UK & Ireland CISO Community
Executive Summit

Complex, high-pressure and stressful. Three words that many CISOs use to describe their role in improving their organisation's security posture. As the pace of change ever quickens, it's vital to question what the role of the modern CISO should look like, and if the role can be sustained under these current demands. Can you remain productive at this level of pressure for the next 5, 10, or even 20 years? Should the CISO be on the management board, moving to the ‘proper C-suite’? What skills are you missing for the next step? In this keynote address, Naina Bhattacharya Group CISO at Danone will explore these essential questions.

Join this keynote where Naina will discuss:

• CISO as a technologist — where should the CISO focus be spent on, technology or management?
• CISO as a business enabler — how is the role evolving into a key business contributor and leader within the business?
• CISO as a storyteller — how can the CISO use storytelling skills to be seen as a thought leader and innovator?

As enterprises rapidly accelerate their digital initiatives, CISOs are tasked with striking a delicate balance between implementing the right structures and strategies to safeguard your organisation's assets and delivering services and applications faster than ever before. Join this interactive session for a conversation among peers, where you’ll share insights on the rationale behind your operating models and explore how you can leverage your unique perspective and expertise to drive innovation and secure your organisation's future.

Join this session to discover:

• Sharing how you are evolving your operating model to deliver better speed, agility and security while optimising cost savings  
• Assessing how your business unit may evolve in line with new technological innovations
• Positioning your team as security advocates and demonstrating business value

Compliance vs. security. Compliance and security. The dichotomy between compliance and security persists, yet their convergence remains a strategic imperative and has never been more paramount. Amid the time invested in regulatory engagement, the perception that compliance drives security strategies gains prominence. Compliance forms a baseline but as the threat landscape continues to evolve at an ever-increasing pace, we must convince the board to continue to invest beyond the baseline.

In this session, Benedict Olaoya, (CISO, SGN) and Adenike Cosgrove (VP EMEA Marketing, Proofpoint) will delve into the symbiotic relationship—the dance—between cyber resilience, regulatory compliance, and continued investment once compliance goals are met.

Join this session to:

• Explore the intricate relationship between compliance and cyber resilience — fortifying your organisation's defences against emerging threats
• Examine how compliance obligations can enhance proactive security change
• Discuss methodologies and approaches to negotiating with the board to secure security investments

Third-Party Risk remains a key priority for CISOs globally, as dependence on third-party services continues to escalate. In today's age of perpetual digital transformation, organisations are heavily reliant on third-party services. However, given the escalating frequency of breaches among third parties, it is crucial to evaluate how this risk is evolving and for CISOs to stay ahead of the threat curve.

Join this session to discuss:

• Assessing how the Third-Party Risk landscape is developing
• Discussing methods for CISOs to better collaborate on how vetting suppliers
• Debating who should be on the hook for a breach, where should the responsibility fall

Translating the organisation's cybersecurity posture to the board can be a catalyst in improving organisational resilience and building strong rapport. How do you communicate security initiatives clearly when the stakes are high?

Join this session to discuss:

• Leveraging your expertise to build trust
• Demystifying cybersecurity spending
• Translating cybersecurity into actionable language

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

The Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) is an essential tool for managing cyber risks. It offers a comprehensive approach that helps organisations identify, assess, and handle cybersecurity threats more effectively. Despite its widespread use, the framework is often overlooked and deserves further exploration, particularly from the perspective of a seasoned CISO like Derek Cheng, who has been implementing it for many years. In this session, Derek Cheng, the CISO at Deliveroo, will share his insights into the framework's strengths and weaknesses.

Join Derek, where he’ll unpack the NIST Cybersecurity Framework:

• Lessons learned from NIST adoption — what you need to be cognisant of when implementing NIST
• Considering why NIST may be the best framework for you 
• Addressing NIST’s shortcomings — managing complexity and budget constraints

The threats are constantly growing and so are the costs. Protecting endpoints is one of the many challenges faced by CISOs. Faced with continuously evolving attacks, CISOs must now escape from this quagmire and make game-changing improvements in cybersecurity and administration to prevent cyberattacks and ransomware. Every endpoint could provide an attacker access to the corporate network, but IT organisations today can capitalise on several layers of control to ensure stronger security and operations, whilst ensuring productivity is not compromised. Join this session to discuss:

• Rethinking your capabilities for strengthening endpoint security and simplifying endpoint management
• Looking at defence in-depth, securing devices as well as connections, and creating innovative multi-layered defences at different levels
• Striking the balance between effectively protecting the enterprise without compromising the overall productivity of users

Effective application security (AppSec) requires developers to play a critical role. However, they often face the challenge of balancing productivity with security and resisting top-down solutions. Not understanding this can create friction, and lead to a negative impact on developer experience, engagement and overall output. To establish a long-term successful AppSec framework, it is crucial to engage with developers early and frequently.

Join this Executive Boardroom and leave with actionable insights on:

• Best practices on improving collaboration between DevOps, Security and Technology teams — accelerating secure applications and transformations
• Case studies on improving developer experience and engagement to maximise the value of AppSec
• Recasting AppSec teams as security facilitators and maintaining oversight of the developer teams’ security efforts

Sure, your SOC’s strength is the make-or-break factor when it comes to threat detection, but that’s simply the beginning. With the right security operations culture, you can increase efficiencies and, through that, drive the business forward.

Join your C-level peers for:

• An interactive conversation on winning security operations strategies
• A chance to measure your security operations program against those of your peers
• A proactive approach to keeping your business ahead and risk free