help or hinder you

• What you can do to set up for success

​

Angie McKeown, Sr CloudSOC Engineer, Microsoft 

​

09:50    The AI Integration Problem: Making it Work for You

​

• AI is not just a "bolt on", it can be used in security day-to-day in a range of contexts...

• Distilling threat intelligence reports and condensing information that is specifically relevant 

• Summarising meetings, conversations, notes, complex papers & reports

• Risk assessments, Monte Carlo simulations, Threat modelling

• Thinking about safety and confidentiality, private and local LLMs

• Some opensource facilities to help get you started

​

Euan McGregor, Sr Manager: Cyber Security, Ashurst 

​

10:15    The Road Ahead: Considering the Future of a Flexible, Secure & Productive Digital Workplace

​

• How our visions for the future workforce differ from today’s actual landscape

• How accumulated tech debt is hindering both innovation and productivity

• The rationale behind applying traditional approaches to contemporary challenges

• Rethinking our strategies with a strong focus on the end user’s needs and satisfaction

​

Matthew Smith, Security Engineer, Island

​

10:35    Q&A​

11:00    Refreshments & Networking

SESSION 2

Session 2 will explore a series of key topics in a longer presentation format. The session will be run in a breakout format across four parallel streams, providing delegates the opportunity to attend two options.

​

11:35    First Breakout Option (A-C)

​

A. Skills Panel: Navigating the Challenges of the Cyber Skills Landscape​

​

There has been a marked slowdown in cyber recruitment, yet reports are consistently showing a significant skills gap, with many organisations struggling to adequately resource their security teams. The panel will discuss how we can navigate the current challenges and improve support, upskilling, and access.

​

• Jude McCorry, CEO, Cyber & Fraud Centre Scotland 

• Richard Grey, CISO, Bright 

• Ray Fenton, Head of Information Security Office, OVO 

• Nikola Kelly, CEO, Be-IT 

​

B. Insider Threats in an AI-Powered World 

​

• Redefine the insider

• Reveal bind spots caused by trust

• Detect intent early

• Proactive strategies

 

Findlay Whitelaw, Security Advisor & Insider Threat Specialist

 

C. Beyond Privileged Accounts: Identity Security for Today’s Dynamic World

​

• Despite increasing budgets and stricter compliance mandates, cyber risk continues to rise

• Identities are a primary target, with attackers exploiting hidden Paths to Privilege to gain unauthorized access

• Managing elevated permissions in hybrid environments is complex, and traditional PAM tools - focused only on privileged accounts - often leave security gaps

• This session explores how modern, identity-focused PAM secures all users, reduces risk, and simplifies access to enhance both protection and productivity

​

Lee Elliott, Sr Director Solutions Engineering, BeyondTrust

​​​

12:10    Transition
12:15    Second Breakout Option (D-G)

​

Breakout options include:

​

D. War Stories from 150k Production Cyber Attacks: Legacy Offense misses the modern Threat

​

• Outdated by Design: Traditional pentests provide a one-time snapshot — often stale by the time the final report is in hand

• Limited Scope: Static, point-in-time tests can’t keep pace with constantly shifting attack surfaces and evolving threats

• Reactive, Not Preventive: Too many organisations are learning about their weaknesses after a breach, rather than continuously exposing and fixing exploitable attack paths

• A New Approach: Autonomous Pentesting: Scalable, continuous, and grounded in real-world adversary behaviour - autonomous pentesting delivers offensive security that thinks and acts like an attacker, every day

​

Keith Poyser, VP EMEA, Horizon3.ai

​

E. Compliance at a Crossroads: Why the Old Way No Longer Works

​

• The regulatory landscape is evolving rapidly, making traditional compliance methods unsustainable

• Businesses face growing complexity from increasing legislation, expanding control frameworks, and intensified stakeholder scrutiny

• Manual, checklist-based compliance approaches are no longer adequate in this environment

• This session addresses the changing compliance landscape, challenges of maintaining audit readiness, and the need for modern, automated solutions

​​

George Perkins, Solutions Engineer, Drata

​

F. The AppSec Maturity Trap (And How to Overcome It)

​

• Many AppSec programs stall despite having tools, dashboards, and scans in place

• Vulnerabilities pile up, developers disengage, and security slows everything down

• This session tackles why maturity plateaus and how to fix it without added friction

• Expect practical insights—not theory—on aligning teams and measuring real progress

​

Boaz Barzel, Field CTO, OX Security

​

G.  Beyond Box-ticking: Building Operational Resilience for Growth and Adaptability

​​

• Understanding the real challenge and opportunities: looking beyond preconceptions

• Resilience as a continuous maturity journey with competitive advantage as a goal

• Why putting people at the centre of your strategy is critical

• Practical steps for working out where to begin

 

Jonathan Smith, Cyber Security Lead, Sword

​

12:45    Lunch & Networking

​

​

SESSION 3

The afternoon session will focus on the human side of security. We will look at mindset, performance, culture, training and user experience - and what we can do to improve effectiveness and security outcomes.  

​

13:35 Breakout Selection (H-J)

​

H.  How to Scale Your Cybersecurity Function

​

• Leveraging startup mindset

• Building a high performing team

• Effective use of GenAI and LLM

• The role of automation and tooling

 

Rachael Coull, Fractional CISO & Executive Lead for Scotland, WiCyS

​

I. Cyber Security Exercising - What, When, Who

​

• Exercising's historic and military background in a strategic context

• Exercising standards and guidance from the NCSC

• Who is it for?  What are the different types of exercise

• What will the participants get out of the exercise

• Public sector exercising Cadre

 

David Ritchie, CISO: Digital Office, Scottish Local Government

J. Identity Fraud is Rising: Why is the Consumer Left out of the Solution?

​

• What are the trending methods for identity extraction and the growing threats for organisations

• How can we start to mitigate these better

• What is Cifas doing to tackle the rise

• How can we involve but also educate the consumer at the same time

​

Charlotte Sadd, Strategic Market Development Lead, Cifas

​

14:05    Transition to Main Hall

​

​14:10     A User Centric Approach to Cybersecurity

​​

• Context:  Cybersecurity is a domain primarily dominated by operations and engineering teams. As a result, user experience, a multi-disciplinary field that encompasses anthropology, psychology, HCI, and design, brings a unique perspective and specialism to improving cybersecurity processes

• Understanding through in-depth research: User experience research and artifacts uniquely understanding of security behaviour, from users of tools such as analysts and application owners to mapping complex operational processes

• Outcomes: UX best practice and how they augment security

 

Nazima Kadir, Global Head of UX: Cybersecurity, JP Morgan 

​

14:35    The Evolution of Security Leadership

​​

• The times, they continue to be a changing

• What do leaders need to do to ensure our teams are effective in ever more challenging environments?

• From prohibitive to supportive, secret to all pervasive, rigid to flexible...

• How the industry has changed over the last few decades - and what I think we need to be doing for the future

​

Rory Alsop, Head of Information Security & Cyber Risk, Tesco Bank

​

15:00   Combined Q&A

15:20    Closing Remarks

15:25    End of Programme

 

​
Networking Drinks Reception

​

15:30    Networking & Drinks Reception

16:30   Close of Conference​

 

*The conference agenda is provisional and subject to change.