Over the last 12 months cybersecurity has shot up the boardroom agenda to become one of the top priorities. The pandemic and a home based workforce has provided the opportunity for businesses to recognise the value of IT and cybersecurity teams. As we move forward to hybrid workforce, this will only continue to grow as businesses are reminded that whilst not revenue generating, cybersecurity is revenue protecting and securing function crucial for every business. 

Hosted virtually across two days, the SC Annual Digital Congress 2021 provided a platform for cybersecurity leaders to come together for a mixture of thought leadership and strategy sharing panel discussions, as well as workshop style sessions with actionable takeaways for you and your business. 

In association with

Developing your capabilities & competency in cyber security 


23 - 24 June 2021


Online via our virtual platform

Event accredited by the CPD

Key Highlights

4 reasons you should have been there

Variety of Sessions and Formats to Prevent Zoom Fatigue

This event provided business critical content, designed for you with research and collaboration with key stakeholders.

Two streams of content so you can tailor your agenda to you. Anything your miss will be available to watch on-demand.

Our online platform enabled you to interact and create new connections.

What's in store?

Key Topics

This SC Annual Digital Congress provided a platform for cybersecurity leaders to come together for a mixture of thought leadership and strategy sharing panel discussions, as well as workshop style sessions with actionable takeaways for you and your business.

The Congress focussed on: 

Emerging threats & trends

Cybersecurity on a national scale

Collaboration & team structures

Understanding the mind of cyber criminals

Premium partners included

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 150,000 certified members strong, we empower professionals who touch every aspect of information security. 

Sophos makes IT security simple. Focused on innovation in next-generation protection, Sophos solutions are simple to deploy, maintain, and manage, enabling organisations to protect and defend their networks, their information, and their people. Sophos – Cybersecurity evolved.

ExtraHop, the leader in cloud-native network detection and response, is on a mission to arm security teams to stop breaches. Our Reveal(x) 360 platform combines the power of cloud intelligence with the simplicity of SaaS to help security teams eliminate blind spots and detect threats other tools miss. Built on cloud-scale AI, Reveal(x) 360 decrypts and analyzes all network and cloud traffic in real time to expose risks, from internal threats to external attacks. Bad actors can’t hide on the network, but ExtraHop can, giving security teams a secret weapon to stop breaches84% faster.

Okta is the leading independent identity provider. The Okta Identity Cloud enables organisations to securely connect the right people to the right technologies at the right time. With more than 6,500 pre-built integrations to applications and infrastructure providers, Okta provides simple and secure access to people and organisations everywhere, giving them the confidence to reach their full potential. More than 9,400 organisations, including JetBlue, Nordstrom, Siemens, Slack, T-Mobile, Takeda, Teach for America, and Twilio, trust Okta to help protect the identities of their workforces and customers.

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organisations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies.

KnowBe4 is the world’s largest integrated platform for new-school security awareness training and simulated phishing. KnowBe4 was created to help organisations manage the ongoing problem of social engineering through a comprehensive new-school awareness training approach. Organisations leverage KnowBe4 to enable their employees to make smarter security decisions and create a human firewall as an effective last line of defence.

CTM360 is a leader in Digital Risk Protection, trusted by 150+ banks and financial institutions globally. Offered as a fully managed Digital Risk Protection Platform, CTM360 detects, manages and responds to threats and vulnerabilities across the Surface, Deep & Dark web. Subscribers of the CTM360 platform get access to external attack surface management, cyber threat intelligence, cybersecurity risk scorecards, third party vendor assessments, brand protection / anti-phishing, data leakage protection, social media monitoring, and takedowns on an unlimited basis.

Associate Partners included

Mimecast was established in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first and tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector – email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure.

eSentire, Inc., founded in 2001, is the category creator and world’s largest Managed Detection and Response (MDR) company, safeguarding businesses of all sizes with the industry-defining, cloud-native Atlas platform that removes blind spots and enables 24×7 threat hunters to contain attacks and stop breaches within minutes. Its threat-driven, customer-focused culture makes the difference in eSentire’s ability to attract the best talent across cybersecurity, artificial intelligence and cloud-native skill sets. Its highly skilled teams work together toward a common goal to deliver the best customer experience and security efficacy in the industry. 

Think Cyber Security deliver secure behaviour change for their customers.


