CYBERUK 2022 Delegate information by -CYBERUK

CYBERUK 2022 Cyber security for the whole of society Delegate information 10-11 May 2022 ICC, Wales

Lead sponsors

Helping to make the UK the safest place to live and work online Helpu i sicrhau mai’r DU yw’r lle mwyaf diogel i fyw ac i weithio ar-lein The National Cyber Security Centre supports the most critical organisations in the UK, wider public sector, industry, SMEs and the general public. We help bolster the cyber resilience of the UK and help nurture the nation’s ecosystem. When incidents do occur, we provide an effective response to minimise harm, help with recovery, and learn lessons for the future. We are proud that CYBERUK has become a key date in the calendar where thought-leaders in cyber security and technical professionals from the UK and around the world come together to help tackle and explore the big challenges and opportunities in our sector.

Mae’r Ganolfan Seiberddiogelwch Genedlaethol yn cefnogi’r sefydliadau pwysicaf yn y DU, y sector cyhoeddus ehangach, diwydiant, BBaChau a’r cyhoedd. Rydym yn helpu i gryfhau sieberwydnwch y DU ac yn helpu i feithrin ecosystem y genedl. Pan fydd digwyddiadau’n codi, byddwn yn ymateb iddynt yn effeithiol er mwyn lleihau niwed, helpu â’r broses adfer, a dysgu gwersi ar gyfer y dyfodol. Rydym yn falch bod CYBERUK bellach yn ddyddiad pwysig yn y calendr pan fydd arweinwyr syniadau yn y maes seiberddiogelwch a gweithwyr technegol proffesiynol o’r DU a ledled y byd yn dod ynghyd i helpu i ymchwilio i’r heriau mawr a’r cyfleoedd yn ein sector, a mynd i’r afael â nhw.

Come and visit us on stand N1 Dewch i’n gweld yn stondin N1 National Cyber Security Centre @NCSC @cyberukevents ncsc.gov.uk

Contents CEO’s welcome

Cyber security for the whole of society

Venue map

A safe and positive environment for all

Cyber Ecosystem

Have your say

Cyber Den

Cyber Games

Spotlight Stage

Industry 100

Network, meet and collaborate

Supporting innovation and growth

Content overview

Programme at a glance

Plenary programme

Plenary chairs

Plenary speakers

Stream overview Exhibition map Venue map

Sponsor profiles

Partner exhibitor profiles

Premium exhibitor profiles

Standard exhibitor profiles

Welsh Government pavillion

DCMS Innovation Zone exhibitors Small business hub exhibitors

85 86

CEO’s welcome

It gives me great pleasure to welcome you to CYBERUK 2022, and to the state-of-the-art International Convention Centre, here in the historic city of Newport, Wales. It has been three years since the NCSC last brought the cyber security community together, in person, at CYBERUK 2019 in Scotland. I’m anticipating an event with even more than the usual amount of buzz, as delegates, speakers and exhibitors reconnect. Once again you’ll find the kind of incisive, engaging and comprehensive programme you have come to expect from the NCSC’s flagship conference. We are making part of the event accessible online, through our YouTube channel. However, it is only here in Wales that you get the full CYBERUK experience.

We have 200 speakers contributing to over 35 hours of original talks, presentations and indepth panel discussions. Hot topics will include ransomware, nation state threats and the evolution of security technology. And, if you’re looking for hands-on and technical engagement, we have our new Masterclass sessions. I would like to take this opportunity to thank our lead sponsors, AWS and BT, for supporting CYBERUK 2022. They, along with a range of private and public sector organisations, are instrumental in making this year’s conference dynamic, diverse and digitally accessible. It has been a long and eventful year. There is much to discuss, many lessons to be learned and ideas to share. However, there is one fact upon which we can all agree - cyber security is vital to the future safety and prosperity of the UK and our global partners.

“This idea of cyber security’s importance to all of us is at the heart of this year’s CYBERUK. The golden thread running throughout the two-day conference is Cyber Security for the Whole of Society, a theme which flows from the UK Cyber Strategy. Building the UK’s resilience requires everyone to play their part.” - Lindy Cameron This idea of cyber security’s importance to all of us is at the heart of this year’s CYBERUK. The golden thread running throughout the two-day conference is Cyber Security for the Whole of Society, a theme which flows from the UK Cyber Strategy. Building the UK’s resilience requires everyone to play their part. Central to this strategy is a vision of the UK in 2030 as a leading, responsible and democratic cyber power. To achieve that, we must work together as a nation, continuing to build a vibrant ecosystem of cyber security businesses, researchers and professionals.

and activities, catch some of the lightning talks on the Spotlight Stage, visit the Cyber Ecosystem zone and schedule some time to catch up with colleagues in the meeting hub. CYBERUK is about community, so I hope that you will also take the time to enjoy the company of your fellow leaders and professionals, many of whom live and work here in Wales. Reaffirm long-standing relationships and forge new connections. It’s by working together that we will succeed in making the UK the safest place to live and work online. Have a great event!

At CYBERUK 2022 we’ve worked hard to create an experience that matches the huge diversity of opportunities, challenges, skills and craft which make up the world of cyber security. In that spirit, I encourage you to explore everything that is on offer. Take part in some of the Cyber Games

Gair o Groeso gan y Prif Weithredwr

Pleser o’r mwyaf yw eich croesawu i CYBERUK 2022, ac i’r Ganolfan Gynadledda Ryngwladol flaengar yma yn ninas hanesyddol Casnewydd, yng Nghymru. Mae tair blynedd wedi mynd heibio ers i’r Ganolfan Seiberddiogelwch Genedlaethol (NCSC) ddod â’r gymuned seiberddiogelwch ynghyd, wyneb-yn-wyneb, yn CYBERUK 2019 yn yr Alban. Rwy’n rhagweld y bydd hyd yn oed mwy o fwrlwm nag erioed yn y digwyddiad hwn, wrth i gynrychiolwyr, siaradwyr ac arddangoswyr ddod at ei gilydd unwaith eto. Unwaith eto, gallwch ddisgwyl rhaglen dreiddgar, diddorol a chynhwysfawr yng nghynhadledd flaenllaw yr NCSC. Bydd rhan o’r digwyddiad ar gael ar-lein, drwy ein sianel YouTube. Fodd bynnag, dim ond yma yng Nghymru y gallwch gael profiad llawn o CYBERUK. 6

Mae gennym 200 o siaradwyr yn cyfrannu at dros 35 awr o sgyrsiau gwreiddiol, cyflwyniadau a thrafodaethau panel manwl. Ymysg y pynciau llosg mae meddalwedd wystlo, bygythiadau i genedl-wladwriaethau ac esblygiad technoleg diogelwch. Ac os ydych yn chwilio am ddulliau ymarferol a thechnegol o ymgysylltu, mae sesiynau Dosbarthiadau Meistr newydd ar gael. Hoffwn gymryd y cyfle hwn i ddiolch i’n prif noddwyr, AWS a BT, am gefnogi CYBERUK 2022. Maen nhw, ynghyd ag amrywiaeth o sefydliadau yn y sector preifat a’r sector cyhoeddus, yn rhan hanfodol o sicrhau bod y gynhadledd eleni yn ddeinamig, yn amrywiol ac ar gael yn ddigidol. Bu’n flwyddyn hir yn llawn digwyddiadau. Mae llawer iawn i’w drafod, llawer o wersi i’w dysgu a syniadau i’w rhannu. Fodd bynnag, gall pob un ohonom gytuno ar un ffaith – mae seiberddiogelwch yn rhan hanfodol o ddiogelwch a ffyniant y DU a’n partneriaid byd-eang yn y dyfodol.

“Y syniad yma o bwysigrwydd seiberddiogelwch i bob un ohonom sydd wrth wraidd CYBERUK eleni. Yr edefyn euraid drwy’r gynhadledd ddeuddydd yw Seiberddiogelwch i Gymdeithas Gyfan, thema sy’n deillio o Strategaeth Seiber y DU. Er mwyn datblygu gwydnwch y DU, mae angen i bawb chware eu rhan.” - Lindy Cameron

Y syniad yma o bwysigrwydd seiberddiogelwch i bob un ohonom sydd wrth wraidd CYBERUK eleni. Yr edefyn euraid drwy’r gynhadledd ddeuddydd yw Seiberddiogelwch i Gymdeithas Gyfan, thema sy’n deillio o Strategaeth Seiber y DU. Er mwyn datblygu gwydnwch y DU, mae angen i bawb chware eu rhan. Rhan ganolog o’r strategaeth hon yw ein gweledigaeth o’r DU yn 2030, fel gwlad sydd â phŵer seiber arweiniol, cyfrifol a democrataidd. Er mwyn cyflawni hynny, rhaid i ni gydweithio fel cenedl, a pharhau i greu ecosystem ffyniannus o fusnesau, ymchwilwyr a gweithwyr proffesiynol ym maes seiberddiogelwch.

byr ar y prif lwyfan, ewch i’r ardal ecosystem a neilltuo amser i gwrdd â chydweithwyr yn yr hyb cyfarfod. Hanfod CYBERUK yw cymuned, felly rwy’n gobeithio y byddwch hefyd yn defnyddio rhywfaint o’ch amser i fwynhau cwmni eich cyd-arweinwyr a’ch cydweithwyr proffesiynol, y mae llawer ohonynt yn byw ac yn gweithio yma yng Nghymru. Ceisiwch atgyfnerthu perthnasoedd sy’n bodoli eisoes a chreu cysylltiadau newydd. Dim ond drwy gydweithio y gallwn sicrhau mai’r DU yw’r lle mwyaf diogel i fyw ac i weithio ar-lein. Mwynhewch y digwyddiad!

Yn CYBERUK 2022 rydym wedi gweithio’n galed i greu profiad sy’n cyfleu’r amrywiaeth eang o gyfleoedd, heriau, sgiliau a chrefftau sy’n llunio’r byd seiberddiogelwch. I’r perwyl hwnnw, hoffwn eich annog i archwilio popeth sydd ar gael. Cymerwch ran mewn rhai o’r Gemau a’r gweithgareddau Seiber, ewch i rai o’r sgyrsiau 7

Because security is everyone’s top priority At AWS, security is deeply embedded into our culture and our processes. It permeates everything we do. As an AWS customer, you benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations in the world. We stand with the NCSC, committed to stronger, more resilient cyber defences for the whole of society.

Find out more at

aws.amazon.com/security

Cyber security for the whole of society Welcome to CYBERUK 2022! The National Cyber Strategy sets out a vision for the UK to cement its position as a responsible and democratic cyber power: a vision that demands a whole of society approach and is underpinned by our values, standards and local to global leadership. The foundation of that vision is a strong, innovative, professional and inclusive UK-wide cyber security ecosystem. A system that will strengthen our security, keep us ahead of our adversaries in cyberspace, and shape tomorrow’s technologies so they are safe, secure and open.

CYBERUK will once again convene the global cyber security community to strengthen partnerships, underpin standards, encourage innovation and nurture a sustainable ecosystem to help improve the resilience of the UK and its interests to cyber threats. In less than a decade, CYBERUK has established itself as a must-attend event for professionals working - or with a stake - in cyber security. With an international reputation for excellence that grows year-on-year, we are delighted to bring CYBERUK 2022 to Wales.

Delivering a more sustainable event We are committed to making CYBERUK 2022 our most sustainable conference yet. We are proudly linking up with Event Cycle to reduce leftover materials by repurposing and redistributing them to charities & community groups. To help minimise the event’s carbon footprint please use the shuttle bus service, sponsored by Trellix, which will provide efficient and effortless transport between the event venue, local hotels and Newport station. Top up your refillable bottles, sponsored by Immersive Labs, at stations throughout ICC Wales. And recycle paper and food waste over the twoday event and place your lanyards in the bins provided at the exit.

Venue map 1

2 13

2 4 5

7 8

9 10

17 16 15

20 19

2nd Floor

1st Floor

Meeting Hub Lift & Stairs

2. 3a. 3b. 4. 5. 6.

Prayer Room Workshops Workshops and Cyber Den Speaker Preview Room Quiet Zone International Delegate Lounge 7. Stream B 8. Small Business Hub 9. Plenary 10. Breakout Area 11. Government Stands 12. Cyber Games 13. Technical Masterclasses/ Stream A 14. Cyber Ecosystem Lift & Stairs Barista Bar Escalator

Ground Floor

15. Quiet Zone 16. Media Room 17. Plenary/Stream C 18. Info Desk 19. Spotlight Stage/ Live Streaming 20. CYBERUK TV 21. Exhibition Hall Toilets Lift & Stairs Escalator

Put yourself in safe hands We protect the UK’s critical national infrastructure, including the emergency services. And we’re used to protecting ourselves. We block 6,500 potential attacks a day and more than 100 million malicious communications every month. So, we understand how to stay ahead of the attackers and react quickly. Come and meet the real protectors. Visit us on Stand D2

Proud to be sponsoring CYBERUK 2022 Curious to learn more? bt.com/careers

A safe and positive environment for all The NCSC is committed to diversity and inclusion, and as the organiser of CYBERUK 2022, we are dedicated to ensuring that the event is accessible and a positive experience for all. For delegates who are deaf or hearing impaired British Sign Language interpreters will be in place during plenary sessions. A dedicated Prayer Room is available for delegates’ use on the first floor, alongside designated quiet areas on the first and ground floors. We kindly ask all delegates to abide by our equality, diversity and inclusion code of conduct. We operate a zerotolerance policy on disrespecting the views and rights of others. Everyone is welcome at CYBERUK.

“In cyber security, diversity isn’t just a numbers game. Diversity of thought is a key part of making cyber security sustainable.” - Dr Ian Levy, NCSC Technical Director

The ICC Wales is equipped with a Sennheiser Mobile Connect System. To use the system, simply: Delegates can make use of the Sennheiser Mobile Connect System in the Auditorium, Meeting Room 1, and Meeting Room 2.

• Download the Sennheiser MobileConnect App from your smart phone’s app store

For rooms 3a and 3b there will be induction loops installed. Switch your hearing aid to T position to access these.

• Open the ‘MobileConnect’ App

• Log onto the WiFi network ‘ICCWConnect’ • Select the channel relevant to your session e.g. Auditorium / Meeting Room 1 • Connect your hearing device or earphones to your smartphone

Cyber Ecosystem Sponsored by

Powerful change can take place when there’s collaboration with collective purpose. Brand new for 2022, the Cyber Ecosystem zone explores the rich possibilities of investing in people and cyber security skills in the UK and beyond, and the need to deepen vital partnerships.   Located on the first floor, the Cyber Ecosystem promises to spark ideas and engender stronger partnerships. Share your challenges and solutions on our Collaboration Wall.

What you see in this zone is not a linear journey for growth, but a connected ecosystem of dependencies that grow and evolve to become greater than their individual parts. By coming together, government, industry and academia are exploiting the opportunities that exist to fuel and grow this vital sector. Our Cyber Ecosystem is built on the key themes of Trust, Partnership, Innovation, Talent, Resilience and Growth.

GROW. DEVELOP. COLLABORATE. Have your say…

Have your say Help shape the discussion at CYBERUK 2022 We need your help to make this year’s CYBERUK the best possible event. As a delegate, you’re invited to join Slido, the Q&A and live polling platform that connects you directly with speakers in real time. Join with your first name only and event code #CYBERUK22 to be part of the conversation - no contact details required. All we ask is that you do not post any sensitive information via the platform.   CYBERUK is your event and we aim to improve it every year. If there’s any aspect of this year’s programme that you would like to provide feedback on, please do approach a member of our event team at the venue. Please also complete the online feedback form and tell us about your experience – CYBERUK can only get better and better with your help. CYBERUK doesn’t end at ICC Wales: join valuable online conversations and share the highlights from your visit using #CYBERUK22 on social media and subscribe to CYBERUK ONLINE on YouTube for all the latest streamed talks and event videos.

secureworks.com

Security that drives trust and innovation Discover more

Industrial Strength Cybersecurity for Industrial Infrastructure Dragos is an industrial (ICS/OT/IIoT) cybersecurity company on a mission to safeguard civilization. Dragos codifies the knowledge of our cybersecurity experts into an integrated software platform that provides customers critical visibility into ICS and OT networks so that threats and vulnerabilities are identified and can be addressed before they become significant events. Our solutions protect organizations across a range of industries, including power and water utilities,energy, and manufacturing, and are optimized for emerging applications like the Industrial Internet of Things (IIoT).

Visit STAND A25 to learn more!

Cybersecurity at Siemens Protect what you value – with our holistic approach and leading technology expertise. siemens.co.uk/cybersecurity

Cyber everywhere. Go anywhere. Deloitte Cyber is proud to sponsor the Cyber Ecosystem Zone. Visit us in the zone.

