UK CISO Executive Summit

18 June 2019 , London Hilton on Park Lane

18 June 2019
London Hilton on Park Lane

Collaborate with your peers

Get together with your peers to tackle top business challenges through peer-driven content and discussions at the UK CISO Executive Summit.

Join your peers to discuss the most critical issues impacting CISOs today:

Investing in your people and the right technologies 

Innovating with advanced technologies and new delivery models

Influencing business stakeholders and enterprise outcomes

UK CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Co-Chairs

Elaine Bucknor headshot

Elaine Bucknor

Sky
Group CISO and Group Director Technology

Jared Carstensen headshot

Jared Carstensen

CRH plc
CISO

Luke Fairless headshot

Luke Fairless

Tesco Plc
Technology Director | Security and Capability

Bobby Ford headshot

Bobby Ford

Unilever
Vice President, Global CISO

Matt Gordon-Smith headshot

Matt Gordon-Smith

AngloAmerican
Head of Global IM Security | CISO

Simon Hodgkinson headshot

Simon Hodgkinson

BP International Limited
CISO

Paula Kershaw headshot

Paula Kershaw

HSBC
Regional CISO, Europe & UK

Ewa Pilat headshot

Ewa Pilat

Jaguar Land Rover
Global Chief Information Security Officer

Agenda


16 June 2019 - afternoon

18:30 - 21:00  Governing Body Welcome Reception

Governing Body Welcome Reception

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking. Join us at the Hilton Park Lane within the Wellington room, where attendees will enjoy dynamic discussions, fantastic wine and gourmet dishes whilst enjoying fantastic views of Hyde Park.

17 June 2019 - morning

08:00 - 08:45  Registration & Breakfast

08:45 - 09:00  Opening Comments

09:00 - 09:40  Keynote

How To Become A Thoughtfully Ruthless CISO

Val Wright headshot

Val Wright

Global Leadership & Innovation Expert, Author of Thoughtfully Ruthless

What is the greatest lesson Val Wright has learned from her research, writing, and speaking on the subject of innovation while working with executives from Starbucks, LinkedIn, Financial Times, and Google? Her experiences have shown that it’s not the economy, market conditions, or competition that’s holding your business back; the secret is locked inside how leaders ruthlessly, (in a thoughtful way,) manage their time, energy, and resources, in parallel.

Join Val for an interactive session where you will:

  • Learn how to magically invent more time and create additional capacity
  • Avoid burnout by becoming sensibly selfish protecting yourself and your team
  • Increase the probability that you will get promoted and deliver results by making the complex simple
  • Understand how to easily demonstrate your brilliance 

09:40 - 09:50  Networking Break

09:50 - 10:35  Breakout Session

The Future of Cyber Skills and Talent - The NCSC Perspective

Representatives From headshot

Representatives From

The National Cyber Security Centre

By 2020, there will be 2.93 million roles vacant in security. In the midst of this cyber skills shortage, organisations can no longer stand by waiting for others to act.

During this session, you’ll:

  • Learn more about the CyberFirst programme introducing young people and adults to careers in security
  • Understand how the government and businesses can work together to engage the talent of the future

09:50 - 10:35  Breakout Session

The Evolution of Cybersecurity Risk Ratings

Jasson Casey headshot

Jasson Casey

CTO

SecurityScorecard

Cyber risk ratings have steadily evolved over the last six years, shifting from scoring approaches using off the shelf vulnerability scanners to frameworks built with machine learning. Jasson Casey shares the evolution of developing scores – including initial ideas, setbacks and breakthroughs.

In this session, learn: 

  • The composition of a cyber security risk rating
  • How an enterprise IT team’s behaviour manifests itself to the outside world
  • How behaviour translates to cyber security risk for the business

09:50 - 10:35  Executive Boardroom

Identifying the Way Forward in IAM

Vijay Samtani headshot

Vijay Samtani

CISO

University of Cambridge

David Robinson headshot

David Robinson

Head of Global IT Security

Herbert Smith Freehills

How are your peers balancing business agility and business security in their identity and access management strategy? Join this roundtable discussion to benchmark your framework and vet future plans, and learn the most innovative tactics security leaders are using for IAM at their organization, including:

  • Methodologies that satisfy users while maintaining adequate access controls
  • Communication techniques to streamline acceptance of IAM across the business
  • Roadmaps for deciding what technology is the best fit

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact your event Luis Arango.

09:50 - 10:35  Executive Boardroom

Securing Agile Transformation

George Mudie headshot

George Mudie

CISO

ASOS.com

Lachlan George headshot

Lachlan George

Group CISO

Nando's

Justin Coker headshot

Justin Coker

Vice President, Europe, Middle East and Africa

Skybox Security

The business world is constantly being disrupted. New technologies are created to make services faster, more efficient and more convenient. As a result, many organisations are mandating aggressive ‘Digital Transformation’ and ‘Cloud First’ strategies from the boardroom. To stay on top, they need to evolve and innovate and do this quickly.

However, organisations need to be very careful with how this affects their security and risk posture. 