The company’s multi-award winning Redflags™ Real-time Security Awareness product applies behavioural and learning science theory to deliver context-sensitive, just-in-time guidance. For example when users are about to click links, visit certain web pages, enter their username into a web page, handle attachments, etc.


Redflags™ offers the toolkit organisations need to: manage operational risk from cyber-attacks directed at staff; meet compliance goals; keep content refreshed and relevant; target specific behaviours and specific users; all whilst allowing staff to get on with their jobs, to achieve business goals.

The Speakers were

Joelle H. Dvir

Attorney, McDonald Hopkins' national Data Privacy and Cybersecurity Group

Irfan Hemani

Director of Cyber Security & Digital Identity, Department for Digital, Culture, Media & Sport

Erika Lewis

Deputy Director, Department for Digital, Culture, Media & Sport

Nina Paine

Global Head Cyber Stakeholder & Government Engagement, Group CISRO, Standard Chartered Bank

Ian Lowe

Head of Industry Solutions - EMEA, Okta

Prof. John Walker

Editor in Chief, International Journal of Cyber Forensics and Advanced Threat Investigations


*Please Note all timings are in GMT and are subject to change. 

Day 1

9:25am – 9:30am

Welcome Remarks & Explanations of the Features of the Platform 


Emerging Threats & Trends 

9:30am – 9:55am

Stats & Facts Presentation: Insights from the Cyber Security Breaches Survey 2021 – Where are UK Businesses and Charities?
  • Long term trends – have organisations become more aware and resilient over time?
  • Cyber security under COVID-19 – what has changed under the pandemic and how have organisations reacted?
  • Room for improvement – what broad areas do organisations need to focus on or review, to raise their game?

Confirmed speaker: 
Jayesh Navin Shah, Researcher, Ipsos MORI

10:00am – 10:45am

Panel Discussion: Cyber Resilience – Emerging Threats and Trends: What Should Be Keeping You Up At Night?

Confirmed speaker: 

Irfan Hemani, Deputy Director, Department for Digital, Culture, Media & Sport
Craig McEwen, CISO, Anglo American
Darren Argyle, Group CISRO, Standard Chartered Bank
Sarb Sembhi, CTO, CISO, Virtually Informed Limited
Ronnen Brunner, Vice President EMEA, ExtraHop

Screen Break 

Insider Threats

11:00am – 11:30am

Presentation: How Can We Stop Our Team from Being Our Own Worst Enemy?
Javvad Malik, Security Awareness Advocate, KnowBe4

11:35am – 12:20pm

Ask the Experts: Building a Wall Together: The Relationship Between IT & Cyber Security
James Wilison, Founder, Unified Security Ltd

Dr. Richard Diston, Director, The Security Doctor
Prof. Paul Dorey, Visiting Professor, Royal Holloway

 Screen Break & Lunch

1:30pm – 2:15pm: Live Demonstration with Ken Munro from PenTest Partners 

Ken Munro, Partner, PenTest Partners
Cloud Security 
Ransomware & Malware

2:15pm – 2:45pm: Presentation – External Attack Surface Management: Protect your Presence in Cyberspace
Threat actors regularly perform reconnaissance on organizations by understanding their external attack surface. These activities leverage data-points already residing on the internet and enable most modern-day attacks. This session will explore how you may gain complete visibility and control over your organization’s digital assets. Key talking points include:

External Attack Surface Management (EASM): Introduction

Data-points commonly targeted in the External Attack Surface

Understanding the Hacker’s View

Developing a winning strategy in EASM

Arsalan Iqbal, Director, CTM360

2:15pm – 2:45pm: Presentation: Ransomware: What *really* happens if you pay the crooks?If you get hit by a ransomware attack and you decide to pay the blackmail demand, what happens next? How well should you expect things to work out? And what if you don’t pay? How do you handle the fallout then? We decided to find out by asking people who had already faced this unenviable dilemma. What they told us might surprise you…Confirmed speaker:Paul Ducklin, Principal Research Scientist, Sophos
2:50pm – 3:20pm: Presentation: Incident Response Best PracticesIt’s a growing dilemma for businesses, who are reliant on their cyber security to offer optimum resolution to posing threats and maintaining the quality of their daily usage online. But for  IT professionals and executives, it’s easy to undervalue basic reasons on how to stay cyber safe. This session will touch on:  
  1.       Waiting too long to react
  2.       Declaring “mission accomplished” too soon
  3.       Relying on complete visibility
  4.       Assuming you can handle your issues on your own
Confirmed speaker: Kostandino Kustas, Senior Sales Engineer, Sophos
Presentation: Securing Active Directory: Filling the Gaps Left by Audits, SIEMs, and AD Monitoring Most organizations do annual audits on Active Directory, as well as leverage SIEM and AD Monitoring solutions. However, these solutions leave a significant gap in securing AD, which the attackers are leveraging constantly. This gap can be filled, with great ease, with the right approach and solution. In this session Charles Clements will guide you through the benefits of these solutions, but also expose the gap left. He will provide you with the solution that can fill this gap, as well as keeping it filled! In this session you will learn
  • Where audits leave AD exposed
  • Why SIEMs and AD Monitoring solutions are not enough to secure AD
  • Why uncovering existing threats in AD is crucial
  • What can be done to continuously secure AD
  • How attacks can be detected in real-time
Charles Clements, Tenable


Close of day 1

Day 2

Cybersecurity & Governance

9:30am – 10:15am

Panel Discussion: Building On the Positives From the Last 12 months: Success Stories & Future Strategies

For the cybersecurity industry Covid-19 was not the disaster that had been imagined. The industry was able to transition quickly and provide benefits to huge numbers of people. Now as it becomes a keystone in the future of working life what successes can we build on? 

Quentyn Taylor, Director of Information Security, Canon Europe
Ian Lowe, Head of Industry Solutions – EMEA, Okta
Professor Alison Wakefield, Co-Director, Cybersecurity and Criminology Centre, University of West London
Karl Knowles, Global Head of Cyber, HFW

Skills & Diversity in Cybersecurity

10:20am – 10:55am

Presentation – Tackling the Cyber Security Skills Gap
  • Changing demands – how has the demand for cyber professionals changed under the pandemic? How have skills needs evolved?
  • The understanding gap – do organisations fundamentally know what they need and who they are looking for in recruitment?
  • Spreading best practice – is a mix of poor awareness and suboptimal recruitment approaches holding organisations back?
  • Equal standing – how do we support smaller cyber businesses as well as large ones to fill their skills needs?

Confirmed speakers: 

Jayesh Navin Shah, Researcher, Ipsos MORI

Sam Donaldson, Director, Perspective Economics

11:00am – 11:40pm

Panel Discussion: Mind The Skills Gap: How Can you Ensure You and Your Team Have the Skills You Need?
Confirmed speakers: Erika Lewis, Director of Cyber Security & Digital Identity, Department for Digital, Culture, Media & SportNina Paine, Global Head, Cyber Stakeholder & Government Engagement, ChimeSam Donaldson, Director, Perspective Economics Steven Furnell, Professor of Cyber Security, University of NottinghamDr. Sanjana Mehta, Head of Market Research and Public Policy EMEA, (ISC)2

11:45am – 12:15pm

Presentation: Cyber Breach Response: Building Your Playbook!
Phil Cracknell, CISO, Board Advisor, IP Performance

Screen break & lunch

1:40pm – 2:10pm

Ask The Experts: Containment: How Can You Prevent Further Penetration When Most Communication is Online and Digital?

Annick O’Brien, Senior Consultant, Cybsafe

Joelle H. Dvir, Attorney, McDonald Hopkins

2:15pm – 2:45pm

Changing risky habits: Research and real-world examples of driving secure behaviours

ThinkCyber unpick the science and theory behind behaviour models to help us understand why risky behaviours happen, and more importantly how to stop them. From research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour models that highlight the need for timely cues. Looking at examples of how cognitive psychology, behavioural and social science can and are being used to guide user behaviour. This talk will offer real world examples and ways that all organisations can apply the theories to drive secure behaviour change.

Tim Ward, CEO & co-Founder, ThinkCyber

2:50pm – 3:20pm

Thought Leadership Presentation: What can you do to protect your supply chain?

Sophie Hunt, Consultant, Insignia


Panel Discussion: How Should I Be Using Intelligence to Protect My Business?
As businesses look at the hybrid working model and hot desking, this session looks at the new risks and what you do to protect your business.Confirmed Speaker
Prof. John Walker, Editor in Chief, International Journal of Cyber Forensics and Advanced Threat Investigations
Sarb Sembhi, CTO, CISO, Virtually Informed Limited
Steven Furnell, Professor of Cyber Security, University of Nottingham


End of conference. Content available on-demand