I made the move back to cyber as I quickly learned that the work is way more interesting and there are more challenges and opportunities. Emily, Software Engineer Find out more: https://careers.rtx.com

2624_001_3.indd 1

CYBERSECURITY

31/03/2022 13:35:16

Protect your Business from Cyber Threats

Airbus CyberSecurity is a European specialist in cyber security, with the mission to protect governments, military, organisations, and critical national infrastructure from cyber threats. With over 30 years of experience providing reliable cyber security products and services, we have become one of the most advanced sovereign cyber security players in Europe, with over 900 cyber security professionals and SOCs in France, Germany, UK and Spain. We provide a global cyber defence approach that dynamically protects, detects and responds to cyber threats with a portfolio that includes managed security services, design and integration solutions, industrial control system offerings, encryption, key management and consultancy services. Having protected Airbus Defence and Space’s complex systems and networks with our SOCs for years, we have leveraged our Airbus DNA to develop products and services for customers facing similar challenges as us, based on state-of-the-art trusted technologies.

www. airbus-cyber-security.com

Get fast and easy protection against threats Take a demo today at Stand B01 go.crowdstrike.com/try-falcon-prevent

Cyber Den Hosted by

Who will emerge victorious from the Den? Always a popular attraction, one of CYBERUK’s most exciting features is the Cyber Den, hosted by DCMS, held in Meeting Room 3b. This is your opportunity to witness some of the UK’s leading cyber security entrepreneurs from the Innovation Zone competing with ‘Dragons Den’style pitches to a panel of NCSC and industry leaders, fronted by head judge Dr Ian Levy, Technical Director of NCSC.   With previous Cyber Den winners including Risk Ledger and Awen Collective, the Cyber Den has carved out a reputation for spotting and celebrating the sector’s newest disruptors/trailblazers.

Cyber Games Sponsored by Are you ready to take on the challenge of the Cyber Games? As a CYBERUK 2022 delegate, you have the chance to participate in a series of demanding technical challenges set by some of our accomplished cyber security industry partners. Located on the first floor (see map) and open throughout the event, the Cyber Games challenges are fun and quick to complete – most take less than 30 minutes. Are you ready to face the heat? The chilli ratings will lead you straight to the right challenge for your technical ability.

In the spotlight at CYBERUK Sponsored by

We are excited for the return of the Spotlight Stage, which champions future-focused conversation. Five-minute lightning talks during the conference lunch breaks allow pre-selected delegates to step up to the mic and present their ideas. This year’s agenda offers informative talks on cyber security issues and trends, and how we can all help shape the future of our sector. So, be sure to grab a front-row seat – who knows what you might learn!

Live Streaming Sponsored by

Following the success of our fully virtual event in 2021, several sessions will be live streamed to the CYBERUK ONLINE YouTube channel. Look out for the ONLINE icon in our programme to catch key discussions, wherever you are.

Almost all sessions will also be streamed directly to the Spotlight Stage, if you’d prefer to watch from the comfort of the atrium using the headphones provided. The full streaming schedule is available on the board at the Spotlight Stage.

Spotlight Stage Day 1: 10 May 2022 Time

Slot

Organisation

Title of Presentation

Speaker

1240 - 1245

Lightning Talk 1

University of the West of England (UWE)

Cyber Security in industry: threats to the supply chain

Alan Mills

1245 - 1250

Lightning Talk 2

Cardiff University

My buddy

Dr Allison Wylde

1250 - 1255

Lightning Talk 3

Saepio Information Security

Neurodiversity – it’s your superpower not your kryptonite

Anthony Salerno

1255 - 1300

Lightning Talk 4

Royal Navy

Fighting at sea with cyber risk

Angus Rahi-Young

1310 - 1315

Lightning Talk 5

Noetic Cyber

Can controls as code work?

Craig Roberts

1315 1320

Lightning Talk 6

Siemens plc

E-fleet operational resilience- A key enabler for a secure transition to sustainable transport

Parisa Akaber

1320 - 1325

Lightning Talk 7

Cabinet Office

hijacking.gov.uk - Top 4 ways your domain could be hijacked, and how to stop it

Terence Eden and Vandan Adhvaryu

1325 - 1330

Lightning Talk 8

Eckoh

How to attack a contact centre - Is it criminals, customers, or staff that are out to get you?

Ashley Burton

BREAK

Day 2. 11 May 2022 Time

Slot

Organisation

Title of Presentation

Speaker

1240 - 1245

Lightning Talk 9

PETRAS National Centre of Excellence

Three steps to cyber: teaching developers to discuss cybersecurity with product owners

Charles Weir

1245 - 1250

Lightning Talk 10

IN2 Communications

Understanding the cyber-disinformation continuum and dealing with the threat

Chris Crowther

1250 - 1255

Lightning Talk 11

ThinkCyber Security Ltd

Can we change behaviours in real time? A behavioural science approach

Tim Ward

1255 - 1300

Lightning Talk 12

Ofcom

Attracting diverse talent

Jill Faure

1310 - 1315

Lightning Talk 13

NCSC

A refresh of the NCSC's cloud guidance

Senior Technical Researcher

1315 - 1320

Lightning Talk 14

DCMS

Why and how is the Government intervening in the app ecosystem?

Ed Venmore-Rowland

1320 - 1325

Lightning Talk 15

Deloitte

Sustainability in cyber consultancy

Peter Hodgkinson

1325 - 1330

Lightning Talk 16

University of Birmingham and University Bristol

The challenge of reliable threat analysis in industrial control systems

Richard Thomas and Joe Gardiner

1330 - 1335

Lightning Talk 17

Lighthouse Global

The hidden dangers of insider risks – In a work from anywhere world

Graham Hosking

BREAK

What is Industry 100? Industry 100 (i100) is the principal initiative from the NCSC to facilitate close collaboration with the best and most diverse minds in UK industry. As the national technical authority on cyber security, our ambition is to make the UK the safest place to live and do work online. But we can’t do this alone. Every citizen, business and government department has a part to play. i100 brings together public and private sector talent to challenge thinking, test innovative ideas and enable greater understanding of cyber security – one of the most important issues of our time. In i100, we are bringing industry and government expertise together to help us all learn lessons, identify systemic vulnerabilities and reduce the impact of cyber attacks. These are some partners we work with

Come talk to us at Stand N1 22

Industry 100 Placing industry at the heart of the NCSC Testing innovative ideas, enabling greater cyber security understanding and challenging thinking across the public and private sector, i100 is an initiative that sees government and industry working hand-in-hand.

“”“ ” i100 hour at the networking evening Tuesday 10 May

19.30-20.00 Introduction to the Industry 100 with Paul Maddinson, NCSC Director of Operations, and guests on the Spotlight Stage 20.00-20.30 NCSC stand takeover – chat with secondees and the NCSC i100 team

i100 helps our staff to grow, supports their personal development and allows us to give something back – helping support the mission. - David Carroll, Managing Director, Nominet

Join the NCSC i100 team in Manchester later this year where they will be hosting an event to develop i100 in support of the cyber ecosystem in the north of the UK. The event will bring together the i100 advisory group, NCSC Manchester and local businesses.

Through NCSC’s i100 I’ve had a unique opportunity to blend in my operational rail safety and cyber security experience with NCSC’s information exchange, sociotechnical research and trusted stakeholder relationships. The output will support the whole of the GB mainline rail sector, helping to hit the spot in strengthening our transport CNI. - Emma Taylor, RazorSecure

To find out more, visit the NCSC - stand N1 in the Exhibition Hall or contact i100@ncsc.gov.uk

Network, meet and collaborate at CYBERUK 2022 CYBERUK is uniting the UK’s cyber security community, providing long-awaited in-person networking opportunities and unparalleled insight, thanks to our networking sponsors Secureworks. 2022’s incredible event promises to deliver many chances for delegates to meet, share knowledge and expertise, explore business needs, review the ever-changing threat landscape, and look positively towards the future. Of course, it’s not all work and no play at CYBERUK: a highlight every year is the networking evening on Day 1, and it’s back for 2022. Informal networking kicks off in the Atrium and Exhibition Hall as soon as the first day’s programme has wrapped up. With live music from a great local band, food and drink and roaming entertainment, it’s the perfect chance to speak with exhibitors, visit stands, build new relationships and reconnect with your peers in a more relaxed environment. During the networking evening, CYBERUK will feature the i100 Hour. Delegates will have the chance to learn more, first-hand, from the NCSC and past participants of the Industry 100 (i100), a leading collaboration between industry and government. For more information, see page 21. The Meeting Hub, sponsored by Siemens, is another popular feature of CYBERUK - a meeting place for forging new partnerships and building those all-important connections. Specifically designed for private meetings, you can book a meeting space at either the ground floor Information Desk or the Hub’s reception desk.

Supporting innovation and growth Sponsored by

Schools outreach programme All eyes are firmly fixed on the future at CYBERUK – and the future begins today, as we welcome the next generation of thinkers and influencers into our industry. The CYBERUK half-day outreach programme for school children features activities to encourage young people to consider a future career in our exciting sector. This will take place during morning plenary, so please be mindful of the younger audience if you are not in session.

Sponsored by

STABL PEOPLE. TECHNOLOGY. SOLUTIONS.

Hosted by

Bursary places As part of our commitment to increasing access to the cyber security sector for all, we have provided discounted event passes to selected delegates from charities, small businesses and academia. CYBERUK’s Bursary Places ensure that attendance at this year’s event is as wide and diverse as possible and there is the opportunity for all organisations, large or small, to have a presence at CYBERUK.

SME representation at CYBERUK Small businesses and start-ups are integral to the creation of innovative cyber security technologies. At CYBERUK 2022 you will find a strong SME presence across the event: The Innovation Zone, hosted by DCMS, features 12 innovative UK SMEs and is located in the Exhibition Hall. These businesses will also be pitching their products and ideas in the Cyber Den. Located on the first floor, the Small Business Hub is a collection of smaller firms making a big impact on the future of the industry. The Welsh Government is hosting a Welsh Pavilion in the Exhibition Hall, a space which provides a presence for local companies.

Helping you harness the extraordinary power of technology to build a future we can trust

Search: Thalesgroup

THIS IS CYBER SECURITY. THIS IS WALES.

Meet companies from Wales’ Cyber eco-system on the Wales stand at Cyber UK.

tra�ean�invest.wales @InvestWales #walesinveste�

Greater Manchester - a global, digital influence in cyber Greater Manchester is rapidly becoming UK and European centre for cyber and digital ethics, trust and security. A region with a £5 billion digital economy and a strong cyber ecosystem at its heart - a place with the ambition and strong civic mandate, to take an approach to digital that ensures no one gets left behind.

At CYBERUK, five members of Greater Manchester’s Cyber Security Advisory Group will exhibit, highlighting how Greater Manchester is doing digital differently and leveraging our expertise in areas like cyber security. The group, hosted by Greater Manchester Combined Authority, reflects the cyber security capabilities of the region and drives forward inclusive economic growth for the city-region and the North.

Stand B02

greatermanchester-ca.gov.uk/greater-manchester-cyber-ecosystem

The University of Manchester Digital Futures

Content overview Make every moment count at CYBERUK 2022 CYBERUK’s programme has been created to provide the most in-depth experience possible, with sessions dedicated to one theme: Cyber Security for the Whole of Society. Following the publication of the National Cyber Strategy (NCS), this year’s streams have been created to address the strategic direction provided by HMG to advance the ‘whole of society’ approach as set out in the NCS. CYBERUK offers four streams of thoughtprovoking content, with the content of streams A, B and C carefully aligned with the five pillars of the NCS. Stream D spans 14 workshops, providing fantastic insights, invaluable customer case studies and engaging scenarios to complement the main plenary and stream content.

Strengthening the UK cyber ecosystem, investing in our people and skills and deepening the partnership between government, academia and industry. DCMS are sponsoring the Innovation Zone at this year's CyberUK. Sign up

to the DCMS Cyber Newsletter

Largest EU-Based Cybersecurity Vendor

When technology enables progress, ESET is here to protect it We are a global digital security company, protecting millions of customers and thousands of companies worldwide.

30 years protecting companies, nation states and individuals from cyber attacks

Help protect over 2.5 Billion Google Chrome users through Chrome Clean-up and Google Play security collaboration

110+ million users worldwide

Work closely with all the major military,intelligence and law-enforcement agencies in the NATO and EU aligned countries

Get in touch to find out how our products can protect your business: 01202 405 405 | sales@eset.co.uk

Chilli key:

Programme at a glance Day 1

TUESDAY 1 08:00 - 09:45 09:45 - 11:00 11:00 - 11:45 11:45 - 12:30 12:30 - 14:00

14:00 - 14:40

14:50 - 15:30

15:30 - 16:15

Registration and exhibition opens

Plenary 1: CEO Welcome, Senior Government keynote, Lead Sponsor BT keynote and leadership panel: Global response, Global impact: strategic alignment and collabora Networking break and exhibition

Plenary 2: Whole of society panel: Reduce harm and carry on? Exploring the practical reality of good digital security for individuals and organisations Networking lunch, exhibition and Spotlight Stage lightning talks

STREAM A

STREAM B

Resilience and tackling the threat

Technology and Ecosystem

Session 1 Don’t look back in anger

Session 1 Creating a big bang: When government, education & industry collide

Session 2 A little less conversation, a little more action

Session 2 Big risk thinking: Hyperscale to pocket sized, these risks are everywhere

Networking break and exhibition Session 3 MSPs and CSPs in the supply chain

Session 3 A way to see the forest from the trees, and all the devices in between

Session 4 From Mirai to Ukraine DDoS: 5 years of honeypot evolution

Session 4 The big-risk buck stops here

16:15 - 16:55

17:05 - 17:45

18:00 - 18:45 18:45 - 21:00

Plenary 3: Technology Panel: Will we still be able to do cyber security in 5 years? Informal networking evening in the exhibition

WEDNESDA 30

08:00 - 09:00

Registration and exhibition opens

Introductory session. You won’t need to be an expert in the subject to benefit from this session. Intermediate session. You will already have a basic to moderate understanding of the topic, allowing you to engage with the insights provided during this session. Advanced session. You will have strong knowledge and understanding of the session’s topic, enabling you to benefit from a much more detailed technical briefing, with introductory and intermediate knowledge assumed from the outset. Deep technical content. Reserved for the Technical Masterclasses. Advanced technical knowledge is a requirement for these sessions.

Each session has been assigned a symbol depicting which audience it is most relevant to:

Leaders Technical Professionals Leaders & Technical Professionals

Content available on CYBERUK 2022 YouTube channel

10 MAY

d Global ation

Technical Masterclass 1: Protecting the keys to the kingdom:

Technical Masterclass 2: What do attackers get when they get in?

STREAM C

STREAM D

Local to global leadership

Interactive workshops

Session 1 Securing UK citizens online: Protecting the public at scale

Workshop 1a Leonardo: Approaches to address critical threats to operational technology systems

Workshop 1b Why deny 1 in 5?

Session 2 When the worst happens: First-hand experiences of the “big” incident from victim

Workshop 2a Cyber security’s role in creating a sustainable future

Workshop 2b Cyber Den hosted by DCMS. (Finishes at 15:50)

management tips they have learned

Session 3 From global threat to local action

Workshop 3a Sophos: The state of ransomware 2021. What can we learn from last year and how do we apply that knowledge to be safer in 2022?

Session 4 Walk the walk: The Government Cyber Security Strategy

Workshop 4a Proofpoint: Systemic risk – Your part in the downfall of society

Workshop 4b Cyber Essentials

AY 11 MAY Women in cyber networking breakfast, in the Aspect bar (08:00 - 08:45)

Session 4 From Mirai to Ukraine DDoS: 5 years of honeypot evolution

Chilli key:

Session 4 The big-risk buck stops here

rogramme at a glance P Day 2 17:05 - 17:45

18:00 - 18:45 18:45 - 21:00

Plenary 3: Technology Panel: Will we still be able to do cyber security in 5 years?

Informal networking evening in the exhibition

WEDNESDA 08:00 - 09:00 09:00 - 10:10 10:10 - 10:40 10:40 - 11:30

11:40 - 12:20

12:20 - 13:50

Registration and exhibition opens Plenary 4: CEO keynote, Ministerial address, lead sponsor AWS keynote, Resilience Panel: The demand for supply chain Networking break and exhibition

Plenary 5: Ecosystem panel: Chartering new territory for employers and practitioners

STREAM A

STREAM B

Resilience and tackling the threat

Technology and Ecosystem

Session 5 Ransom here, there, ransom everyware

Session 5 Digital security by design: Changing the rules against cyber attacks

Networking lunch, exhibition and Spotlight Stage lightning talks Session 6 I’ll be there for you - Community building

Session 6 Product assurance: The paradigm shift

Session 7 Oh that was clever, when even jaded incident handlers are impressed

Session 7 Cyber education turning mirrors into windows

13:50 - 14:30

14:40 - 15:20

15:30 - 16:25 16:25

Plenary 6: Threat Panel: Through the cyber looking glass - “I don’t like the look of it at Cyber Den awards and closing remarks

Introductory session. You won’t need to be an expert in the subject to benefit from this session.