This session aims to discuss how: 

  • Organisations maintain digital resilience during transformation 
  • The CISO’s function can enable organisations to pivot quickly, innovate and take calculated risks
  • To ensure people, processes and technology are aligned, underpinned to a common strategy, have the big picture visibility and assurance of the risk to their technology mix 


Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

10:35 - 10:50  Networking Break

17 June 2019 - mid-afternoon

10:50 - 11:49  Peer-to-Peer Meetings

Peer-to-Peer Meetings

This is your opportunity to pre-book private face-to-face meetings with executive peers attending the Summit, using a private online portal running up to and during the event. Gain real, practical insights into what other companies and industries are doing, to take back to your boardroom.


Please note: This is for CISO attendees only. 

11:50 - 12:35  Breakout Session

Do's and Don’ts of Building a Hybrid SOC

Matt Gordon-Smith headshot

Matt Gordon-Smith

Head of Global IM Security | CISO

AngloAmerican

As the threat of security breaches continue to rise, creating an adequate hybrid SOC is no simple task. It requires the right tools, talent and skills in a single operations environment to stop attacks early. 

Join this session to learn how to:

  • Partner with third party providers and balance roles and responsibilities with in-house teams
  • Launch end-point detection, SIEM and vulnerability management capabilities
  • Define and manage detection and remediation processes across multiple companies

11:50 - 12:35  Breakout Session

Moving Beyond the Perimeter

Richard Meeus headshot

Richard Meeus

Director, Security Technology & Strategy

Akamai Technologies

Legacy, perimeter-centric security models have proven ineffective. They simply aren’t capable of safeguarding today’s mobile, agile, and hyperconnected workforce and business strategies. 

So how can executives maintain the integrity and defence of enterprise data, applications, users, and devices in today’s intensifying threat landscape? A zero-trust security model is necessary. Meeus will cover:

  • Why and how leadership teams must embrace a “verify but never trust” principle to preserve the health of their networks
  • By adopting a zero-trust security model, organisations can evolve, responding to both threats and business processes alike, with confidence and agility 

11:50 - 12:35  Executive Boardroom

Shaping a Resilient Security Posture in an Evolving Threat Landscape

Sam Smith headshot

Sam Smith

Head of Digital Risk & Security

Cadent Gas

Mark Patton headshot

Mark Patton

Vice President of Engineering

Malwarebytes

According to SANS Institute, only 47% of initial vectors of cyber-attacks are detected by antivirus tools. Security teams must assemble multiple security products to combat the gap in their security posture within the ‘new security perimeter’. Should there be a breach, teams often have limited capabilities to respond restricting overall organisational resilience to such an attack.

Join this session to discuss:

  • What is security resilience?
  • Is resilience a better measure for security posture when breaches are inevitable?
  • How to overcome performance and productivity limitations during an attack

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

11:50 - 12:35  Executive Boardroom

Building World Class Security Teams

Louis Botha headshot

Louis Botha

Global Director of Information Security and Data Protection

PageGroup

Stuart Robertson headshot

Stuart Robertson

CISO

Standard Life Assurance (Phoenix Group)

Talent needs are like security threats—plentiful, complex and ever evolving. This can make it tough to predict talent demands and know when (and how) to reskill existing talent. Bring your greatest talent challenges to discuss with your peers in this roundtable discussion on ways to: 

  • Identify and plan for future hiring needs
  • Reskill talent to evolve with the security landscape
  • Hire the right people

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

12:35 - 13:25  Networking Break

13:25 - 14:00  Keynote

Defence in Diversification and the Proactive SOC

Raja Mukerji headshot

Raja Mukerji

President & Co-Founder

ExtraHop

The rush to innovate has resulted in more sophisticated threat defences, but it has also created a complex web of tools that must be managed by an already overworked and understaffed security team. Heterogeneity of defence systems is itself a defence, so modern security teams need to approach consolidation differently. 

In this session, attendees will learn how:

  • Data-first approaches to security architectures illuminates natural consolidation points
  • Cross-collaboration within the IT organisation improves security posture and reduce tool sprawl
  • Leveraging other parts of the organisation improves security posture through smarter processes and practices

17 June 2019 - afternoon

14:00 - 14:15  Networking Break

14:15 - 15:00  Breakout Session

Prepare for a Major Cyber Attack

Ewa Pilat headshot

Ewa Pilat

Global Chief Information Security Officer

Jaguar Land Rover

Luke Fairless headshot

Luke Fairless

Technology Director | Security and Capability

Tesco Plc

Most CISOs feel comfortable managing the minor security incidents with standardised processes, but what about major incidents that shake the very foundations of your organisation like the NotPETYA attack? Such crises can be career changing. 

Join this workshop to:

  • Learn the basic building blocks of effective cybersecurity crisis response
  • Share challenges and best practices in managing major security events
  • Benchmark against your peers and identify lessons learned


Attendees must register for this session. Seating is limited to 50 people and priority is given to C-level attendees. 

14:15 - 15:00  Breakout Session

Protecting Your Organisations’ Very Attacked People

Ryan Kalember headshot

Ryan Kalember

EVP, Cybersecurity Strategy

Proofpoint

Attackers know it’s much easier to find someone who will click than to find a working exploit for a modern OS or browser. However, most organisations have very little idea which of their people receive sophisticated threats, targeted threats, or large volumes of threats. We call these targets VAPs (Very Attacked People).

