Achieving Resilience

SC Congress 2018 puts the focus on what we can do to survive in this age of constant cyber-attacks by sophisticated adversaries with ever-evolving threats. We won’t win every battle, but surviving is winning the war, making it more difficult and expensive for our adversaries to breach our defences, then minimising the impact even if – or when – they do.
In addition to a multitude of networking opportunities, our 2018 Congress includes two Masterclasses and three Keynotes which will deliver a range of expert advice, best practice, tips and approaches to improve your security posture, from ransomware response and breach recovery plans to defending a company against a regulator bent on imposing a maximum breach fine. Interactivity will ensure delegates are able to get their issues addressed.

In addition we’ll have CISOs to regulators and law enforcement on our four panel sessions – covering multi-jurisdiction Regulation (including GDPR); Crime, and spotting what’s suspicious; Critical infrastructure under attack; and diversifying the workforce to close the skills gap.

We’ll also have nine industry-speaker sessions, sharing their expertise in three simultaneous strands so that you can choose the issues that are most relevant to your organisation.

Attendance is complimentary to qualifying delegates who must register in advance to be given free entry on the day.

Who attended

• Aardman • ACCA • Accenture • Aid to the Church in Need • AIG • AlixPartners • Aljazeera international • AMICULUM • Aptos • Aqua Ignis • AT&T • ATCORE Technology Ltd • Augentius (UK) Ltd • AXA-Insurance • BA • BAE Systems PLC • Bank of America Merrill Lynch • Bank of England • Barclays • BAT • BHT • Brambles • BT • BTGS • Capgemini • Centrica • Charities Security Forum • Charles Taylor InsureTech • Content Guru • Countrywide • DAIS • Deloitte UK • Dixons Carphone • Enstar • EOL IT Services Ltd • EPROCESS INTERNATIONAL S.A • Exponential-e Limited • EY • Ferguson Plc • Financial Conduct Authority • First Rate Exchange Services • Ford Motor Company Ltd. • FORTE ICT • HE • Historic England • HRG • Huawei Technologies Co Ltd • Huntswood CTC • I.B.R.S. Group Ltd • Imperial War Museums • Institute of Operational Risk • Intellectual Property Office • International Federation of Red Cross & Red Crescent Societies • Interoute • Investec • Iron Mountain Inc • ISSA-UK • Johnson Matthey • Kestrel Capital (East Africa) Limited • Kroll • Kurt Geiger • London Borough of Croydon • London Stock Exchange • Metropolitan Police Service • Ministry Of Defence • Motor Insurers' Bureau • Norfolk Community Health & Care • North Cumbria University Hospitals NHS Trust • Norwich University Applied Research Institutes • Olam Europe Ltd • Paragon Customer Communication • PCCW Global • PD Ports Limited • Peabody Trust • Pershing Ltd • PMO • Pret A Manger • Prudential • QBE Insurance • Raytheon Systems Limited • Regus Group Management Ltd • RGP • Shell • Six Degrees • Sky • Smart DCC Limited • Somerset County Council • TFL • Thales • The University of Nottingham • UBS • University of Greenwich • University of West London • UT Bank • Venator • Virgin Active • Vocalink Mastercard • Warwick SU Ltd • Weatherbys • Web Connectivity Ltd • White and Company plc • Winterflood Securities Ltd • WM Housing Group • Worldpay • Young & Rubicam Group (WPP) •

Surviving is winning

Cyber-resilience in the age of constant attack by sophisticated adversaries with ever-evolving threats


9.00am Welcome

9.10am Keynote Speaker - Neil Sinclair, London Digital Security Centre

9.25am Session one - Beyond compliance - Avoiding Fines & Achieving Security
Regulatory best practice, from GDPR and Safe Harbour to post-Brexit UK Law, how do you comply with conflicting regulation?
Moderator: Tony Morbin, SC Media UK
Speaker: Peter Brown, ICO
Speaker: Ailidh Callander, Privacy International
Speaker: Marco Cunha, Google Cloud
Speaker: Tim Hickman, White & Case
Speaker: Jeremy King, PCI DSS

