IN-PERSON

UK & Ireland CISO Executive Summit

16 May 2023 | Royal Lancaster London

16 May 2023
Royal Lancaster London

Governing Body Agenda Location Partners Contact

Co-Chairs

Imran Ali

Compass Group
Group Chief Information Security & Technology Officer

Matt Broomhall

Lloyd's of London
CISO

Jared Carstensen

CRH
CISO

Luke Fairless

Tesco Plc
Director, Technology (Security Program & Capability)

Paula Kershaw

Barclays
Chief Controls Officer, Cyber & Resilience

Sarah Lawson

University College London
CISO

Ewa Pilat

DWS Group
Group CISO

Helen Rabe

BBC
CISO

Yolande Young

bp
CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your UK & Ireland CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

15 May 2023

afternoon

16 May 2023

morning mid-afternoon afternoon

18:00 - 21:00 Governing Body Welcome Reception

Governing Body Welcome Reception

Please join the Summit’s Welcome Reception, an exclusive networking reception for all CISO attendees to launch the event with an evening of drinks, gourmet food stations, and plenty of peer networking at The Orangery, Holland Park, London. A hidden gem located in one of London’s most beautiful settings, situated within the grounds of Holland Park.

08:15 - 09:00 Registration & Breakfast

09:00 - 09:45 Keynote

Reflecting on Cyber Security Transformation

Kevin Jones

Global CISO

Bayer

The expectations of a CISO are rapidly evolving in an industry that is equally fast-paced, and where there is no universal approach for deploying and implementing cyber security. From the perspective of a global multi-national CISO, this keynote will reflect on the key challenges and decisions facing a CISO today and tomorrow.

Having led a major cyber security transformation, Kevin will address:

Lessons learnt from a major cyber security transformation
The emerging trends in the industry for the short, medium, and long-term influences and innovations
Overcoming transformation challenges – culture, budget and stakeholder buy-in

09:45 - 10:00 Break

10:00 - 10:45 Breakout Session

Seeing the Bigger Picture – Three Practical Approaches to Achieve Success

Simon Goldsmith

Director of Information Security

OVO

CISOs and security professionals can often ignore the bigger picture when trying to learn from mistakes that can have led to incidents. Simon Goldsmith (InfoSec Director at OVO) believes that for information security to be successful, it requires that we recognise the essential but limited role of information security. Security needs to be viewed in the context of both short and long-term business performance. In this session, Simon will share his view on the state of the industry and cover three tactics which will make success more likely by seeing the bigger picture.

Simon will explore:

How intent is important but be practical – focusing on tangible outcomes
The need to balance both care and challenge – creating a safe space to cultivate security proficiency
Investing time in those who perceive a need to change

10:00 - 10:45 Breakout Session

Cybersecurity Has a People Problem. Learn How to Solve It

Daniel Potter

Director of Operational Resilience

Immersive Labs

Clem Craven

Head of Cyber Workforce Advisory Services

Immersive Labs

With over 82% of cybersecurity breaches involving the human element, it’s clear that current training approaches are not working. Traditional methods rely on static tools and outdated certifications to assess workforce cybersecurity capabilities – approaches that create blind spots and vulnerabilities. To combat this lack of visibility, organisations must employ new methods to assess, build, and prove cyber capability and resilience.

Join us to discuss:

Measuring and benchmarking cybersecurity capabilities
Developing a people-centric cybersecurity culture across roles and responsibilities
Implementing dynamic, real-world training and upskilling practices

10:00 - 10:45 Executive Boardroom

How CISOs Should Navigate the Challenges of Cyber Risk Reporting to Better Demonstrate ROI

Mike Heredia

Vice President EMEA & APAC

XM Cyber

Sarah Self

UK CISO

Aviva

Just how elevated have the cybersecurity stakes become for today’s organisations? As a CISO, communicating what’s at stake, the associated risks and the ROI of security programs is a critical success factor in gaining buy-in for your cybersecurity strategies and securing investment. But how can you clearly demonstrate to the board that your investments are paying off and that your protection levels are increasing?