This session will focus on:

  • How to identify who the Very Attacked People are within your organisation (probably not your VIPs)
  • Why and how VAPs are targeted
  • Meaningful steps a security leader can take to protect their VAPs

14:15 - 15:00  Executive Boardroom

Managing the Convergence of Global Data Regulations

Miller Newton headshot

Miller Newton

President and CEO

PKWARE, Inc.

Elaine Bucknor headshot

Elaine Bucknor

Group CISO and Group Director Technology

Sky

Paul Watts headshot

Paul Watts

CISO

Domino's Pizza

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organisations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organisations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

  • The current landscape of data privacy regulation around the world
  • Best practices for managing risk associated with data protection frameworks
  • Standards and metrics for measuring data protection risk
  • Data classification strategies to aid compliance, regardless of regulation

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

14:15 - 15:00  Executive Boardroom

The Future of the CISO Role

Simon Tong headshot

Simon Tong

Cyber Security Governance Manager

Schlumberger

Simon Hodgkinson headshot

Simon Hodgkinson

CISO

BP International Limited

Barmak Meftah headshot

Barmak Meftah

President, AT&T Cybersecurity

AT&T

The role of the CISO has changed dramatically over the past decade from an IT-focused role to more business oriented. What will the role look like a decade from now? What are the qualities that are key for the next-generation security leader? This interactive session gives you the chance to discuss:

  • What the future holds for CISOs in an evolving threat landscape
  • How to effectively partner with the business
  • What comes after being a CISO

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

15:00 - 15:30  Networking Break

15:30 - 16:15  Breakout Session

Security Awareness — Emotionally Engage Your Employees

Matt Broomhall headshot

Matt Broomhall

CISO

Lloyd's of London

You are only as strong as your weakest link. To ensure your organisation has the strongest defence against cyber crime and protects customer data, information security needs to be part of every employee's life. 

In this session, you'll hear about: 

  • How to establish the principle of business accountability for information security 
  • Golden rules of emotionally engaging security training and measuring effectiveness 
  • Benefits of gamification that encourage secure behaviours

15:30 - 16:15  Breakout Session

Security Transformation & What's Next – A Nationwide Case Study

David Calder​ headshot

David Calder​

CEO

Adarma

Matthew Rowe headshot

Matthew Rowe

CISO

Nationwide Building Society

Matthew Rowe, CISO, Nationwide Building Society and David Calder, CEO, Adarma presenting a partnership approach to Security Operations Centre effectiveness.

This session will include:

  • Things to consider when investing in new security controls
  • Nationwide end user case study - the journey to building an effective Security Operations Centre
  • Future plans and working towards maximising SOC effectiveness

15:30 - 16:15  Executive Boardroom

The Continual Shifting of Threats

Alison Dyer headshot

Alison Dyer

CISO

URENCO Limited

Simon Lambe headshot

Simon Lambe

Group Head of Information Security

Royal Mail Group

Ofer Israeli headshot

Ofer Israeli

CEO

Illusive Networks

Whether it’s cybercriminals motivated by profit or nation-state attackers with geopolitical motives, public and private organizations of all sizes have felt the impact of cyberattacks. Enterprise organizations are reeling from the onslaught of massively spread ransomware attacks to surgical pinpointed attacks on their assets from sophisticated state-sponsored actors. How can CISOs best face changing threat vectors?

Join this roundtable conversation to discuss:

  • The current threat landscape
  • How to best discover and thwart nation-state attacks
  •  What security executives can do to build resiliency

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Luis Arango.

16:15 - 16:30  Networking Break

16:30 - 16:55  Keynote

How to Create a Culture of Security on a Global Scale

Jared Carstensen headshot

Jared Carstensen

CISO

CRH plc

Whilst most organisations today successfully communicate their security plans, policies and procedures, many are not having ongoing, active discussions about information security with their entire workforce to develop a culture of security. It’s vital the business moves away from seeing security as the ‘people who say no’ and towards how security teams can help solve complex business problems.

In this TED-style talk Carstensen will share CRH’s journey to creating a secure culture for its global workforce, including how to:

  • Ingrain security into your organisation’s DNA to drastically improved security practices
  • Develop an effective security agenda adaptable for different countries, cultures and languages
  • Get buy-in from the board to drive the security culture from the top down

16:55 - 17:10  Closing Reception & Prize Drawing

17:10 - 18:00  Closing Comments

Location


Venue & Accommodation

London Hilton on Park Lane

Your Community Partners


Keynote Sponsor
Presenting Sponsors
Boardroom Sponsors
Session Host
Luxury Prize Sponsor

UK CISO Program Managers


For inquiries related to this event, please reach out to your dedicated program managers.

Laura Morris

+44 (0)7701 376839

laura.morris@gartner.com

Luis Arango Abello

+44 (0)1784 267 880

luis.arangoabello@gartner.com

Ryan Greig

+44 (0)1784 268 771

ryan.greig@gartner.com