Session 4

IntermediateWalk session. Youwalk: will already a basic to moderate the Thehave Government Cyber understanding of the topic, allowing you to engage with the insights Security Strategy provided during this session. Advanced session. You will have strong knowledge and understanding of the session’s topic, enabling you to benefit from a much more detailed technical briefing, with introductory and intermediate knowledge assumed from the outset. Deep technical content. Reserved for the Technical Masterclasses. Advanced technical knowledge is a requirement for these sessions.

last year and how do we apply that knowledge to be safer in 2022?

Each session has been assigned a symbol depicting which audience it is most relevant to:

Workshop 4a Proofpoint: Systemic risk – Your part in the Leaders downfall of society

Workshop 4b Cyber Essentials

Technical Professionals Leaders & Technical Professionals

Content available on CYBERUK 2022 YouTube channel

AY 11 MAY

Women in cyber networking breakfast, in the Aspect bar (08:00 - 08:45) Technical Masterclass 3: When a vulnerability comes knocking at your door

Technical Masterclass 4: What’s common about the majority of all breaches? Malware.

STREAM C

STREAM D

Local to global leadership

Interactive workshops

Session 5 Is crypto growing up? The challenges of implementing a central bank digital currency

Workshop 5a PA Consulting: Innovative thinking Ways to accelerate cyber transformation

Workshop 5b Bridewell Consulting: Helping operators of critical infrastructure transform cyber

Cyber Den hosted by DCMS (12:30 - 13:30)

Session 6 Building the diverse cyber workforce of tomorrow

Workshop 6a SonicWall: Ransomeware's savage reign - Building defence and resiliency across hybrid environment

Workshop 6b Communications crisis - How our Critical National Infrastructure can be better protected from cyber attacks with a cup of tea and a Welsh cake

Session 7 Cyber power

Workshop 7a Understanding your attack surface through vulnerability disclosure

Workshop 7b Security is no excuse for poor performance: Welcome to the world’s most highly assured operating system

t all,” said the King.

Innovate resilience with confidence

Our investment in your success

At your service, by your side

Threat Intel in your inbox

We are well placed to help you make the most of emerging technologies, working with you every step of the way so you can innovate and connect with confidence

With 3,400 dedicated cyber security research days each year and our vast global threat intel, we help you defend against everadvancing threats and attacker techniques

Our experience in public sector cyber security and technical input into government policy is helping to secure UK society and organisations from global cyber threats

Be ahead of the game and receive our world class threat intel conveniently every month. Scan the QR code below to sign up now

Discover our latest insights at our booth or sign up now to our latest Intel reports, conveniently sent to your mail box every month campaign.cybersecurity.nccgroup.com/threat-pulse Scan the code to sign up

Making the world safer and more secure.

+44 (0) 161 209 5111

www.nccgroup.com

Plenary programme

TUESDAY 10 MAY Welcome and introduction by Chair of CYBERUK 2022, Lindy Cameron, CEO, NCSC Senior Government Keynote, Sir Jeremy Fleming, Director GCHQ

PLENARY 1 09:45 – 11:00

Lead sponsor BT Keynote, Kevin Brown, Managing Director, Security, BT Global response, Global impact: Strategic alignment and collaboration

In this session, we will explore strategic trends within the global cyber landscape and examine how international collaboration between responsible cyber powers can help to protect and promote effective cyber governance and security. Our debate seeks to establish the value of unity and common purpose among international partners and the benefits it brings to strengthening our collective resilience to the spectrum of cyber threats. Chair: Lindy Cameron, CEO, NCSC Panellists: Abigail Bradshaw, Head Australian Cyber Security Centre Australian Signals Directorate Juhan Lepassaar, The Executive Director of the European Union Agency for Cybersecurity Rob Joyce, Director, Cybersecurity Directorate, NSA

PLENARY 2 11:45 – 12:30

PLENARY 3 18:00 – 18:45

Reduce harm and carry on? Exploring the practical reality of good digital security for individuals and organisations

Chair: Paul Maddinson, Director, National Resilience and Strategy, NCSC

We’ll have heard about global trends in cyber security through the opening speeches and panel sessions at this conference. Along with the very latest thinking on strategic response from the UK and partner governments and industry leaders. In this session we switch focus to what it all means in practice to protect the whole of society from the negative impacts of these changes in the big picture. This session will invite a range of views from people and organisations who rely on digital connectivity for their life and work: bringing to the fore the things that worry them the most and exploring the most effective ways of doing something about them.

Panellists: John Edwards, UK Information Commissioner

Will we still be able to do cyber security in 5 years?

Dr Ian Levy, Technical Director, NCSC will lead a conversation

We’ve started to see the balkanization of tech, driven by countries’ needs to be sovereign and not dependent on their strategic competitors and adversaries. This is leading to unprecedented actions that will fundamentally change how technology is designed, standardised and built and whose values it embodies. Will our current cybersecurity approaches work in this new context? How do we ensure that our ever-increasing dependence on technology is safe for the long term? This session will start to explore these topics, and possible responses.

Rob Jones, Interim Director General, National Economic Crime Centre (NECC), NCA Nelson Ody, Product Manager, RM Siwan Rees, Senior Programme Manager, Impact Innovation

Plenary programme

WEDNESDAY 11 MAY Welcome to day two Keynote, Lindy Cameron, CEO, NCSC Ministerial address, The Rt Hon Steve Barclay MP, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office

PLENARY 4 09:00 – 10:10

Lead sponsor AWS Keynote, Chris Hayman Director, UK Public Sector, AWS and Amie Alekna, Director of Security, Privacy, Live Services and Information Management at Ministry of Justice Keynote, Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA) The demand for Supply Chain The Supply Chain can be large and complex, involving many suppliers doing many different things. Securing it can be hard because vulnerabilities can be inherent or introduced and exploited at any point within it.

Chartering new territory for employers and practitioners

PLENARY 5 10:40 – 11:30

The UK is a global tech leader and cyber security is core to this success. But while organisations understand its importance, they often don’t know who to hire for what role, and newcomers to the profession don’t know where to start. Launched last year, the UK Cyber Security Council is the self-regulatory body for the UK’s cyber security profession. Bringing together the existing qualification and certification market, it will create clear professional standards and pathways within the profession.

The ever-increasing outsourcing of services, the globalisation of the Supply Chain, and our reliance on the resilience of these multi-national companies, present a significant risk to our security and even our way of life. This session provides an insight into how the US and UK approach the Supply Chain exam question and how separately and together, we are on the same page. Chair: Marsha Quallo-Wright, Deputy Director for Critical National Infrastructure. NCSC Panellists: Ben Aung, Chief Risk Officer, Sage Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA) Ian McCormack, Deputy Director for Government Cyber Resilience, NCSC Jimmie Owens, Global Chief Information Security Officer at DXC Technology This session will explore how the UK Cyber Security Council will demystify the cyber profession for employers and practitioners. Chair: Chris Ensor, Deputy Director for Cyber Skills and Growth, NCSC Panellists: James Dipple-Johnstone, Deputy Commissioner and Chief Regulatory Officer, Information Commissioner’s Office Simon Hepburn, Chief Executive, UK Cyber Security Council Erika Lewis, Director, Cyber Security and Digital Identity, DCMS Pearl Noble-Mallock, Head of Product Security, BAE Systems Ministerial address, The Rt Hon Damian Hinds MP, Minister of State, Minister for Security and Borders

Through the cyber looking glass - “I don’t like the look of it at all,” said the King

PLENARY 6 15:30 – 16:25

Great power competition had already found cyberspace to be a fruitful domain long before this year, but world events are likely to accelerate this even further. This closing panel of CYBERUK 2022 will look ahead and discuss how cyber security is likely to play a pivotal role in defending not just our information and systems, but our values and entire way of life.

Chair: Paul Chichester, Director of Operations, NCSC Panellists: Sami Khoury, Head, Canadian Centre for Cyber Security, Communications Security Establishment Merle Maigre, Cybersecurity Expert, E-Governance Academy, Estonia Vikram Thakur, Technical Director at Symantec, Broadcom Juliette Wilcox CMG, UK Cyber Security Ambassador, Department for International Trade Cyber Den awards and CYBERUK 2022 Close Lindy Cameron, CEO, NCSC

Technical masterclasses programme Take a deep dive into specialist areas to expand your cyber security knowledge with 2022’s host of technical masterclasses. Led by the NCSC’s CTOs, the new CYBERUK technical masterclasses delve into the management of privileged accounts using MS RAMP, lateral movement and propagation, vulnerability handling and malware analysis. All sessions are rated five chillies to challenge the deep technical experts within our community. TUESDAY 10 MAY

TECHNICAL MASTERCLASS 1 09:45 – 11:00

Protecting the keys to the kingdom - Adopting an effective privileged access strategy Understand the importance of protecting privileged accounts and how to adopt an effective privileged access strategy for your organisation based on Microsoft’s Security Rapid Modernization Plan. This session introduces the roadmap and discusses the key elements for success, allowing delegates to implement effective changes across their own estates. Al Platt, Principal Security Consultant, NCC Group Martin Hill, Managing Security Consultant, NCC Group

TECHNICAL MASTERCLASS 2 11:45 – 12:30

What attackers do when they get in? This masterclass will cover how attackers move around your network, how you can make that harder and how you can spot them doing it. We’ll cover common lateral movement tools and techniques, how you can safely test to make sure that they won’t work on your estate or how to detect them if blocking them isn’t possible. Christian Lopez, EMEA Triage Lead, Bug Bounty Services, NCC Group

WEDNESDAY 11 MAY When a vulnerability comes knocking at your door

TECHNICAL MASTERCLASS 3 09:00 – 10:10

This masterclass will provide details on how to build maturity in vulnerability handling. We’ll provide an insight to NCSC’s handling of vulnerabilities via the Vulnerability Reporting Service and how organisations can improve their own handling. Then we’ll cover the top three vulnerability types we’ve seen, a detailed explanation on what they are, and how organisations can help build resilience against them. Speakers: Christian Lopez, EMEA Triage Lead, Bug Bounty Services, NCC Group Matt Trueman, Technical Delivery Director for Government, NCC Group Vulnerability Management Lead, NCSC NCSC CTO for Government What’s common about the majority of breaches? Malware.

TECHNICAL MASTERCLASS 4 10:40 – 11:30

Whether it’s phishing documents, webshells, reconnaissance tools, credential harvesters, in memory payloads or backdoors, malware is used by all attackers, from cyber criminals to nation state actors. This Technical Masterclass will cover current tactics and techniques actors utilise to ensure their malware avoids your defences and how best to detect and prevent breaches. Liam Glanfield, Managing Security Consultant, NCC Group Deputy Director Technical Director Operations, NCSC Michael Matthews, Managing Security Consultant, NCC Group Rob Smallridge, Principal Consultant CIRT, NCC Group

Plenary chairs

Lindy Cameron

Paul Chichester MBE

CEO

Director Operations

NCSC

Lindy became CEO of the National Cyber Security Centre in October 2020 following more than two decades of national security policy and crisis management experience. She was previously a Director-General in the Northern Ireland Office and at the Department for International Development (DFID). After starting her career in the private sector, Lindy served across government both at home and abroad, including postings in Africa, Asia and the Middle East.

Paul is Director Operations of the National Cyber Security Centre. He has worked in the UK government intelligence and security community for over 25 years in a variety of offensive and defensive cyber roles. Paul was awarded the MBE in 2005 for his ground-breaking work in cyber.

Chris Ensor

Dr Ian Levy OBE

Deputy Director for Cyber Skills and Growth

Technical Director

Chris has worked in cyber security for nearly 30 years in a variety of roles, all of which have involved building new capabilities to help organisations protect themselves. As Deputy Director for Cyber Growth, he is charged with using the NCSC’s expertise and brand to build national cyber security capabilities in education, skills, research, innovation and industry.

Ian became Technical Director of the National Cyber Security Centre in October 2016, prior to which he was Technical Director of Cyber Security and Resilience at GCHQ. Ian leads on developing defences to manage cyber threats. This involves fostering technical innovation to find solutions that can protect the UK from large scale cyber attacks, and day-to-day malicious cyber activity.

NCSC

Plenary chairs

Paul Maddinson

Marsha Quallo-Wright

Director, National Resilience and Strategy

Deputy Director for Critical National Infrastructure

NCSC

Paul became Director of National Resilience and Strategy in April 2021, leading the NCSC’s work on strategy and delivery with a particular focus on increasing cyber resilience across government, critical national infrastructure, and wider economy and society. He has worked in a variety of roles across government in national security and international relations, with postings abroad in the US, Europe and Africa. Paul has previously been NCSC Deputy Director for Operations and was involved in establishing the cross-government Incident Management function for the NCSC’s launch in 2016.

Marsha heads up the NCSC team that supports private sector companies, that operate the UK’s most critical infrastructure delivering essential services (energy, water, transport, telecoms, finance, civil nuclear, food, space, post). The team works with industry to make the UK a safer place. We develop trusted relationships with industry and work with them to increase their cyber security and resilience to ensure essential services are available to support the public. Marsha is a Senior Civil Servant who over the last 12 years has worked on resilience and security in a number of Government departments and has a background in scientific research.

Join our session on 'Understanding Your Attack Surface Through Vulnerability Disclosure' With Laurie Mercer, Sr Manager, Sales Engineering, EMEA, HackerOne at 14:40 on 11 May 2022

Visit us at booth A1 40

Plenary speakers

Amie Alekna

The Rt Hon Steve Barclay MP

Director of Security and Information

Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office

Ministry of Justice Amie is currently the Director of Security and Information Group at the Ministry of Justice.

Steve Barclay was appointed Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office on 15 September 2021. He was previously Chief Secretary to the Treasury from 13 February 2020 to 15 September 2021 and Secretary of State for Exiting the European Union from 16 November 2018 to 31 January 2020 and Minister of State for the Department of Health and Social Care from January to November 2018. Steve was also Economic Secretary to the Treasury from June 2017 to January 2018. He served as a Government Whip (Lord Commissioner of HM Treasury) from July 2016 to June 2017. He was elected Conservative MP for North East Cambridgeshire in May 2010.

Kevin Brown

Jen Easterly

Managing Director, Security

Director

Cybersecurity and Infrastructure Security Agency (CISA)

Kevin is responsible for the protection of BT’s data, assets and people, and its security market offer to customers. Kevin is also the executive Diversity and Inclusion sponsor for BT Global.

Jen Easterly is Director of CISA, America’s cyber defense agency. Before CISA, Jen was Head of Firm Resilience at Morgan Stanley after a public service career that included two White House tours, command of the Army’s first cyber unit, and over twenty years of military service, including tours in Iraq and Afghanistan. A graduate of West Point and Oxford, Jen is a proud Mom, mental health advocate and puzzle enthusiast.

Plenary speakers Chairs

John Edwards

Simon Hepburn

UK Information Commissioner

Chief Executive

John Edwards became UK Information Commissioner in January 2022.

UK Cyber Security Council

Mr Edwards was educated in New Plymouth, New Zealand and achieved a Bachelor of Laws and Masters in Public Policy at the University of Wellington. He worked as a solicitor and barrister for more than 14 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information. From February 2014 to December 2021 he was New Zealand Privacy Commissioner. During that time he chaired the International Conference of Data Protection and Privacy Commissioners (now known as the Global Privacy Assembly), and was a member of the OECD’s Informal Group of Experts on Children in the Digital Environment.

The Rt Hon Damian Hinds MP Minister of State, Minister for Security and Borders Damian Hinds was appointed Minister of State (Minister for Security) on 13 August 2021. He previously served as Secretary of State for Education from 8 January 2018 to 24 July 2019. He was elected Conservative MP for East Hampshire in May 2010.

Simon Hepburn is the Chief Executive Officer of the UK Cyber Security Council. Simon has more than twenty years’ experience working within the charity, education, and careers sectors. Prior to joining UKCSC, Simon was CEO of a national education charity, the UK Director at an international social action charity, Director of Education and Policy at an EdTech Company and Director of Pathways and Partnerships for the largest Multi Academy Trust.

Sami Khoury Head of Canadian Centre Centre for Cyber Security Sami Khoury is the Head of the Canadian Centre for Cyber Security (the Cyber Centre). The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure owners and operations, the private sector and the Canadian public.