Join this boardroom to discuss:

The metrics that will impact key decisions on budget, resources, and overall security posture of the organisation
Reporting risk to the board in a way that avoids misunderstanding and ‘worst-case scenario’ cyberattack outcomes
Demonstrating the ROI of security programs to demonstrate how security investments are paying off

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

10:00 - 10:45 Executive Boardroom

Everywhere Security: Discover the Advantages of a Unified Security Platform

Trey Guinn

Field Chief Technologist

Cloudflare

Simon Langley

CISO

ASDA

Imran Ali

Group Chief Information Security & Technology Officer

Compass Group

Employees, applications, and infrastructure exist everywhere today – across geographies, cloud environments, and hybrid work settings. Managing this sprawling attack surface is challenging, and the wrong IT and security strategy can add complexity, inhibit productivity, and ultimately hold your business back. In response, many enterprises are pursuing modern Zero Trust and SASE architectures to deliver unified, consistent, and fast protections – everywhere.

Join this session to discuss:

Use cases to prioritise when getting started with Zero Trust or SASE
Common challenges and best practices to overcome them
Business and architectural principles to navigate long-term security modernisation

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

10:55 - 11:15 Peer-to-Peer Meetings

Peer-to-Peer Meeting 1

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:20 - 11:40 Peer-to-Peer Meetings

Peer-to-Peer Meeting 2

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45 - 11:45 Networking Break

11:45 - 12:30 Breakout Session

Advancing Mergers and Acquisitions Integrations with Identity

Philip Hoyer

Field CTO EMEA

Okta

Tony Jowett

CISO

ITV

In today’s competitive environment, an organisation’s ability to execute successful mergers and acquisitions (M&A) has become a key differentiator. Yet the public nature of an M&A increases the potential for ransomware attacks. An organisation's ability to consolidate identity and access management (IAM) quickly during an M&A process can be a key tool in increasing the agility of an M&A and therefore reducing exposure to attacks. In this fireside chat, we will walk you through a successful M&A, where identity was quickly synchronised, leading to a secure M&A.

Join this fireside chat to discuss:

M&A identity tales – best practices and lessons learnt
Simplifying joiners, movers and leavers from two organisations
Addressing Shadow IT and third-party access during an M&A

11:45 - 12:30 Breakout Session

Breaking Down Silos with SASE: How CISOs are Driving Digital Transformation

Gil Azrielant

Co-Founder & CTO

Axis Security

Paul Simmonds

CEO & Co-founder

The Global Identity Foundation & Jericho Forum

Despite the challenges posed by organisational and technological silos, the modern CISO is stepping up to the plate. Impactful digital transformation through intentional technology decisions can minimize organisational obstacles.

Join this fireside chat to discover:

Embracing digital transformation to stay competitive and secure in today's business world
Leveraging SASE to simplify your security architecture, level-up compliance monitoring and improve visibility
Driving meaningful change with a holistic approach that considers not just security, but also organizational culture, processes, and people

11:45 - 12:30 Executive Boardroom

Staying Ahead of Cybercriminals in Times of Headcount Freezes & Budget Cuts

Marten Mickos

CEO

HackerOne

Dane Warren

CISO

Intertek

Almost every enterprise CISO is facing headcount freezes or budget cuts, often both. But attack surfaces and software supply chains keep growing, and threats are continuously evolving, creating the perfect recipe for cybercriminals to strike. With more to defend, and with fewer resources, how do you stay ahead?

In this boardroom, we’ll all share insights and best practices to identify what you can stop doing, what you can do more of, and what you can achieve with outside help. We’ll discuss the security vulnerabilities that need to be considered across your expanded attack surface and the innovative approaches you can take to maximise your cybersecurity budget and drive up your resistance to attack.

Join this Executive Boardroom to discuss:

How attack surfaces are evolving and the challenges it poses
How to pinpoint the most critical flaws and prioritise what to fix and why
What to stop doing, and what to double down on, to maximise your security budget
The most innovative and impactful approaches to drive up your resistance to attack

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

11:45 - 12:30 Executive Boardroom

A Fresh Look at API Security

Jason Kent

Hacker In Residence

Cequence Security

Mike Backinsell

Global Deputy CISO

Manpower

APIs fuel digital transformation and are core to every SaaS, web and mobile application. As API use attacks are becoming more frequent and complex, how can CISOs ensure protection for sensitive data, applications, and customers?