10.05am Session two - What's really going on on your network?
What's really going on on your network - who and what does suspicious look like?
Prevent, detect, and remediate - minimise the impact of intruders and malicious insiders.
Moderator: Sarb Sembhi
Speaker: Tony Collings, ECA Group
Speaker: Philip James, Sheridans'
Speaker: Neil Sinclair, London Digital Security Centre
Speaker: Ed Tucker, DP Governance

10.50am Break out session A
Session 1: 4 Tips to Fight Insider Threats - Matt Lock, Varonis
Practical advice from industry experts on steps you can take to reduce your exposure to insider threats, one of the main sources of data breaches and cyber crime. Delivered by Varonis, an innovative data security platform that allows enterprises to manage, analyse and secure their data.
Session 2: Why email security is no-longer enough - David Staunton, Mimecast
The reality today is that email remains the #1 attack vector, threats are rapidly evolving, the world is moving to the cloud and regulation is strengthening. Learn why cyber resilience for email must be the backbone of your ability to defend and recover.
Session 3: How to Tackle the GDPR: A Typical Privacy & Security Roadmap - Kevin Kiley, OneTrust
As a new era of privacy regulations approaches, security and compliance professionals need to make GDPR a top priority. It is essential to build a roadmap with both privacy and security in mind. In this session, we’ll discuss the importance of privacy management within the context of your existing security and compliance ecosystem –– how it fits into the larger puzzle, why it has been precariously overlooked in the past, and how it can be seamlessly integrated as a function among the information security, information technology, risk management, audit and compliance, as well as legal areas in your organization. We’ll address the importance of demonstrating on-going compliance with privacy regulations like GDPR, and how privacy management software can support security and GRC teams.

11.20am Expo floor opens // Coffee break

12:00pm Break out session B
Session 1: How to Combat Email Attacks & Identity Fraud - Lars Postma, Agari UK
Email is the primary infiltration mechanism for the majority of cyber-attacks. To effectively combat these attacks, organisations need to understand the types of identity deception attackers typically prefer, the relative risk and cost of attacks to businesses and the likelihood of their success.
Session 2: Are You Ready for a Breach? - Jeroen Herlaar, FireEye
Breaches are inevitable, and their impact can be significant, as we are seeing on almost a daily basis. It is therefore important to be prepared for such an event. 14 years of being on the front lines of incident response has learned us valuable lessons we would like to share with organisations who wish to mature their resilience against today’s cyber threats.
Session 3: Managed Detection and Response. You know what it is… Or do you? - Joe Nelson, eSentire
• MDR - what it is and what it isn't • How MDR can assist with overcoming regulatory requirements such as GDPR • Why MDR is so effective when dealing with an ever-evolving cyber threat landscape as well as never before seen threats • Review of real-world cybersecurity attacks and how MDR stopped them in their tracks

12.30pm Masterclass - Recovering from Ransomware
Your ransomware defences failed - what now? Expert advice on remediation strategies to implement if the worst happens and you fall victim.
Speaker: Raj Samani, NoMoreRansom; McAfee

1.00pm Lunch

Keynote two: 1.00-1.30pm - Hacking demonstration - Is anything connected still safe?
The IoT is much more than many of us imagine, and as it continues to expand so do the routes for hackers and attackers to abuse and subvert all things connected.
In this session you’ll see how the lessons we learned hacking the humble IoT kettle can lead us to hacking much bigger aquatic ‘vessels’. Maritime industry systems are more vulnerable than you think. Learn how to make prawn espresso and much more.
Speaker: Tony Gee, Pen Test Partners

Keynote three: 1.30-2.00pm - The case for the defence - A pre-enactment of a courtroom drama coming soon after GDPR
How would you fare in the dock, defending your action in a data breach? A live role play simulation of a court case in the wake of a data-breach post-GDPR.
Judge: Gilly Crichton, TriTectus
Prosecution: Jeff Little, TriTectus


2.00pm Session three - Putting infrastructure on a war-footing
Our critical infrastructure is already under attack. From energy and transport to voting and hospitals, we are under attack by hostile governments. Should the state put us on a war footing and lead the defence? If so, what does that mean and how do we do it, and if not, what are the alternatives?
Moderator: Khaled Fattal, MLi Group
Speaker: Ian Glover, CREST
Speaker: Dr Kevin Jones, Airbus
Speaker: Pat Larkin, Ward Solutions
Speaker: Mike Loginov, IOTSA group / Ascot Barclay Group