Juhan Lepassaar

Erika Lewis

Executive Director

Director of Cyber Security and Digital Identity

EU Agency for Cybersecurity Juhan Lepassaar took up his functions as the Executive Director of ENISA on 16 October 2019. He has more than 15 years of experience in working with and within the European Union. Prior to joining ENISA, he worked for six years in the European Commission, including as Head of Cabinet of Vice-President Andrus Ansip responsible for the Digital Single Market. In this capacity, he also led and coordinated the preparations and negotiations of the Cybersecurity Act.

DCMS Erika is currently Director of Cyber Security and Digital Identity at DCMS where she leads on the economic support for the cyber sector, the development of security approaches for consumer IoT, the government work on Secure Connected Places and Digital Identity in the economy

Mr Lepassaar started his career in the EU affairs with the Estonian Government Office, leading for five years the national EU coordination system as the Director for EU affairs and EU adviser of the Prime Minister.

Juliette Wilcox Cyber Security Ambassador UK Defence and Security Exports, Department for International Trade Juliette was appointed as Cyber Security Ambassador for the Department for International Trade in February 2022. From 1988-2021 she served in the FCDO in the UK and overseas, including postings to Beijing, Hong Kong and Singapore. Her senior leadership roles focused on national security and international relations, including leading cyber and science & technology development, capability and delivery.

We are delighted to welcome fantastic speakers to CYBERUK 2022. View our full speaker line up here

Security. Transformed. Trusted globally by highly-regulated and complex organisations to deliver tailored cyber security solutions that protect data, reputation and drive continuous transformation, delivering real business impact.

Cyber Security

Managed Security

Penetration Testing

The State of Cyber Security in CNI

Data Privacy

Our new research report on cyber security in critical national infrastructure

bridewell.com

See us at CYBERUK Stand A59

Stream overview CYBERUK 2022 has been designed with all delegates in mind and across all levels of expertise and experience. Each session comes with its own ‘chilli rating’ - so you can be confident it’s the right fit for your technical capability and knowledge base.

Stream A Sponsored by Resilience and tackling the threat will take you on a resilience and cyber threat journey through a series of insightful talks, exploring how the cyber community builds a more resilient UK through threat assessment, preparedness, and incident response and recovery.    Join us in Stream A sessions as we look back at cyber incidents and the lessons learnt from last year’s trends towards improving our collective security. From Secure-by-Design principles and practice to supply-chain exposure to best practice from managing incidents and building trusted communities, Government officials and industry experts will deep-dive into the cyber threat landscape and examine how we can collaborate to enhance our resilience in 2022 and beyond.

Stream C Sponsored by

Local to global leadership will examine the importance of leadership, from the local level through to the global stage, for delivering the UK’s cyber strategy objectives.    We will be exploring how the NCSC is protecting citizens and working with the UK’s devolved administrations, speaking with victims of cyber incidents about their experience, and looking at how the UK and international partners are approaching the challenges of diversity and new technologies.    International partners, Government officials and industry experts will join us in Stream C as we venture into the ever-evolving worlds of local and global cyber leadership.

Stream B Sponsored by

Technology and ecosystem will explore the NCSC’s approach to strengthening the UK’s cyber resilience through education, technology and innovation. In Stream B, we delve into how to promote cyber skills, technology and research, and examine the ways in which talented individuals can be supported to embrace an existing career in cyber security. Key industry voices, Government officials and educational leaders come together in Stream B sessions to explore how we can all work to create a world-class cyber ecosystem.

Stream D

Interactive Workshops Interactive workshops will challenge critical thinking, encourage and look with purpose at the trends impacting cyber security’s future, globally. Hear directly from the NCSC and industry sponsors on a wide range of topical issues, from the power of open intelligence sharing, to forthcoming challenges around operational technology, cyber security and digital resilience, to securing Government IT in the remote work era. With 14 varied and informative workshops to choose from, these smaller, focused sessions provide great opportunities to interact and contribute to the discussion.

Stream A programme Day 1 Resilience and tackling the threat Sponsored by

SESSION 1 14:00 – 14:40

Tuesday 10 May 2022

Don’t look back in anger Start as you mean to go on - unpacking Secure by Design principles - an opportunity to highlight benefits and debunk myths. An introduction to the SbyD concept. Focusing on the benefits of breaking out of the traditional accreditation approach and highlighting the risks where programme delivery drives out security considerations. Why designing-in is preferable to retro-fitting. Audience will have the opportunity to ask questions to a panel representing the NCSC, Cabinet Office (CDDO), MoD, Google and Microsoft. Chair: Deputy Head, Government Team NCSC

SESSION 2 14:50 – 15:30

A little less conversation, a little more action A Defence-in-Depth discussion about what tools and controls are available to enhance security posture and harden your estate. We start by looking at Solarwinds through the NCSC lens. A quick recap of what happened, what the NCSC saw and an opportunity to show how PDNS supported the investigatory elements of the response. Second half of the session is an opportunity for the panel to discuss which tools can be used to minimise the impact of significant incidents and what capability exists to monitor and investigate malicious activity. Chair: Ian McCormack, Deputy Director for Government Cyber Resilience, NCSC

SESSION 3 16:15 – 16:55

MSPs and CSPs in the supply chain Building on the principles of secure by design and cyber defence set out in the first two sessions, this session will explore the threat to Managed Service Providers (MSPs) and Cloud Service Providers (CSPs) within the supply chain. The session will explore the cyber risks that MSPs and CSPs are facing, the complexity of third-party relationships, and the work that the NCSC and DCMS are doing to address these threats. This will be brought to life in a discussion with Microsoft and DXC. Chair: Marsha Quallo-Wright, Deputy Director for Critical National Infrastructure, NCSC Speaker: Jon Rhys Evans, Global Head Cyber Defense, DXC Technology Emma Green, Deputy Director for Cyber Resilience, Department for Digital, Culture, Media and Sport Thomas Griffith, Senior Threat Intelligence Analyst, Microsoft

Stream A programme Day 2 Resilience and tackling the threat Sponsored by

SESSION 4 17:05 – 17:40

Wednesday 11 May 2022

From Mirai to Ukraine DDoS - 5 years of honeypot evolution (and many misconfigured devices) In 2016, Mirai botnets generated unprecedented DDoS attacks that caused national outages in Germany and took Liberia offline. The Shadowserver Foundation explain how they used honeypots and sinkholing to counter the threat, working with Law Enforcement to identify the operator. Subsequent technical improvements to their global honeypot sensor network have helped them to respond to major incidents such as HAFNIUM/Microsoft Exchange and Apache Log4j. With similar DDoS attacks currently targeting Ukraine, Shadowserver highlight the threat from misconfigured devices. Speaker: David Watson, Director, The Shadowserver Foundation

SESSION 5 11:40 – 12:20

Ransom here, there, ransom everyware Ransomware is exponentially growing in prevalence of attacks and public consciousness. What can we learn from last year and how do we apply that knowledge to be safer during 2022? Does the news tell the full story? Speakers from the NCSC, law enforcement, regulators and industry will reflect on what they regard as the major ransomware themes of 2021, and what this then tells us about how the threat will evolve in 2022. Chair: Head of IM Policy, International and Process, NCSC Speakers: Jen Ellis, VP, Community & Public Affairs, Rapid 7 Rajiv Gupta, Associate Head of Canadian Centre for Cyber Security, Communications Security Establishment William Lyne, National Crime Agency, Senior Manager, NCCU Intelligence Romin Patovnia, Principle Cyber Investigations Officer, ICO Don Smith, Vice President, Secure Works Andy Snowball, Head of Incident Response, BAE Systems

SESSION 6 13:50 – 14:30

I’ll be there for you – Community building Industry partners, with help from the NCSC, have improved resilience in their sectors through building communities and working together. Hear our partners from across industry talk about how they have benefited from working collaboratively via Trust Groups (Civil Engineering Architects Construction), the i100 scheme (Legal), the ICS Community (Chair) and the FSCCC (i100 lead). Chair: , Deputy Director, NCSC Economy and Society, NCSC Speakers: Kevin Jones, Group CISO, Airbus Rachel Laursen, Global Ciso – Head of Cyber, Marks and Spencer Jon Segger, Head of Information Security, Linklaters Ragna Sveinsdottir, SVP, Bank of America

SESSION 7 14:40 – 15:20

Oh that was clever, when even jaded incident handlers are impressed An overview of interesting details from cyber incidents that the NCSC has been involved in over the last 12 months. Explanation of recent incident trends that IM handlers observed through recent incidents and witty topical dispatches from the front. Technical Director for Incident Management, NCSC

Stream B programme Day 1 Technology and ecosystem Sponsored by

SESSION 1 14:00 – 14:40

Tuesday 10 May 2022

Creating a big bang: When government, education and industry collide Surprising things can happen when government, academia and industry collaborate… In this session, we will share some of the inspiring stories that have only been made possible through such partnerships. We’ll delve into the benefits of working closely together and hear real case studies from the front line as the worlds of government, education and industry collide for the benefit of all. Discussion on a more collaborative approach to cyber, nurturing the right environment and incentives for a dynamic and trusted world class cyber ecosystem. Chair: Chris Ensor, Deputy Director Cyber Growth, NCSC Speakers: Pete Burnap, Professor of Data Science and Cybersecurity, Cardiff University Nadia Kadhim, Co-founder and CEO, Naq Cyber Dr Emma Philpott MBE, CEO, IASME Ben Spring, Managing Director, Try Hackme Rich Yorke, MD (CyNam) & Chair (UKC3), CyNam & UKC3

SESSION 2 14:50 – 15:30

Big risk thinking: Hyperscale to pocket sized, these risks are everywhere Four short Big Risk Thinking talks on some of our more pervasive Cyber Security technology topics for both now and the future. We will be covering: high sensitivity data processing in Cloud environments; why we consider some devices trustable and not others; the benefits and shortcomings in Cloud native processing compared to Cloud portable techniques; and the UK’s advances, position, and direction for Cross Domain Solutions. Speakers: Senior Security Researcher, NCSC Cloud Security Researcher, NCSC Senior Platforms Researcher, NCSC Security Architect, NCSC Senior Security Researcher, NCSC TD for Architecture/Lead Architect for JCKP, NCSC

SESSION 3 16:15 – 16:55

A way to see the forest from the trees, and all the devices in between Developing a means for organisations to gain confidence that the Enterprise Connected Devices they use (or are looking to procure) are protected against common cyber security threats and risks, whilst helping manufacturers identify what security mitigations should be included in their products. Chair: Senior Platforms Researcher, NCSC Speakers: Mark Jackson, National Cybersecurity Advisor, Cisco Dr Bernard Parsons, CEO, BeCrypt Tech Director of Platforms Research, NCSC Gregory Rudy, Global VP Business Development, Ultra Simon Shiu, Global head of Security Labs, HP

SESSION 4 17:05 – 17:40

The big-risk buck stops here A panel of industry, government, and academic security leaders who work with large complex risks daily will discuss key themes from the stream. Topics will include what can make data or services be ‘too hot for the cloud’, what factors are starting to make risk decisions easier or harder, effective metrics, communicating complex technical risks to the board. Chair: Technical Director, Capabilities NCSC

Stream B programme Day 2 Technology and ecosystem Sponsored by

Wednesday 11 May 2022

SESSION 4 17:05 – 17:40

Speakers: Ahana Datta, Researcher, Financial Times, now in academia at University College Will Harvey, Head of Cybersecurity Assurance & Compliance, IAG/British Airways Christine Maxwell, Director of Cyber Defence and Risk, MOD Chris Richards, Chief Security Officer Atomic Weapons

SESSION 5 11:40 – 12:20

Digital security by design: Changing the rules against cyber attack For decades, everybody has been vulnerable due to exploitation of design errors and bugs in software. The world of cyber security has evolved around helping you know if you are being attacked, and managing the risks and response to attacks, as opposed to using technology to block vulnerabilities. Is the only solution to keep patching? Come and hear about new technology that will change everything. Speakers: Graeme Barnes, Lead ISA Architect and Fellow, Arm Ltd Prof. Madeline Carr, Professor of Global Politics and Cybersecurity, University College London Prof. John Goodacre, Director of Digital Security by Design Challenge, UKRI - Innovate UK Thomas Olsen, Co-founder and CEO, Delta Flare Head of Capability Research, NCSC

SESSION 6 11:50 – 12:30

Product assurance: The paradigm shift NCSC’s change in approach to product assurance: exploring past challenges and lessons learned, before outlining the high-level vision for a more holistic, risk-driven approach to technology assurance that seeks to enable the ambitions of the Integrated Review. This will showcase how ‘principles-based assurance’ is already enabling cyber security to be considered by more sectors. A panel will explore NCSC’s motivation for transforming assurance and its coherence with other initiatives. Chair: Chris Ensor, Deputy Director Cyber Growth, NCSC Speakers: Technical Director TAG, NCSC Isabel Forkin, Principal Consultant, BSI Digital Trust Henry Harrison, Co-Founder and Chief Scientist, Garrison Technology

SESSION 7 14:40 – 15:20

Cyber education turning mirrors into windows Developing a Cyber Education ecosystem. A thought-provoking discussion covering the ‘early years’ of student cyber skills development. Hear how CyberFirst activities, the increasing number of ACE-CSE and CyberFirst schools, and a tailored localised approach to delivery are helping to build a regional education ecosystem, which supports students’ progression into cyber related degrees, innovative start-ups and careers. Chair: Chris Ensor, Deputy Director Cyber Growth, NCSC Speakers: Leanne Davies, Education and Training Cluster Manager, Gower College Swansea and Cyber Wales Clare Johnson, Partnerships and Outreach Manager, University of South Wales Orit Tatarsky, Director Cyber Skills and Growth Centre, INCD James Whitaker, Security Engineer, The Royal Mint Jane Wright, Cyber & Communications Graduate, QinetiQ CyberFirst Lead, NCSC

Stream C programme Day 1 Local to global leadership Sponsored by

SESSION 1 14:00 – 14:40

Tuesday 10 May 2022 Securing UK citizens online: Protecting the public at scale Come inside a visualisation of a typical UK home to see how the NCSC’s mission of ‘making the UK the safest place to live and work online’ is delivering cyber security with wide societal impact. The NCSC will showcase how it worked in partnership with industry to prevent vast numbers of attacks from reaching the public, helped secure their accounts and devices by default, and empowered them to take action to improve their online security. The session will also highlight how the NCSC and industry partners are going to accelerate this mission over the next few years. Speakers: Andrew Laughlin, Principal Researcher, Which? Sarah Lyons, Deputy Director, Economy and Society Resilience, NCSC Citizen Resilience Team Lead, NCSC Brian Webb, Chief Security Officer, Consumer, BT

SESSION 2 14:50 – 15:30

When the worst happens: First-hand experiences of the “big” incident from victim organisations and reflections on what incident management tips they have learned First hand account of how organisations responded to a catastrophic cyber incident. Humanizing the experience of victims during major incidents. This will include a journey. 1) How they discovered the incident? 2) What were their first steps? 3) How did they handle the non-technical elements of the incident? (comms, media, shareholders, government) 4) How did they resolve the incident? 5) How did they ensure their team were able to keep up with the crisis tempo over a sustained period? 6) What would they do the same and what would they do differently? 7) One piece of advice for everyone in the room if they were in the same situation, what would it be? Chair: Head of Incident Management, NCSC

SESSION 3 16:15 – 16:55

From global threat to local action Threat intelligence can often sound terrifying and make the prospect of cyber security in the face of sophisticated threat actors seem unachievable for all but the biggest governments and companies. But it’s critical that every company in a supply chain – no matter how big or small – is able to understand the threat to their business and adapt their security accordingly. Mandiant will bring this topic to life, talking about their support to C-suite executives, and how to ensure companies can support firms in their supply chain in the face of the current threat picture. Speaker: Shanyn Ronis, Senior Manager, Mandiant

SESSION 4 17:05 – 17:40

Walk the walk: The Government Cyber Security Strategy The National Cyber Strategy set out the UK top level approach with a significant focus on resilience Hear about how, with the Government Cyber Security Strategy, we are enhancing cyber resilience in the Public Sector. Cabinet Office will explain how government resilience is being developed, and from Wales, Scotland, and Northern Ireland on how they are building resilience in the devolved nations. We’ll also demonstrate how we’re collectively ensuring a common and aligned approach between the four countries. Chair: Ian McCormack, Deputy Director for Government Cyber Resilience, NCSC Speakers: Martin Bowyer, Deputy Director Central Digital & Data Office, Cabinet Office Pete Cooper, Deputy Director Government Security Group, Cabinet Office Iggy O’Doherty, Director of Digital Shared Services, Northern Ireland Keith McDevitt, Cyber Resilience Integrator, Scottish Government, Julie Spargo, Head of Cyber Resilience, Welsh Government