Join this boardroom to discuss:

How to gain visibility to understand exposure and risk
Ways to answer the “so what” for API security, including OWASP API Top 10 impacts
How security and development teams can find balance

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

12:30 - 13:30 Lunch Service

13:30 - 14:00 Keynote

Emerging Trends and Recommendations in Supply Chain and External Cyber Defence

Robert Hannigan

Chairman

BlueVoyant

To stay one step ahead of an ever-evolving landscape of threats, modern organisations must look outside traditional IT perimeters and embrace external defence to understand the full scope of risks they face. Join Robert Hannigan, Chairman at BlueVoyant as he shares insights from the recent BlueVoyant report on external cyber defence trends, including the perspective of threat actors, what they might look to exploit and how enterprises can defend themselves. This session will cover:

The evolution and adaptation of attacker tactics, techniques and procedures
How to empower CISOs to be “threat informed” and take action quickly
Recommended remediation and mitigation advice organisations should take to protect against threats

14:00 - 14:15 Break

14:15 - 15:00 Breakout Session

Reporting Risk Metrics to the Board – Show and Tell

Sarah Lawson

CISO

University College London

Ash Hunt

Global CISO

Apex Group

Simon Tong

Cyber Security Governance Manager

SLB

Ransomware attacks and other cyber threats have become a key business risk and the CISO’s role in reporting this risk to the board remains a critical area of discussion. As such, risk metrics play a pivotal role in shaping the outcomes of board interactions. In this interactive session, CISOs from different organisations will present short “board pitches” covering what metrics they report to their boards, followed by an open discussion.

In this conversation, you will hear about:

The different types of metrics CISOs use to quantify risk
How to reduce complexity to reach successful outcomes
Best practices to gain the board’s confidence and boost your profile

14:15 - 15:00 Breakout Session

Attack From Hell: The Anatomy of a High-Impact Attack

Azeem Aleem

Managing Director, Northern Europe

Sygnia

Yossi Barishev

Senior Enterprise Security Expert

Sygnia

In recent years, the Sygnia Incident Response Team has handled numerous nation-state attacks that employed unique attack techniques and posed new challenges to security leaders and incident responders.

In this talk we will guide you through the anatomy of a real-world high-impact attack we recently responded to including insights into attacker TTPs and processes, as well as effective response procedures. This case study will highlight the common pitfalls and key opportunities when defending against even the most sophisticated attacks.

You will come away with:

A deeper understanding of current attack trends
Actionable insights into the risks and vulnerabilities exploited by attackers targeting highly complex environments
Effective defense strategies employed by leading organisations worldwide

14:15 - 15:00 Executive Boardroom

Security Awareness in the Era of Cloud - Strategies to Cope with New Cloud Native Technologies

Nicolas Corrarello

Director of Solutions Engineering

Wiz

Adam Saunders

Head of Information Security

Bourne Leisure

Michell Martins

CISO

Scania

The adoption of cloud-native technologies by businesses has been a significant challenge for CISOs, as it requires adapting to new security risks and maintaining security in a rapidly changing environment. However, many CISOs are adapting to these challenges by implementing new strategies and technologies to secure cloud-native applications and infrastructure.

In this Executive Boardroom, we'll discuss:

With the number of cloud threats increasing and the adoption of cloud-native technologies, what are the key challenges and risks that CISOs are facing
The importance of correlation across the entire cloud environment to prevent attacks or minimise their impact
What strategies are CISOs adopting to transform and secure their cloud security operation model

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

14:15 - 15:00 Executive Boardroom

Leading a Cultural Mindset Change: DevSecOps & Secure by Design

Ian Snelling

Senior Security Leader

Skipton Building Society

Andy Hodgson

CISO

MS Amlin

Companies come with different baggage and mindsets towards cybersecurity. Changing employees’ attitudes in a meaningful way is an ongoing challenge and manifests in different ways across business units. Cyber consistency is key to maintaining a resilient security posture, but one size does not fit all.