2.40pm Break out session C
Session 1: Zero Trust Security – Never Trust, Always Verify! - Barry Scott, Centrify
As traditional network perimeters dissolve, we must discard the “trust but verify” model, which relied on a well-defined perimeter. Strengthen your security by implementing an “always verify” Zero Trust approach for users, endpoints, networks, servers and applications.
Session 2: Proactive data defence for digital transformation - Ian Greenwood, Thales
Digital transformation is business enhancing and fraught with danger. With services moving online and into the cloud, the result is a faster, more agile and open service for consumers and enterprises. However, this digital transformation is taking place in an increasingly precarious environment, more and more your corporate attack surface is being exposed.
With data breaches at an all-time high and incidents of identity theft risen by 57% in a year, consumers are questioning the security of their personal data held by organisations. The rise of cloud and the Internet of Things, has forced companies to take control of their data – regardless of where it resides and in addition, reputational damage caused by public breach is firmly on the agenda of the board.
This interactive session will consider:  Key security considerations for a digital transformation strategy and why a proactive data defence strategy is crucial as well as the benefits of maximising the level of control over data irrespective of where it is created, store or shared.
Session 3: How a military concept can help build your Incident Response programme - Andrew Yeates, IBM Resilient
In the current cyber threat landscape, organisations are looking at ways to respond as effectively as possible. This session will look at the role that can be played by OODA loops, a military concept developed to improve fighter pilots' abilities to respond in combat, it stands for Observe, Orient, Decide & Act. Companies can build these concepts into their Incident Response (IR) process to aid clarity of thinking and improve their ability to respond quickly and effectively to cyber attacks.

3.10pm Expo floor opens // Coffee break

4.00pm Masterclass - Best practice incident response plans under GDPR
What should you consider and include when putting your breach response plan together? This interactive session will allow delegates to contribute and share best practice.
Speaker: Dai Davis, Percy Crow Davis & Co

4.35pm Session four - Cyber-Security 2020 - a diverse workforce for a diverse threat
How do we tap into the talent pools that we are missing? From women who turn up their nose at tech, to the traditional 'home team' of teenage boys flirting with criminality, and the security pros and MBAs who want to manage information risk while avoiding code, how does cyber-security become inclusive and understandable to everyone else?
Moderator: Tom Reeve
Speaker: Adrian Davis, (ISC)²
Speaker: Amanda Finch, IISP
Speaker: Jane Frankland, KnewStart
Speaker: Colin Lobley, Cyber Security Challenge

5.15pm Expo floor: Drinks Reception

5.40pm Passport to prizes
Collect stamps at each exhibitor to enter a free draw for exciting prizes - winners announced on the day.

6.30pm Doors close


Sponsorship Opportunities

How can you be a part of all this?
SC Congress London will once again attract 250+ Cyber-security and risk management decision-makers from across every major business sector and is hosted at the ILEC Centre, Earl's Court. Attendees will gain the latest insights from leading experts, engage in debate about the most pressing issues in cyber-security and experience first hand, the latest cutting-edge solutions from exhibitors within our robust exhibit hall.

With live, focused events in the Cyber security market now playing a very important role in helping you find and connect with new prospects, you can be sure that by including the SC Congress London 2018 in your schedule you are making the right choice for your company. Brought to you by SC Media, the event provides sponsors with not only the best content and speakers, but also an audience profile that will match your requirements, and all from an industry brand which is trusted and respected globally.

2017 highlights


ILEC Conference Centre, 47 Lillie Rd, Fulham London SW6 1UD, UK
Situated a few minutes walk from Earls Court and Olympia Exhibition Centre, ILEC Conference Centre is a perfect base for business travelers. Its close proximity to the shopper's paradise of Kensington and Knightsbridge and the stylish cafes and boutique of Chelsea also makes it a great place for leisure visitors to stay.

Public transport: London Underground
West Brompton and Earls Court stations are both within walking distance giving easy access to all central district of London and Heathrow Airport.

ILEC is a quarter of a mile (400m) from the A4, providing easy access to the M4, M5 and M40.

There is a car park in the basement of the hotel with 140 parking bays.

Contact Us

Stay Connected