Stream C programme Day 2 Local to global leadership Sponsored by

SESSION 5 11:40 – 12:20

Wednesday 11 May 2022 Is crypto growing up? International perspectives on implementing a Central Bank Digital Currency Central Bank Digital Currencies (CBDCs) are going to be increasingly important - and so will the crypt that secures them. This panel will discuss how the UK and some key partners are approaching the challenges of designing, implementing and maintaining a CBDC, as well as the need for international cooperation. Chair: Karen Danesi, Deputy Director for Capability, NCSC Speaker: DRobert Joyce, Director, Cybersecurity Directorate, National Security Agency Head of Cryptography Research, NCSC Danny Russell, Principal Architect CBDC, Bank of England

SESSION 6 13:50 – 14:30

Building the diverse cyber workforce of tomorrow “With the right mix of minds, anything is possible”: building the right cybersecurity workforce is a challenge for governments and the private sector alike. This panel will discuss international approaches to the diversity and inclusion challenges of recruiting and retaining a workforce with the right set of skills to tackle the biggest challenges in cyber. Chair: Charlotte Goldberg, Head of Legal, NCSC Speakers: Ann Dunkin, Chief Information Officer, US Department of Energy Simon Hepburn, CEO, UK Cyber Security Council Dr. Claudia Natanson, Chair Board of Trustees, UK Cyber Security Council Marysol McPherson, Director Future Programmes, Canadian Centre for Cyber Security Nicola Whiting, Co-owner, Titania Group, CISA UK Attaché, CISA

SESSION 7 14:40 – 15:20

Cyber power The 2021 National Cyber Strategy affirmed ‘Cyber power’ as a framing concept for the UK’s global role in the cyber landscape. What does UK ‘Cyber power’ constitute? And can it be conducted in a responsible and democratic way on the global stage? This panel unpicks the concept of UK ‘Cyber power’, exploring its different facets, key players involved, and what it means for the UK’s interests in cyberspace. Chair: Eleanor Fairford, Deputy Director Incident Management, NCSC Speakers: Dr. Mary Haigh, CISO, BAE Systems Kathryn Jones, Head of International Cyber Governance, FCDO Beth Sizeland, Deputy National Security Adviser, Cabinet Office Julia Voo, Cyber Fellow, Harvard Belfer Center

Stream D programme Day 1 Interactive workshops Tuesday 10 May 2022 WORKSHOP 1A 14:00 – 14:40

Leonardo: Approaches to address critical threats to operational technology systems Led by Leonardo, this workshop will deliver an interactive panel session with contributions from recognised experts and active Q&A engagement with the audience. Due to the dynamic and rapidly evolving use of Operational Technology (OT) in the Critical National Infrastructure (CNI), we believe that delegates will benefit from a structured and informed debate from Leonardo subject matter experts and other distinguished personnel from within our network in the UK infrastructure industries. The objective is to discuss current and emerging threats and how innovative approaches to cyber security can address the current and forthcoming challenges around OT digital resilience within the context of UK CNI, and in support of building a secure foundation for the UK. Key topics will include: (1) Evolving and emerging threats faced by UK CNI to their OT estate and the actions and approaches organisations can take to manage risk (2) Challenges and opportunity in communicating and quantifying OT risks to the wider business (3) How emerging technologies such as 5G networking, zero trust architectures and Cloud bases, SaaS platforms will affect the evolving landscape (4) How the UK OT cyber community can develop and ensure resilience of the UK’s essential services and work collaboratively as an industry for mutual benefit. Speakers: Scott Bartlett, Head of Cyber Consulting, Leonardo Robin George, Managing Consultant, Leonardo Dr Max Wigley, VP Capability & CTO, Leonardo

WORKSHOP 1B 14:00 – 14:40

Why deny 1 in 5? Learn about digital inclusion and why you could be excluding 20% of your audience. We’ll demo common accessibility issues found in both web pages and documents covering a range of impairments. We’ll collectively start an exercise where you can have a go at finding some accessibility issues. Speaker: Accessibility Leads, GCHQ

WORKSHOP 2A 14:50 – 15:30

Cyber security’s role in creating a sustainable future The sustainable world of the future will depend on Internet-enabled technologies and more efficient use of finite sources of energy and materials. This workshop therefore aims to capture your best ideas for how the Cyber Security industry can support sustainability and reduce its own negative environmental impacts. The NCSC hopes this will allow the industry to define and mature its contribution to this vital topic. Speaker: Deputy Director for Critical National Infrastructure, NCSC

WORKSHOP 2B 14:50 – 15:50

Cyber Den, hosted by DCMS (part 1) The Cyber Den is a competition based on the popular TV show Dragon’s Den in which cyber security professionals are given the opportunity to pitch their ideas to a panel of industry specialists. Previous winners have included Risk Ledger and Awen Collective. There will be 5 out of 10 SME pitchers from the Innovation zone. Moderator: Erika Lewis, Director, Cyber Security and Digital Identity, DCMS Judges: Holly Ellis, Senior Leader Solution Architecture, Public Sector, EMEA, AWS Karen Danesi, Deputy Director Capability, NCSC, Michala Hart, Director, Security Sales, UK & Enterprise, BT Dr Ian Levy, Technical Director, NCSC, Deputy Director NCSC Capability, NCSC

WORKSHOP 3A 16:15 – 16:55

Sophos: The state of ransomware 2021 - What can we learn from last year and how do we apply that knowledge to be safer in 2022? Stories of organizations crippled by ransomware regularly dominate the IT news headlines, and accounts of six- and seven-figure ransom demands are commonplace. But do the news stories tell the full story? To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. It reveals the percentage of attacks that successfully encrypt data; how many victims pay the ransom; how paying the ransom impacts the overall clean-up costs; and the role of cybersecurity insurance. Be prepared to be surprised. Speaker Jonathan Hope, Senior Technology Evangelist, Sophos

WORKSHOP 4A 17:05 – 17:45

Proofpoint: Systemic risk - Your part in the downfall of society Technology is a growing part of modern life, and society is now almost wholly reliant upon its reliable operation to enable commonplace activities such as communications, travel, retail and transport. This workshop session will discuss the delicate nature of society, and its cyber dependencies. It will ask participants to examine their own organisations and how they may both suffer from, and, more importantly, contribute to that fragility. We will then work backwards to discuss what can be done to increase organisational resilience, and how the impactful events can be avoided in the first place. This is likely to reveal an urgent need for CISOs to rebalance their focus and their budgets to tackle the real threat, which is hidden in plain sight. Speaker Andrew Rose, Resideny CISO, Proofpoint Inc

WORKSHOP 4B 17:05 – 17:45

Cyber Essentials This year we introduced the biggest update of the Cyber Essentials technical controls since its launch 8 years ago. The update includes revisions to the use of cloud services, as well as home working, multi-factor authentication, password management, security updates and more. This deep dive will examine the technical impact of these changes, focussing on detailed case studies, featuring real technical questions received since January’s update. Chair: Head of Commercial Assured Professional Services, NCSC Speakers: Tim Charrot, CTO, IASME Consortium Ltd, Neil Furminger, Certification Technical Lead, IASME

Stream D programme Day 2 Interactive workshops Wednesday 11 May 2022 WORKSHOP 5A 11:40 – 12:20

WORKSHOP 5B 11:40 – 12:20

PA Consulting: Innovative thinking - Ways to accelerate cyber transformation Are you struggling to get traction for your cyber security transformation? Are you worried about delivering the UK Government Cyber Security Strategy in time? Is your team struggling to manage the ever growing cyber security workload? Do you need to accelerate your cyber transformation programme? Come and play a game with us where we will challenge your thinking, open up new options for you and your team and help you build relationships with your peers across organisations. We want to help you accelerate the delivery of cyber transformation across your organisation. Breaking it out of the cyber security silo and engaging across departments, across government and with the whole of society. Our experts have been delivering cyber transformation across industry sectors for years and now we want to pass our learnings and experience onto you. The clock is ticking so let’s get started! Speakers: Chris Goslin, Managing Consultant, PA Consulting, Laura Marsden, Partner, PA Consulting, Fraser Nicol, Partner, PA Consulting, Cate Pye, Partner, PA Consulting Bridewell Consulting: Helping Operators of Critical Infrastructure Transform Cyber Resilience through Cyber Threat Intelligence Operators of Critical National Infrastructure are subject to the Network and Information Systems Regulations, and the NCSC CAF helps these operators assess and improve their cyber resilience. But did you realise that Cyber Threat Intelligence can be used to support all four areas of the framework? In this session, Bridewell will share their 2022 CNI research and years of experience working with operators to transform their cyber resilience strategies in support of the NIS regulations, on what good intelligence looks like, how it can be applied, and importantly, how, and what to share across peers and your supply chain, to better protect our infrastructure and society. Speaker: Martin Riley, Director of Managed Security Services, Bridewell

WORKSHOP B 12:30 – 13:30

Cyber Den, hosted by DCMS (part 2) Part 2 - The Cyber Den is a competition based on the popular TV show Dragon’s Den in which cyber security professionals are given the opportunity to pitch their ideas to a panel of industry specialists. Previous winners have included Risk Ledger and Awen Collective. There will be 5 out of 10 SME pitchers from the Innovation zone. Lunch will be provided Moderator: Erika Lewis, Director, Cyber Security and Digital Identity, DCMS Judges: Holly Ellis, Senior Leader Solution Architecture, Public Sector, EMEA, AWS, Michala Hart, Director, Security Sales, UK & Enterprise, BT, Dr Ian Levy, Technical Director, NCSC, Deputy Director NCSC Capability, NCSC

WORKSHOP 6A 13:50 – 14:30

SonicWall: Ransomwares savage reign - Building defence and resiliency across hybrid environment In 2021 SonicWall recorded significant increases in ransomware at a domestic and global level, attack volume rose 105% to a staggering 623.3 million. This represented an average of 2,170 ransomware attempts per customer, and nearly 20 ransomware attempts every second. Ransomware is on an unimaginable upward trend, posing a major risk to organisations and society as we adapt to new hybrid working models. How can we, as an industry and as a society build defence and resiliency to address this exponential growth? Join this workshop for: • An overview of the current threat landscape. • An in-depth analysis of the latest ransomware trends. • A visual and interactive simulation of how ransomware attacks operate today at home and in the office. • The defence in depth strategies organisations must adopt to build resiliency for a hybrid workforce. While cybercriminals continue to evolve, motivated by financial gain, we too must continue to work collaboratively, and collectively strategize and innovate to keep society safe from attack. Speakers: Stan Davidson, Presales Solutions Architect Leader, EMEA, SonicWall, SonicWall, James Musk, Sales Director, UK Public Sector & System Integrators, SonicWall Communications crisis – How our Critical National Infrastructure can be better protected from cyber attacks with a cup of tea and a Welsh cake Speakers: John Davies, Chairman, Cyber Wales. Marie Caruso, Sales and Marketing Manager, Arcanum Information Security Ltd and OT Cluster Cyber Wales Manager. Jules Farrow, Chief Technology Officer, Awen Collective Ltd and OT Cluster Cyber Wales Manage. Hackerone: Understanding your attack surface through vulnerability disclosure A VDP is a strong first step to addressing your cyber risk. Digital transformation, mergers, and cloud misconfigurations can lead to digital assets being placed outside of your security team’s scope. With a VDP in place, your organization can better demonstrate your commitment to security and gain greater visibility into all your organizational assets, creating more awareness of where you are most prone to vulnerabilities. Attend this workshop led by HackerOne to learn why your organization needs a VDP, how easy it is to start one, and what you can expect once your VDP is in place. Speaker: Laurie Mercer, Sr Manager, Sales Engineering, EMEA, HackerOne

WORKSHOP 6B 13:50 – 14:30

WORKSHOP 7A 14:40 – 15:20

WORKSHOP 7B 11:40 – 12:20

Security is no excuse for poor performance - Welcome to the world’s most highly assured operating system Major tech companies want to increase assurance across the whole stack and are starting to take advantage of “provable security” and automated verification tools. In this session, we’ll briefly explore what the NCSC is doing to gain assurance for our most critical systems, before introducing the world’s most highly assured operating system. seL4 is the world’s first operating system (OS) kernel with strong — mathematical — proofs of implementation correctness and security. Its authors believe it’s the OS with the most comprehensive assurance story, and at the same time the benchmark for performance. In this session we will provide an overview of what seL4 is and explain the meaning of its automated verification, and then discuss how seL4 can be used to protect securityand safety-critical systems. 53 Speakers: Professor. Gernot Heiser, Professor, UNSW Sydney and seL4 Foundation Verification Research Lead, NCSC

Chilli ratings

TUESDAY 10 MAY 14:00 – 14:40

Don’t look back in anger

14:00 – 14:40

Creating a big bang: When government, education & industry collide

14:00 – 14:40

Securing UK citizens online: Protecting the public at scale

14:00 – 14:40

Why deny 1 in 5?

14:40 – 1530

When the worst happens: First-hand experiences of the ‘big’ incident from victim organisations and reflections on what incident management tips they have learned on

14:40 – 1530

Cyber security’s role in creating a sustainable future

14:40 – 15:50

Cyber Den hosted by DCMS

16:15 – 16:55

From global threat to local action

16:15 – 16:55

Sophos: The state of ransomware in 2021. What can we learn from last year and how do we apply that knowledge to be safer in 2022

17:05 – 17:45

Walk the walk: The Government Cyber Security Strategy WEDNESDAY 11 MAY

11:40 – 12:20

Ransom here, ransom there, ransom everyware

11:40 – 12:20

Digital security by design: Changing the rules against cyber attacks

13:50 – 14:30

I’ll be there – Community building

13:50 – 14:30

Building the diverse cyber workforce of tomorrow

13:50 – 14:30

Communications crisis – How our Critical National Infrastructure can be better protected from cyber-attacks with a cup of tea and a Welsh cake

14:40 – 15:20

Cyber education turning mirrors into mirrors

14:40 – 15:20

Cyber power

14:40 – 15:20

Understanding your attack surface through vulnerability disclosure

WEDNESDAY 11 MAY 14:40 – 15:20

Oh that was clever, when even jaded incident handlers are impressed

TUESDAY 10 MAY 14:00 – 14:40

Leonardo: Approaches to address critical threats to operational technology systems

14:40 – 15:30

A little less conversation, a little more action

14:40 – 15:30

Big risk thinking: Hyperscale to pocket sized, these risks are everywhere

16:15 – 16:55:

MSPs and CSPs in the supply chain

16:15 – 16:55

A way to see the forest from the trees, and all the devices in between

17:05 – 17:45

From Mirai to Ukraine DDoS: 5 years of honeypot evolution (and many misconfigured devices)

17:05 – 17:45

The big-risk buck stops here

17:05 – 17:45

Proofpoint: Systemic risk – Your part in the downfall of society

17:05 – 17:45

Cyber Essentials WEDNESDAY 11 MAY

11:40 – 12:20

Is Crypto growing up? International perspectives on implementing a Central Bank Digital Currency

11:40 – 12:20

PA Consulting: Innovative thinking – Ways to accelerate cyber transformation

11:40 – 12:20

Bridewell Consulting: Helping operators of critical infrastructure transform cyber

13:50 – 14:30

Product assurance: The paradigm shift

13:50 – 14:30

SonicWall: Ransomware savage reign – Building defence and resiliency across hybrid environment

14:40 – 15:20

Security is no excuse for poor performance: Welcome to the world’s most highly assured operating system TUESDAY 10 MAY

09:45 – 11:00

Protecting the keys to the kingdom: Adopting an effective privileged access strategy

11:45 – 12:30

What do attackers do when they get in? WEDNESDAY 11 MAY

09:00 – 10:10

When a vulnerability comes knocking at your door

10:40 – 11:30

What’s common about the majority of all breaches? Malware.

Cyber transformation Unlocking growth through digital trust Connect with us to learn more: www.paconsulting.com/cybertransformation

WHEN CYBER THREATS ARE LIMITLESS, YOUR DEFENCES MUST BE BOUNDLESS SonicWall secures and mobilises government organisations for the way we work today. Discover boundless cybersecurity at www.sonicwall.com.

VISIT US AT STAND A58

Delivering Cyber Resilience to your Operational Environments Leonardo is proud to exhibit at CyberUK 2022. Please come and join our workshop session ‘Approaches to address critical threats to Operational Technology systems’ on Tuesday 10 May, 14:00-14:40, Meeting Room 3. uk.leonardo.com

Securing You Operational Environments Advert v2.indd 1

Managed & co-managed cybersecurity services for the public & private sectors

Delivered from ‘Floodlight’, our UK sovereign SOC, our catalogue of services are underpinned by Cortex, the industry leading technology from Palo Alto Networks and covers the full security lifecycle from planning and preparation, right through to fully Managed Detection and Response. Visit us on Stand B9 to browse our full catalogue and learn how you can become more cyber resilient.