Join this Boardroom to explore different approaches to making a meaningful cultural change:

Understanding the ‘how’ of a meaningful cultural change
Successfully implementing a DevSecOps approach
Maintaining a robust security culture with a distributed workforce and employee turnover

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

15:00 - 15:30 Networking Break

15:30 - 16:15 Breakout Session

Carrot or the Stick – Sharing Different Consequence Management Frameworks

Neil Bennett

CISO

UK Home Office

Tammy Archer

CISO

Inchcape

Karen White

CISO

Direct Line Group

Organisations’ security awareness budgets are rising as the need threat landscape grows across an increasingly distributed workforce. But after an employee has completed their awareness training, what is the appropriate consequence for someone failing to adhere to your cybersecurity policies? Consequence management is a key component in encouraging the correct cyber behaviour and deciding how strict the consequences should be is a complex question. In this panel session, CISOs from different companies will share their consequence management frameworks, followed by a discussion.

Join this session to discuss:

Who should have the responsibility to enforce consequences
Different approaches to consequence management – what has been successful
Sharing best practices and lessons learned

15:30 - 16:15 Breakout Session

Achieving Transformational Security Improvements with the Enterprise Browser

Uy Huynh

VP Solution Engineering

Island.Io

The browser is one of the most widely deployed applications in the enterprise and has also become one of the most strategic – yet this application was never built or designed for the enterprise, as it’s unapologetically based on consumer needs and preferences. Join this session where Uy Huynh (VP of Solution Engineering, Island.Io) will ponder what if the browser was designed for the enterprise, share a live demo and ask what could this do for security, productivity and work itself.

In this session, we will share details on:

Creating an employee experience centered on productivity and flexibility
Reimagining how CISOs can enable users while creating unique business value
Reducing browser risk by improving control, governance and security

15:30 - 16:15 Executive Boardroom

Stress Management Strategies for Effective Leadership

Don Gibson

CISO

Kinly

Scott Balneaves

CISO

GXO Logistics

Uju Onyeka

Information Security and Privacy Manager

ACCA

A CISO’s world is complex, challenging and often exhausting. If you’re not dealing with vulnerabilities or implementing and managing security solutions, you’re navigating governance and company-wide risk perspectives. When do CISOs get a chance to breathe and beat the fatigue?

Join this peer-led Boardroom to discuss:

Understanding the critical role CISOs can play in stress management for themselves and their employees
Exploring how trust and openness with your team can improve well-being and mental health
Actionable takeaways on how to manage stress within the workplace

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

15:30 - 16:15 Executive Boardroom

Driving Business Growth Through Effective TPRM

Aris Matthidis

Group CISO

Tokio Marine Kiln Group Limited

Chris Richards

CSO and CISO

AWE

Toks Oladuti

DG CISO

Dentons

It’s been a long-term goal of security teams to reframe how they are viewed within the enterprise, from being seen as merely a cost centre to enablers of secure business growth. Effective third-party risk management (TPRM), when done right, can promote business growth while providing much-needed security, whether you are responding to due diligence requests or providing security approval for new vendors.

Join this session to discuss:

Executing the right level of safeguards and security domains to accelerate business outcomes
Increasing visibility of the vendors in use to drive efficiency and identify risks
Creating a cultural mindset change to consider third-party risk as a necessary requirement of secure business growth

To reserve your seat, please contact:

Luis Arango Abello at +447736473727 or luis.arangoabello@gartner.com

16:15 - 16:20 Break

16:20 - 17:00 Keynote

Inside the Vipers’ Nest – Shedding Light on the Hackers’ Tactics to Improve Our Defences

Geoff White

Author and Investigative Journalist

Guest Speaker

As cybercriminal organisations become more aggressive and prolific, they also reveal more about themselves. How can we use these insights to inform our response?

Author and Investigative Journalist, Geoff White has spent years covering tech security for some of the world’s largest media organisations. In this session, he will examine how leaks, infighting, brazenness and desperation in the cyber underworld can yield valuable insights for defenders.

In this closing keynote talk, Geoff will discuss:

Uncovering the inner workings of the cyber underworld
Exploring how cybercriminals are revealing their hand as they engage in illicit activities
Evaluating what this new information on cybercrime means for CISOs and their organisations

17:00 - 18:00 Closing Reception & Prize Drawing

15 May 2023

afternoon

16 May 2023

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location

Venue & Accommodation

Royal Lancaster London

A block of rooms has been reserved at the Royal Lancaster London at a reduced conference rate. Reservations should be made online or by calling +44 020 7551 6000. Please mention UK CISO Executive Summit to ensure the appropriate room rate.

Deadline to book using the discounted room rate of £360 GBP (plus tax) is 26 April 2023.

RESERVE ROOM