11/04/2022 15:44:27

Exhibition map Ma A3 A11

Catering

A12

Juice Bar

A13 A14 A15

A16

A21 A22 A23 A24 A25

A A

A10

A17

A18 A19 A20

A26 A27 A28 A29 A30

A 36

7 C

NCSC stand 60

Seating

2 D

C10

in Se

5 C

C11 C12

1 D

68 A

Seating

A48 A49 A50 A51 A52

A53 A54 A55 A56 A57

A63 A64 A66

Welsh Pavilion

Charge Station Main entrance

To all other areas

Seating

A31 A32 A33 Seating

A44 A45

A46 A47

To all other areas

Lead sponsors

ap O’r Arddangosfa Key Catering

Innovation Zone (IZE)

Catering

C7 C5 A68 B8 A5 C15 A50 A43 A54 D1 A49 A28 C22 A55 A35 A59 D2 A45 A7 IZE1 A41 A67 A19 A63 B3 A69 A48 C3 IZE2 B1 A24 A56 C2 A72 A40 IZE A11 A25 A71 A46

(ISC)2 2T Security AdaCore Airbus Akamai Amiosec Arculus Armour Communications Attivo Networks AWS BAE Systems Barrier Networks Becrypt Ltd BlackBerry BlueVoyant UK Bridewell Consulting BT C-STEM CACI CAPSLOCK CDS Defence & Security Census Labs UK Charity Digital Check Point Software Technologies Cisco Claroty UK Clearswift, A HelpSystems Company CREST Crossword Cyber Security CrowdStrike Cryptify CyberArk Software UK Cyberfort Group CyberWales Darktrace DCMS Domain Tools Dragos e2e-assure EclecticIQ

C1 A2 B7 IZE4 C12 A14 C11 A21 C14 B2 A1 C8 A37 A31 IZE5 A13 IZE14 A23 IZE6 A10 A47 B6 A12 A39 C13 C21 A62 IZE7 IZE8 C18 A44 C19 A38 IZE9 B5 B9 A64 A53 A22 C6

Egress Software Technologies Elasticsearch ESET UK Exalens Fortinet Frazer-Nash Consultancy FTI Consulting Galaxkey Garrison Technology Greater Manchester Combined Authority HackerOne HP iBoss Network Security Immersive Labs Indelible Data Innovate UK Inzpire IOETEC IronNet Isograph Jacobs Juniper Networks UK Keysight Technologies L3Harris Technologies Leidos Leonardo Licel Corporation Majenta Solutions Mandiant Methods Microsoft Mimecast Services NAQCYBER NCC Group Net Consulting NETSCOUT Netskope Nine23 Nominet

A6 A60 C16 A66 A57

Osirium PA Consulting Palo Alto Networks Pervade Software The PETRAS National Centre of Excellence for IoT Systems Cybersecurity (UCL)

IZE13 Plexal A29 Prism Infosec A26 Proofpoint A34 QA C4 QinetiQ A16 Radware A61 Raytheon IZE3 RKVST C20 Roke A51 SANS Institute A20 Searchlight Security IZE10 Secure Impact C10 Secure Systems and Technologies Secureworks Europe B4 Security and Awareness Centre A9 of Excellence (SEACoE) A17 A8 A33 A15 IZE11 A58 A32 A27 A36 A70 C9 A52 A18 A30 C17 A3 IZE12

Semperis SGIS Siemens Six Degrees SKALES SonicWall Sophos Stable Resources Talanos Cybersecurity Telesoft Technologies Tenable Trellix UKC3 UKCloud Ultra Varonis Wolfberry Public

Venue map M 1st Floor - Balcony Small Business Hub and Government Partner Stands evel 1 - balcony

2nd Floor

F1 F21 A

E1 Key

E21 A

E4 E6 F1

Government Partner Stands

E9 F3

E6 E7

Main Staircase

Small Business Hub

E10 F4 E5 E8 F5 E3 E13 F6 E1 E7 E2

E1 0 E1 1

1st Floor

E1 2 E1

Key E4 E6 F1 E12 E9 F3 E11 F2 E10 F4 E5 E8 F5 E3 E13 F6 E1 E7 E2

Entrance Atrium

6point6 Arctic Security Ltd National Cyber Force CyberHive, 100 Percent IT Cyber Security Jobsite

3b 2 4 5

7 9 10

Defence, Security and Cyber Resilience, Scottish Government Esperienza Learning My Mantra Nexor Nova Blue Technologies NPCC National Cybercrime Programme who lead on the Cyber Resilience Centre programme Pentest People Plan B Training Royal Air Force Surevine Templar Executives Think Cyber Security Ltd

Ground Floor

17 16 15

Lead sponsors

Map o’r Lleoliad 2nd Floor 1.

Meeting Hub Lift & Stairs

1st Floor 2. Prayer Room 3a. Workshops 3b. Workshops and Cyber Den§ 4. Speaker Preview Room 5. Quiet Zone 6. International Delegate Lounge 7. Stream B 8. Small Business Hub 9. Plenary 10. Breakout Area 11. Government Partner Stands 12. Cyber Games 13. Technical Masterclasses / Stream A 14. Cyber Ecosystem Lift & Stairs Barista Bar Escalator Toilets

13 8

Ground Floor 18

20 19

15. 16. 17. 18. 19. 20. 21.

Quiet Zone Media Room Plenary / Stream C Information Desk Spotlight Stage / Live Streaming CYBERUK TV Exhibition Hall Toilets Lift & Stairs Escalator

Sponsor profiles Lead Sponsor

Lead Sponsor

Stand D1 Amazon Web Services

Stand D2 BT

Using aws.amazon.com/security our customers will gain the control and confidence they need to securely run their organisations with the most flexible and secure cloud computing environment available today. AWS customers benefit from AWS data centres and a network architected to protect their information, identities, applications, and devices. With AWS, our customers can improve their ability to meet core security and compliance requirements, such as data locality, protection, and confidentiality with the comprehensive services and features that AWS offers.

BT is one of the world’s leading communications companies, with a fundamental mission to connect for good. As technology rapidly changes our world, the connections we provide and secure have become more important than ever, and sit at the heart of solving society’s biggest challenges.

Our customers inherit the latest security controls operated by AWS, strengthening their own compliance and certification programs, while also receiving access to tools they can use to reduce their cost and time to run their own specific security assurance requirements. AWS regularly achieves third-party validation for thousands of global compliance requirements that AWS continually monitors to help customers meet security and compliance standards for finance, retail, healthcare, government, and beyond. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.

As a global leader of managed security services, we help customers thrive in a digital world by delivering world-class security solutions. With operations in over 180 countries and a team of 3000 security experts around the globe, BT supports some of the world’s largest companies, nation states and critical national infrastructures. We protect our networks against around 6500 cyber-attacks every day, and this deep expertise combined with our global reach gives us a unique perspective on the cyber landscape. We’re constantly analysing, predicting and responding to the latest threats, and we leverage the latest developments in technology and innovation to protect the UK’s infrastructure, business and citizens. We believe that security will be the foundation for unlocking the UK’s digital prosperity. Ensuring that all areas of society know how to think and act securely is critical – which is why we’re committed to working collaboratively across the public and private sector to build greater cyber skills and understanding. By doing so, we can build the UK’s collective resilience, and help deliver a brighter, more sustainable future.

Sponsor profiles Technical Masterclass Sponsor

Networking Sponsor

Stand B5 NCC Group

Stand B4 Secureworks

NCC Group exists to make the world safer and more secure. As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis™, a cloud-native security operations and analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions. To learn more, visit: Taegis XDR, Cloud-Based Security for Extended Detection and Response | Secureworks.

We’re well placed to help you make the most of emerging technologies, working with you every step of the way so you can innovate and connect with confidence. With 3,400 dedicated cyber security research days each year and our vast global threat intel, we help ou defend against ever advancing threats and attacker techniques.

Connect with Secureworks via Twitter, LinkedIn and read the Secureworks Blog.

Our experience in public sector cyber security and technical input into government policy is helping to secure UK society and organisations from global cyber threats. To learn more about NCC Group, please visit our team on stand B5 or attend one of our four Technical Masterclasses.

Sponsor profiles Stream A sponsor

Stream B sponsor

Stand C19 Microsoft

Stand C17 Ultra

Microsoft’s mission is to empower every person and every organisation on the planet to achieve more. We have been in the UK for over 35 years, employ over 4500 people and work with more than 21,000 partners across the country. 2020 forced many organisations to accelerate their digital transformation efforts to support an overnight transition to remote work and respond to rapidly shifting customer expectations. Moving forward, hybrid working is here to stay. With the digital estate continuing to expand, traditional perimeter-based security models and portfolios of siloed point solutions simply can’t keep up with the sophistication of today’s threats. Microsoft supports customers with industry-leading, end-to-end security solutions that integrate across your ecosystem, cutting through the complexity and enabling your team to focus on what matters with speed and accuracy.

Ultra are a premiere provider of sovereign cryptographic security solutions for the U.K. Ministry of Defence. Our cryptographic offerings possess the highest certifications, while addressing modularity, multi-purpose use, legacy support, field re-programmability and ruggedisation for deployment in the toughest of military environments.

Stream C sponsor

Stand C18 Mandiant Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Ultra also develop solutions for the management and distribution of highly secure cryptographic key material. Ultra’s comprehensive key lifecycle management solutions provide the highest level of certified protection, including key-generation, storage, audit, distribution and destruction of keys and digital trust assets. Whether you are running mission-critical military operations or enterprise-grade communications, Ultra supports your team with expert cybersecurity solutions, services, and expertise to meet the most daunting cyber threats to critical missions.

Sponsor profiles Leaders’ networking dinner sponsor

Live stream broadcast sponsor

Stand C16 Palo Alto Networks

Stand A61 Raytheon

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

With facilities in Broughton, Waddington, Glenrothes, Harlow, Gloucester and Manchester, Raytheon UK is invested in the British workforce and the development of UK technology. Across the country the company employs 1,700 people. As a prime contractor and major supplier to the U.K. Ministry of Defence, Raytheon UK continues to invest in research and development, supporting innovation and technological advances across the country. Raytheon UK is a landed company, part of the Raytheon Technologies organisation and sits within the Raytheon Intelligence & Space business.

Cyber Ecosystem sponsor

Stand Cyber Ecosystem Deloitte Deloitte Cyber. Cyber everywhere. Go anywhere. In an increasingly digital world, cyber brings new opportunities and threats. Deloitte Cyber empowers confidence, so you can thrive whilst addressing those threats to build smarter, faster, more connected futures. Using human insight, technological innovation, and comprehensive solutions, we manage cyber everywhere so society—and your organisation—can go anywhere. With a team of over 450 professionals in the UK, with breadth and depth of expertise, Deloitte Cyber advise, manage and deliver across 3 pillars of strategy, transformation and enterprise recovery.

Sponsor profiles Workshop sponsors:

Stand A59 Bridewell

Stand A62 Leonardo

Trusted by the highest regulated organisations to deliver tailored cyber security solutions that drive continuous transformation, protect data, and deliver real business impact.

Leonardo is a global aerospace, defence and security specialist and from our Cyber & Security Division we are a trusted security partner to the Defence, UK Government and Critical National Infrastructure sectors. Our Cyber Advantage product family enables organisations to take advantage of digital tools and technologies without exposing them to unacceptable cyber risk. As a NCSC certified consultancy in security risk management, and a recognised specialist in operational technology security, we support our customers deliver Cyber Resilience to their critical business outcomes. From our Security Operations Product team, we ensure the security of critical systems and services at all Classifications

From cyber security to penetration testing, fully managed security services and data privacy, Bridewell’s national award-winning team are trusted to deliver with guaranteed outcomes, anchored to the strategic needs of your business. It’s not about adding more controls but identifying and implementing the right ones to mitigate increasingly intelligent threats and improve cyber resilience. We deliver solutions that build trust, enabling you to keep critical services running and ultimately drive transformation in today’s everchanging digital economy. Trusted by the highest regulated organisations to deliver tailored cyber security solutions that drive continuous transformation, protect data, and deliver real business impact.

Stand A01 HackerOne

Stand A26 Proofpoint

HackerOne empowers the world to build a safer internet by giving organizations access to the largest, global community of highly skilled ethical hackers. Armed with an extensive database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.

Proofpoint is a leading cybersecurity company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloudbased solutions, we help companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including more than half of the Fortune 1000, rely on us for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.

Sponsor profiles

Stand A60 PA Consulting

Stand A58 SonicWall

We believe in the power of ingenuity to build a positive human future in a technology-driven world. As strategies, technologies and innovation collide, we create opportunity from complexity. Our diverse teams of experts combine innovative thinking and breakthrough use of technologies to progress further, faster. Our clients adapt and transform, and together we achieve enduring results. An innovation and transformation consultancy, we are 3,300 specialists in consumer and manufacturing, defence and security, energy and utilities, financial services, government and public services, health and life sciences, and transport. Our people are strategists, innovators, designers, consultants, digital experts, scientists, engineers and technologists. We operate globally from offices across the UK, US, Netherlands and Nordics.

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing realtime visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for governments, enterprises and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

A32 Sophos Sophos makes IT security simple with next-generation solutions that protect networks, servers, and devices, wherever they are. Today, more than 100 million users in 150 countries and a global network of channel partners trust Sophos to deliver simple solutions to complex security challenges. Focused on innovation and backed by a global network of SophosLabs threat intelligence centers and industry-leading support, Sophos delivers solutions that are simple to deploy, maintain, and manage, enabling organizations to focus on performance and growth. Sophos — Security made simple.Our friendly and approachable sense of self allows us to relate to our customers on a very real and honest level. Even though our products represent serious technology that solves serious business issues, we strive to empower our partners and customers with innovative, powerful, and simple-to-use security products. We work hard to develop authentic partnerships and have fun celebrating the unique challenges faced by the IT hero.

Sponsor profiles SME Innovation Zone sponsor

Meeting Hub sponsor

Stand IZE DCMS

Stand A33 Siemens

The Department for Digital, Culture, Media & Sport (DCMS) helps to drive growth, enrich lives and promote Britain abroad.

Siemens is a technology company focused on industry, infrastructure, transport, and healthcare. From more resource-efficient factories, resilient supply chains, and smarter buildings and grids, to cleaner and more comfortable transportation as well as advanced healthcare, the company creates technology with purpose adding real value for customers.

DCMS’s cyber security team delivers the government’s objectives to make the UK one of the safest countries to live and work online. We work to foster the growth of a sustainable, innovative and internationally competitive cyber and information security sector; enhance and expand the nation’s cyber skills and strengthen organisation’s resilience so they can respond to and recover from cyber attacks faster and more effectively.

By combining the real and the digital worlds, Siemens empowers its customers to transform their industries and markets, helping them to transform the everyday for billions of people. Through its unique and multifaceted know-how as well as comprehensive technology solutions for cybersecurity, Siemens is a reliable and preferred partner for customers who strive for the highest standards of cybersecurity – from factories to power grids.

Bursary sponsor

STABL

Bursary sponsor

PEOPLE. TECHNOLOGY. SOLUTIONS.

Stand A27 Stable Resources

Stand A38 Mimecast

Stable are Microsoft Gold partners at the forefront of the Microsoft 365 Security and Compliance space. We provide a unique blend of People, Solutions and Learning to help businesses enhance their ways of working while strengthening their Cyber Defence and Incident Response capability.

Mimecast was established in 2003 with a focus on delivering relentless protection. Each day, we take on cyber disruption for our tens of thousands of customers around the globe; always putting them first and tackling their biggest security challenges together. We are the company that built an intentional and scalable design ideology that solves the number one cyberattack vector – email. We continuously invest to thoughtfully integrate brand protection, security awareness training, web security, compliance and other essential capabilities. Mimecast is here to help protect large and small organizations from malicious activity, human error and technology failure.

We recognise that taking a business on the Cloud Transformation journey is far more than simply a technical challenge - it’s an intensely human one too. Our highly skilled team of Adoption and Change Practitioners, Solutions Architects, together with our network of trusted consultants, build close and lasting relationships with our clients – our experience is your security.

Sponsor profiles Cyber Games sponsor

Schools Outreach sponsor

Stand A25 Dragos

Thales

Dragos has a global mission: to safeguard civilization from those trying to disrupt the industrial infrastructure we depend on every day. The practitioners who founded Dragos were drawn to this mission through decades of government and private sector experience. Dragos codifies the knowledge of our cybersecurity experts into an integrated software platform that provides customers critical visibility into ICS and OT networks so that threats are identified and can be addressed before they become significant events. Our solutions protect organizations across a range of industries including electric, oil and gas, manufacturing, and mining, and protect mission critical networks including ICS/OT and emerging applications such as the Industrial Internet of Things (IIOT). Dragos is privately held and headquartered in the Washington, DC area with a regional presence around the world, including Canada, Australia, New Zealand, Europe, and the Middle East.

Shuttle Bus sponsor

Stand A52 Trellix Trellix was formed through the merge of two industry leaders, McAfee Enterprise and FireEye, bringing together technology and expertise to deliver a new standard in cybersecurity. Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through data science and automation to empower over 40,000 business and government customers.

Thales is a global technology leader in the Aerospace, Transportation and Defence & Security markets. In 2020, the company generated sales of €17 billion with 81,000 employees in 68 countries. With its 30,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, working with customers and local partners around the world. Thales in the UK is a team of over 7,000 experts, including 4,500 highly skilled engineers, located across 9 key sites.

Lanyard sponsor

Stand B01 Crowdstrike CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and worldclass AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweightagent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate timeto-value. CrowdStrike: We stop breaches.

Sponsor profiles On Demand sponsor

Google Google Cloud accelerates every organization’s ability to digitally transform their business. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Water Bottle sponsor

Welsh Pavilion sponsor

Stand A31 Immersive Labs

WG1 Welsh Government

Immersive Labs helps organizations achieve cyber resilience by turning human capabilities into strategic security controls. Our Cyber Workforce Optimization platform collects benchmark data on cyber knowledge, skills and judgment by running technical and non-technical teams through exercises. This realtime picture of resilience is used to equip teams and individuals with the human capabilities necessary to keep pace with emerging threats.

Wales has one of the biggest cyber security ecosystems in the UK, and one of the strongest in Europe. When it comes to developing the tech and ideas that’ll keep systems and critical infrastructure safe for future generations, we’re truly world-class. Global tech giants like Airbus, Thales, General Dynamics, Oracle and Qinetiq have made Wales their home and are balanced with dynamic home-grown start-ups, who are bringing their own unique ideas to the world stage. Our universities produce world-class research, and talented graduates with the specialist skills the sector demands. The cyber ecosystem in Wales has created the perfect conditions for one of the most technically advanced and fast-moving industries in the world.

We’re building the future of cybersecurity across the United Kingdom

Visit us on stand

C16

PaloAltoNetworks-CyberUK-HalfPageAd-V3.indd 1

13/04/2022 14:40

This year, the NCSC has taken its citizen behaviour change campaign to another level. Come over to stand N1 and talk to the team about what we’ve been up to.

Cardigan.5nail.Moon! Choose 3 random words for your email password. Search Cyber Aware.

Take your email security to another level

Partner exhibitor profiles

Stand B08 Airbus

Stand B03 Cisco

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military, organisations, and critical national infrastructure from cyber threats.

Cisco Secure is Cisco’s comprehensive security product portfolio. With a robust line-up of adaptable zero trust, XDR and SASE tools, Cisco Secure makes security both integrated and accessible for organisations of any size, industry, client base and infrastructure. Cisco Secure products offer unmatched efficacy in data protection, providing security that’s not only agile and adaptable, but also incredibly easy to use. Cisco Secure enables companies to achieve security resilience and protect their organisation amidst unpredictable threats or change. With Cisco, organisations can help ensure the integrity of their financial and data assets, spring back from operational disruptions, better withstand shocks to supply chains and secure a distributed workforce. Cisco Secure’s emphasis on resilience, and partnerships with the UK’s leading security experts, from the National Crime Agency to the National Cyber Security Centre, helps organisations close security gaps, see more, anticipate what’s next and take the right action.

With over 30 years of experience providing reliable cyber security products and services, we have become one of the most advanced sovereign cyber security players in Europe. Having protected Airbus Defence and Space’s complex systems and networks with our SOCs for years, we have leveraged our Airbus DNA to develop products and services for customers facing similar challenges as us, based on state-of-the-art trusted technologies.

Stand B07 ESET UK Ltd The number one digital security and Threat Intelligence company in the EU and fourth largest in the world, ESET directly protect millions of end-users; and billions of Chrome users through our Google collaboration. With solutions ranging from endpoint protection to XDR and encryption to Threat Reports. 13 R&D centres around the world work tirelessly anticipating new threats ensuring you are protected, ready for the next step of progress and helping you realise the full potential of technology with complete confidence. ESET are proud to have been involved in several high-profile discoveries such as, amongst others, Industroyer, KrØØk and Lojax.

Partner exhibitor profiles

Stand B02 Greater Manchester Combined Authority Greater Manchester is rapidly becoming UK and European centre for cyber and digital ethics, trust and security. A region with a Â£5 billion digital economy and a strong cyber ecosystem is at the heart of that. The Greater Manchester Cyber Security Advisory Group reflects the cyber security capabilities of the region and drives forward inclusive economic growth for the city-region and the North. The group provides strategic oversight and a force for inclusive economic growth, taking an ecosystem approach to building that capability and economic resilience. Five members of the Cyber Security Advisory Group will exhibit during Cyber UK 2022, highlighting how we’re doing digital differently in Greater Manchester and leveraging our expertise in areas like cyber security.

Stand B06 Jacobs At Jacobs, we’re challenging today to reinvent tomorrow by solving the world’s most critical problems for thriving cities, resilient environments, mission-critical outcomes, operational advancement, scientific discovery and cutting-edge manufacturing, turning abstract ideas into realities that transform the world for good. With $14 billion in revenue and a talent force of approximately 55,000, Jacobs provides a full spectrum of professional services including consulting, technical, scientific and project delivery for the government and private sector.

Stand B09 Net Consulting Ltd From identification, right through to recovery, Net Consulting Ltd. (NCL) provide managed and comanaged cybersecurity and consulting services across both the public and private sectors. Their team of skilled cyber experts, based in ‘Floodlight’, the company’s purely UK-based SOC are on hand to help you and your organisation drive digital vigilance, be more secure and operate in a safer cyber space. Underpinned by Cortex, the industry leading technology from Palo Alto Networks, their catalogue of cybersecurity services covers the security lifecycle from planning and preparation, through to fully Managed Detection and Response (MDR). Visit NCL on stand B9 to browse their catalogue and discuss how they can help you secure the cloud, automate operations, stop zero day attacks, secure hybrid workers, respond faster and improve your overall resilience to cyber threats.

Premium exhibitor profiles

Stand C07 (ISC)2

Stand C05 2T Security

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSPÂ®) certification, (ISC)Â² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 168,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation â€“ The Center for Cyber Safety and Educationâ„¢. For more information on (ISC)Â², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.

We help our clients solve their IT security and information assurance problems. We design and review security architecture, provide due diligence on systems being planned, manage and create risk management frameworks, and act as trusted independent advisers to help get the right security solutions. We provide innovative security monitoring and analytic capabilities for our clients. We developed the innovative RiskTree® risk management process, now being used by a number of UK Government departments and in the private sector. This provides a business-focused way to quickly and effectively assess risk and get results that can be understood throughout an organization.

Stand C15 Amiosec Amiosec is a trusted technology partner for UK government, defence and civil organisations, specialising in the research and development of secure mobile communications, High-Grade cryptography, cyber security and advanced network defence technology solutions. Working closely with its customers to understand and solve the difficult problems and challenges associated with securing sensitive communications in the modern world, Amiosec focuses on delivering innovation and technology outcomes across the value chain from R&D, rapid product development, integtrated solutions through to fully managed services. Find out more at www.amiosec.com or by calling 01684 770343.

Stand C22 Becrypt From our heritage in device encryption, today our solutions span operating system security, novel crossdomain technology, mobile device management and sovereign cloud services. We protect critical national infrastructure organisations against elevated cyber threat. As an agile London-based UK SME, we support government-funded High Assurance research, provide commercially available products and flexible managed sovereign cloud services. Our Paradox secure OS has been adopted as the Secure Desktop for the UK CNI. Our unique MDM platform and next-gen cross domain technologies are core to UK Government Advanced Mobile Solutions and associated programmes. ‘

Premium exhibitor profiles

Stand C03 CREST

Stand C02 CyberFort Group

CREST builds trust in the digital world by raising professional standards and delivering measurable quality assurance for the global cyber security industry.

Cyberfort is a NCSC Certified Cyber Security Consultancy delivering end-to-end cyber security managed services focused in three core service pillars; Compliance, Cybersecurity and Cloud. We offer over 50 approved security services on public sector frameworks, ranging from cloud hosting, penetration testing, business continuity planning, incident management, disaster recovery support and more. With a wealth of industry accreditations and experience with helping our clients protect information assets, our Consultants quickly become trusted advisors on key projects including those involving critical national infrastructure systems and data We believe that security affects everyone, therefore security services should be available to everyone no matter where they are on their business journey.

CREST is an international not-for-profit, membership body representing the global cyber security industry. Our goal is to help create a secure digital world for all by quality assuring our members and delivering professional certifications to the cyber security industry. CREST accredits companies operating across dozens of countries, and certifies professionals worldwide. We work with governments, regulators, academia, training partners professional bodies and other stakeholders around the world.

Stand C01 Egress Software Egress’ mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration, and targeted spearphishing attacks.

Stand C11 FTI Consulting As a global provider of cybersecurity, risk management, and investigation advisory services, FTI Cybersecurity applies an expert-led, intelligence-driven, strategic approach to the most complex cybersecurity challenges. Our clients, representing nearly every industry and sector, include the world’s largest multinational corporations and top law firms, and rely on our deep expertise and customised, industryfocused solutions for cyber readiness, incident response, and complex cyber investigations and litigation. Our global team of dedicated cybersecurity experts, incident response consultants, developers, and data analysts with extensive investigative backgrounds has decades of experience at the highest levels of law enforcement, intelligence agencies, and global privatesector institutions.

Stand C12 Fortinet Fortinet (NASDAQ: FTNT) makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 565,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Premium exhibitor profiles

Stand C14 Garrison

Stand C13 L3Harris Technologies

Garrison is proud to be pioneering hardware-based technology supporting commercial enterprises, secure government, the Intelligence Community and Critical National Infrastructure.

Here at L3Harris we focus on protecting Britain’s most sensitive information by investing in innovative technologies to help ensure the UK is safe in cyberspace. As a trusted cyber security partner to HMG for over 30 years, we develop and deliver cyber security solutions that align with Government strategy.

Garrison’s Web Isolation technology is trusted by governments around the world to keep their most sensitive systems safe from web-based threats and deployed at scale across multiple commercial organisations protecting them from phishing and ransomware attacks including Lloyds Banking Group (one of Europe’s largest retail banks). Garrison eliminates cyber threats allowing full web access without compromise.

As High-Grade specialists we can provide a fully integrated, interoperable Next-Generation range of services and solutions for every type of scenario, from in-theatre operations to crossgovernment communications - supporting you to achieve the highest level of assurance whilst retaining a sovereign capability that protects the most sensitive UK information and networks.

Stand C21 Leidos

Stand C08 HP From the maker of the world’s most secure PCs and Printers HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. We deliver a new breed of endpoint security, rooted in Zero Trust principles, that is continually evolving to help our customers stay ahead of modern threats.

Secure technology, at scale and speed At Leidos, our scientists and technologists use their expertise to secure the nation’s most critical missions. Helping government agencies transform their approach to cybersecurity; staying one step ahead of the most advanced persistent threats. An ever changing threat landscape means our capabilities are constantly evolving to counter the cyber threats of tomorrow. From AI to Zero Trust, our teams are harnessing new tools and technologies to advance national security and help our customers protect what’s most important. Maintaining cybersecurity defences is an enduring challenge’s not a one-time action. leidos.com/capabilities/cyber

Stand C04 Qinetiq Stand C06 Nominet Nominet is driven by a commitment to use technology to improve connectivity, security and inclusivity online. For 25 years, Nominet has run the .UK internet infrastructure, developing an expertise in the Domain Name System (DNS) that now underpins sophisticated threat monitoring, detection, prevention, and analytics that is used by governments to mitigate cyber threats. Nominet delivers Protective DNS (PDNS) on behalf of the National Cyber Security Centre (NCSC). PDNS is a vital part of the UK’s Active Cyber Defence (ACD) programme and protects over 6m users delivering public services in the UK.

QinetiQ is an integrated global security and defence company. Operating at the leading edge of science and engineering and employing over 6,000 people, including more than 3,000 scientists and engineers. QinetiQ has been established as a Cyber Security service provider and thought leader for longer than almost any other company in the world, continually providing assurance and resilience for our customers in a collaborative way. Uniting our own and othersâ€™ technology and know-how to provide distinctive specialist services and products that address our customersâ€™ most pressing challenges. We are integrated across the life cycle of critical equipment and infrastructure, undertaking creative research and development, enabling test and evaluation and delivering operational readiness through training and rehearsal. Create it. Test it. Use it.

Premium exhibitor profiles

Stand C20 Roke

Stand C10 Secure Systems & Technologies

Roke is a leading UK innovator in science and engineering. For over 60 years we’ve been improving the world through innovation by combining the physical and digital in new ways. We conceive, design and secure technically advanced data and communication systems for governments and industry.

Secure Systems & Technologies Ltd (SST) are global specialists in TEMPEST and secure communications solutions. Often seen as the cyber security blind spot, TEMPEST is defined as the study of the unintentional emission of protectively marked data from an equipment or system. Part of APITech , SST specialises in the design and manufacture of equipment that keeps sensitive data safe and protected. SST’s product range is largely based on leading brand commercial off-theshelf equipment, which is then re-designed, tested and certified to ensure compliance with the stringent TEMPEST security standards. Discover more about our solutions by visiting our stand or on our website.

Our deep knowledge of sensors, communications, cyber and AI means our team of 600+ engineers are uniquely placed to combine and apply these technologies to solve real world technical challenges and help deliver critical missions for our customers. As a trusted partner, we welcome any problem, and are confident that our consulting, research, innovation and product development will help to keep people safe whilst unlocking value.

Stand C09 Tenable Tenable® is the Cyber Exposure company. Approximately 40,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Standard exhibitor profiles

Stand A68 Adacore AdaCore helps customers build military-grade, cyber-secure systems. The company’s development tools and expert support cover the complete continuum of embedded cybersecurity. AdaCore solutions offer clients a competitive advantage by preventing vulnerabilities before software is deployed, and staying ahead of adversaries. Visit us at stand A68.

Stand A42 Ancora / Cyber 1st Cyber1st are a UK sovereign company designing, developing and manufacturing the latest and most innovative high grade cryptographic solutions available. Cyber1st are sharing the stand at CyberUK with Ancora Solutions, a resell partner and solution provider. Please visit www.bulldogprime.com for more information or come and see us on Stand A42.

Stand A43 Armour Communications Armour Communications Limited provides market leading technology for secure collaboration solutions on everyday devices. Easy to use, cost effective technology combined with advanced security techniques to deliver cloud-based and onpremises secure solutions. Armour’s technology is ISO27001 and NATO approved.

Stand A49 BAE Systems BAE Systems Digital Intelligence is home to 4,800 digital, cyber and intelligence experts. We work collaboratively across 16 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Launched in 2022, Digital Intelligence is part of BAE Systems, and has a rich heritage in helping to defend nations and businesses around the world from advanced threats.

Stand A55 Blackberry BlackBerry provides intelligent security software and services to enterprises and governments globally. Powered by Cylance AI to deliver innovative solutions in cybersecurity and data privacy. BlackBerry. Intelligent Security. Everywhere. For more information, visit BlackBerry.com and follow @BlackBerry.

Stand A05 Akamai Akamai powers and protects life online. The most innovative companies worldwide choose Akamai to secure and deliver their digital experiences — helping billions of people live, work, and play every day. With the world’s largest and most trusted edge platform, Akamai keeps apps, code, and experiences closer to users — and threats farther away. Learn more about Akamai’s security, content delivery, and edge compute products and services at www.akamai.com.

Stand A50 Arculus Specialist, independent cybersecurity consultancy: information assurance, ISO27001, SOC2, GDPR; CCP-consultants. CRESTaccredited penetration testing and vulnerability scanning. Specialists in Red Teaming and device testing. Cyber Essentials/ Plus Certifying Body. Secure your digital transformation through our pragmatic solutions, guidance and services. Proven track record of successful security outcomes in complex and challenging environments.

Stand A54 Attivo Networks Attivo Networks, the identity detection and response leader, delivers a superior defense to prevent privilege escalation and lateral movement threat activity. The ThreatDefend® Platform provides unprecedented visibility to risks, attack surface reduction, and attack detection across critical attack point, including endpoints, Active Directory, and cloud environments. www.attivonetworks.com

Stand A28 Barrier Networks Barrier Networks is a leading Scottish Cyber Security company. Our mission is to help our customers build cyber resilience and develop strategies against cyber-attacks. We provide Professional and Managed Services, and we are a value-added reseller for some of the industry’s best technology vendors. For more information, contact 01413560101.

Stand A35 BlueVoyant Founded in 2017 by former Fortune 500 and former government cyber officials, BlueVoyant recognise that effective cyber security requires active prevention and defence across both your organisation and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem.

Standard exhibitor profiles

Stand A07 CACI

Stand A56 Cyber Ark

CACI is a specialist provider of software and technology consultancy services, delivering digital transformation and innovation projects for UK government, defence and national security organisations. We combine outstanding technical talent and expertise in free open-source software and agile software development techniques to deliver secure, innovative solutions with a low total cost of ownership.

CyberArk Software CyberArk is the global leader in Identity Security. Centered on Privileged Access Management, CyberArk provides the most comprehensive security solutions for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads, and throughout DevOps pipelines. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit www.cyberark.com.

Stand A67 CENSUS Labs CENSUS is an internationally acclaimed Cybersecurity services provider. Through its cutting-edge IT security research, CENSUS delivers state-of-the-art services to multiple industries worldwide. CENSUS offers a wide variety of services to cover the complex needs of IT & OT ecosystems including Organization Security Testing, Product Security, Vulnerability Research, Security Training & Consulting.’

Stand A19 Charity Digital We partner with leading technology providers to deliver the UK’s only software donation platform, Charity Digital Exchange. We improve digital awareness and connect charities to the digital expertise they need. We’ve helped 400,000+ charity professionals learn about digital transformation through our media platform and enabled 68,000 to save £260+ million on technology investments.

Stand A69 Claroty UK

Stand A41 CDS Defence and Security Our Cyber Security & Information Assurance Services minimise information security risk and maximise digital resilience. Our security cleared, cyber certified professionals will help you to operate securely, develop the right security culture and realise the benefits of your technology and cyber investments, enabling the protection of your information assets through life.

Stand A63 Checkpoint Check Point is a leading provider of cyber security solutions to protect customers from cyber-attacks with an industry leading catch rate of malware, ransomware and more. Offers “Infinity” Total Protection with advanced threat prevention, which defends enterprises’ cloud, network and mobile device information. Provides one point of control security management system.

Claroty empowers organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Claroty is deployed by hundreds of organizations at thousands of sites globally. To learn more, visit: http://www.claroty.com

Stand A48 Clearswift - A helpsystems company

Stand A24 Cryptify

Stand A45 CSTEM

Cryptify has established itself as a leading provider of secure communication for mobile phones and PCs. Cryptify provides a user friendly, field-proven and quickly deployed solution to government and enterprises who needs to protect sensitive conversations. The solution is certified for both UK and NATO usage at security level OFFICIAL.

C-STEM is a specialised Managed Service Partner delivering SMART Services, specifically aimed at bridging the gaps in Cyber Detection, Compliance & Response effectiveness. Using complementary AI, Crowd & Cloud SMART Services Toolkits, Infrastructure & Security teams can more efficiently, qualify, evidence & bridge the gaps between actual and target effectiveness.

HelpSystems offers a comprehensive, powerful data security suite designed for todayâ€™s hybrid IT reality. We partner with organisations to provide layered data protection where you need it most. Our complete solution set includes data classification, DLP, email security, managed file transfer, encryption, and digital rights management for ultimate, datacentric security.

Standard exhibitor profiles

Stand A72 Cyber Wales

Cyber Wales is an ecosystem. The Management Team and Steering Committee strive to provide a platform for Members to find Guidance, share News, ideas and best practice, to encourage collaboration through Clusters, Events and Competitions and to identify Opportunities for the cyber Communities in Wales to thrive and grow.

Stand A23 Inzpire Inzpire’s Intelligence and Cyber Division comprises of ex-military cyber, security and intelligence experts with decades of experience in delivering outstanding results for military, government, and industry organisations. Their services include delivering large-scale training exercises; training needs analysis; training design, delivery and assurance; cyber and intelligence consultancy; and cyber vulnerability investigations.

Stand A40 Darktrace Darktrace (DARK.L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

Stand A71 e-2-e-assure e2e-assure provide CISOs, CEOs and other owners of cyber risk with confidence through a transparent and tailored Security Operations Centre (SOC) and Managed Detection and Response (MDR) Services. We leverage existing investments to reduce the total cost of ownership and share our cyber security expertise through our Cyber Maturity Programme.

Stand A02 Elastic Search Elastic builds real-time, scalable enterprise search, observability, and security solutions on a single free and open technology stack that can be deployed anywhere. Thousands of organizations worldwide use Elastic to instantly find actionable insights from any type of data and power mission-critical systems. Learn more at elastic.co.

Stand A21 Galaxkey Most organisations think their data and communications are secure because they have a strong external defence. But if their defence is breached, or data and communications are sent outside the organisation, they’re vulnerable. Galaxkey protects everything - files, emails, e-signatures, instant messages under three layers of identity-based encryption, with unique “keys” only you hold - so no one else can ever access your data.

Stand A11 Domain Tools See More Threats. Get Ahead of Attacks. Threat actors are fast. You have to be faster. DomainTools has the industry’s fastest domain discovery engine and broadest, most accurate data.

Stand A46 Eclectic IQ EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Stay ahead of rapidly evolving threats and outmaneuver your adversaries by embedding Intelligence at the core™ of your cyberdefenses. We operate worldwide with offices and teams across Europe and UK, North America, India and via value-add partners. www.eclecticiq.com

Stand A14 Frazer-Nash Consulting Frazer-Nash is a leading systems and engineering technology company. Our cyber team provides holistic expertise that covers the human and technical elements of cyber. With engineering experience from across a broad spectrum of domains, we offer a unique perspective on the threat posed to organisations from a cyber attack.

Stand A37 iBoss Network Security iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Built on a containerized cloud architecture, iboss delivers security capabilities to protect all resources, via the cloud, instantaneously and at scale. Learn more on https://www.iboss.com/.

Standard exhibitor profiles

Stand A13 Information Commissioner’s Office The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Stand A10 Iron Net IronNet is a global cybersecurity leader that is revolutionizing how organizations secure their enterprises by delivering the first-ever Collective Defense platform operating at scale. Our solutions leverage our unique offensive and defensive cyber experience to deliver advanced behavioral analysis and collective intelligence to detect known and unknown threats.

Stand A47 Isograph Isograph’s integrated software products provide a powerful and comprehensive suite of tools to solve complex reliability, safety and security problems. Our products have been in continuous development since 1986 and are used across the globe by companies ranging from the smallest consultancies to the largest multi-national corporations.

Driven by Experience

Stand A44 Methods We are experts in delivering secure, resilient Cyber Security Services - keeping your systems and data safe. Methods reduces risk from cyber-attacks by developing a security roadmap with built-in controls which protect your cloud, IT and IoT services. Methods is NCSC accredited, delivering cyber security services to Central Government and public sector organisations.

Stand A64 NETSCOUT NETSCOUT delivers real-time visibility, troubleshooting, and protection wherever technology infrastructure and business applications reside. Companies rely on NETSCOUT Smart Data to proactively monitor, triage, and protect service and application performance and security within our nGenius service assurance and analytic solutions, Arbor DDoS protection solutions and our Omnis Security solutions.

Stand A22 Nine23 Nine23 provide cyber security solutions and services to enable the frontline end-users in today’s workplace to use technology, securely. “Consumer simplicity with enterprise security”. We passionately believe that the user should be at the heart of everything we do.

Stand A12 Juniper Networks

Stand A53 Netskope

Everything from how users access data and applications, to how network connections are made – must be secured. Security must be: invisible to end-users operationally efficient for IT teams to maintain provide effective threat prevention This can only be achieved when security is built into the same network infrastructure that provides connectivity and is extended across every point of connection. Juniper Connected Security helps organizations build threat-aware networks to keep attackers at bay and keep the network clear for business-critical traffic.

Accelerate Your SASE Journey with Netskope. Netskope’s Intelligent Secure Service Edge (SSE) platform provides data-centric, cloud-native security, able to secure enterprise data wherever it ventures; in the cloud, on the web, and across managed and unmanaged devices, delivering end to end security and data protection without performance trade-offs.

Stand A39 Keysight Technologies Keysight’s Networking and Security solutions, formerly known as Ixia, make networks stronger through rigorous testing and a powerful network visibility platform delivering security resilience and application intelligence. Enterprises, governments and service providers use our products to improve network, security and IT management through an end-to-end visibility infrastructure including cloud, physical and virtual networks. www. Keysight.com

Standard exhibitor profiles

Stand A06 Osirium

Stand A16 Radware

Osirium is the leading UK-based cybersecurity specialists for Privileged Access Security solutions including Privileged Access Management (PAM) to protect shared devices and services; Privileged Process Automation (PPA) for secure IT automation; and Privileged Endpoint Management (PEM) to remove risky local admin accounts from endpoints. Simple PAM with advanced IT productivity.

Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

Stand A66 Pervade Pervade Software is the creator of three unique award-winning solutions.: OpView™ - used for UK Police Cyber Alarm System. OpIndex™ - used for UK Police Dark Web Intelligence Gathering Platform OpAudit™ - used for UK Government’s Cyber Essential Scheme. Also used by a range of clients in over 80 countries.

Stand A51 SANS SANS Institute is the world’s largest provider of cybersecurity training. For over twenty-five years, we’ve provided cutting edge training to governments and organisations across the world. SANS training is built around a promise: students will be able to put into practice what they’ve learned as soon as they get back to their desks.

Stand A57 PETRAS PETRAS exists to ensure that technological advances in the IoT and associated technologies, such as AI and Machine Learning, are developed and applied in consumer and business contexts, safely and securely. We consider issues of Privacy, Ethics, Trust, Reliability, Acceptability and Security as they relate to the IoT.

Stand A20 Searchlight Security Stand A29 Prism Infosec Prism Infosec is an award winning Cyber Security Consultancy offering the full spectrum of Security Consultancy Services to some of the world’s leading brands and organisations from the FTSE 100 to Government and Defence. Our service offering includes Penetration Testing, Red Teaming, Cloud Security, Governance, Risk Management & Compliance.

Searchlight Security: Protecting society from the threats of the dark web. Searchlight Security is mission-proven as the world’s leading provider of dark web intelligence and tools, protecting society from the threats of the dark web. We are used by the world’s most advanced government agencies and businesses; enabling them to go further, faster, and deeper into the dark web. Our proprietary technology provides actionable data that was previously unobtainable, delivering insights, situational awareness and sense-making, helping our customers keep ahead.

Stand A34 QA

Stand A17 Semperis

QA is an industry-leading tech training and skills provider. We offer the UKâ€™s broadest curriculum of cyber training programmes and the largest learning ecosystem of cyber industry partners. Our mission is aligned to the 2022 UK National Cyber Strategy, to strengthen the UK cyber ecosystem and enhance the nation’s cyber skills.

Semperis is the pioneer of identity-driven cyber resilience for cross-cloud and hybrid environments. Semperis provides cyber preparedness, incident response, and disaster recovery solutions for enterprise directory services—the keys to the kingdom. Semperis’ patented technology for Microsoft Active Directory protects over 40million identities from cyberattacks, data breaches, and operational errors.

Standard exhibitor profiles

Stand A9 Security and Awareness Center of Excellence

Stand A8 Specialist Group Information Services (SGIS)

SEACoE is one of the 5 Government Security Centres whose aim is to support Government Departments in the critical areas of security. SEACoE’s focus is to provide a centrally co-ordinated, streamlined approach to Government Security Education and Awareness (SEA), providing high quality, high impact Pan-Government SEA campaign material.

Deliver deep specialist CIS advice to Defence in order to enable success on current and future operational commitments SGIS is a nationally recruited British Army Reserve Specialised Unit charged with providing task-based expertise across the spectrum of IT, to the Army and wider Defence customer organisations.

Stand A15 Six Degrees

Stand A30 UK Cloud X

Six Degrees is the United Kingdom’s number one provider of secure technology services. Our industry-leading security protects against today’s and tomorrow’s cyber threats, while our unrivalled technology stack means maximum productivity and efficiency, even with a remote workforce. Our mission is to enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.

UKCloudX is the sovereign cloud our national security depends on for innovation and mission critical systems. It is devoted to keeping our nation safe by enabling new insights through the adoption of digital technologies and providing uncompromising security and integrity for the UK’s most secure and sensitive systems.

Stand A36 Talanos Security Talanos Cybersecurity are a Managed Security Provider offering affordable services and pragmatic solutions. Our security operations centres are in three continents delivering security capabilities to organisations across the UK and EMEA region. Our NCSC Certified Cyber Professionals specialise in Identity Governance, Privileged Access Management and Managed Detection and Response.

Stand A70 Telesoft Telesoft is a global provider of cutting-edge cyber security, telecoms mobile products and services, and government infrastructure. We work with integrators and service providers to develop, manufacture and support systems that generate revenue, keep critical infrastructure operational and important data safe on high-density multi 100Gbps and beyond 1Tbps networks.

Stand A18 UKC3 UK Cyber Cluster Collaboration (UKC3) supports cyber clusters to drive growth of the cyber sector within their nations and regions, encouraging greater collaboration across the UK’s cyber ecosystem. UKC3 promotes collaboration, knowledge exchange and sharing of best practice between cyber clusters in order to develop the ecosystem, promote innovation and grow cyber skills.

Stand A03 Varonis Varonis is a pioneer in data security and analytics, specializing in software for data protection, threat detection and response, and compliance. Varonis protects enterprise data by analyzing data activity, perimeter telemetry, and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

Welsh Government pavilion

Pod 8 Arcanum Information Security Ltd Arcanum Cyber is the only NCSC Certified Cyber Security Consultancy registered in Wales. Our large, UK wide team of experienced consultants has been supporting clients since 2008.

Experienced in both IT and OT security, we have helped clients operate securely across multiple sectors, ranging from CNI and Defence to SMEs. Services include Cyber Security Consulting, Digital Forensics and Penetration Testing.

Pod 3 Echosec Systems UK

Pod 5 Awen Collective

Awen Collective helps to make society safer by reducing the risk of cyber attacks to our Critical National Infrastructure, Manufacturers and Smart Cities. Awen is a Welsh industrial cyber security specialist developing software to help organisations increase their resilience before an incident has an opportunity to occur.

Pod 6 ITSUS Consulting Ltd

Echosec Systems provides security and intelligence teams with enhanced access to a wide range of social media, deep web, and dark web data in real-time. Their web-based solutions are trusted by global teams to deliver timely, relevant data to improve situational awareness on the ground and inform initiatives like geopolitical risk assessment, counterterrorism, disinformation monitoring, force protection, and crisis response.

At ITSUS, we are committed to building long term relationships that foster joint value creation. Our purpose is to deliver complex digital transformation programmes in collaboration with world leading ICT vendors, international system integrators and public sector organisations

Pod 4 Kocho

Pod 2 Security Foundry Ltd

At Kocho, we believe greatness lies in everyone. We exist to help companies realise their potential. By combining the power of Microsoft cloud technology with world-class identity, cyber security, and our team of brilliant people - we take our clients on a journey of secure transformation. The result? Sustainable and secure growth that amplifies your business success.

We deliver either packaged or bespoke managed services by cybersecurity specialists who have proven capabilities and expertise with a wide range of industry tools. Already invested? Our experts can advise how to make your existing cybersecurity even more effective. Need help? We can help you invest in digital security that’s the right fit for your business needs and budget.

Pod 1 Seiber Ltd

Seiber are a Welsh based Cyber Security company who provide Information Security and Open-Source Intelligence consultancy and accredited training services.

Pod 7 Wolfberry Cyber Security

“Most Innovative Cyber Security Company in the UK”, “Best International Cyber Security Consultancy Firm in the UK” and the highest placed cyber security organisation within the WalesTech50 awards, Wolfberry offer a full range of managed, innovative, bespoke cyber services. The team are specialists in their field with a vast knowledge of the latest global trends, technologies and attack vectors.

DCMS Innovation Zone exhibitors

Government exhibitors

Government Security

Small business hub exhibitors

E04 6point6

E06 Arctic Security Ltd

E09 Cyber Security Jobsite

E12 CyberHive, 100 Percent IT Ltd

E11 Esperienza Learning

E10 My Mantra

E05 Nexor

E08 Nova Blue Technologies

PlanB Consulting E03 Pentest People

E13 Plan B Consulting

E01 Surevine

E07 Templar Executives

E02 Think Cyber Security Ltd

With special thanks to all our sponsors

CYBERUK 2022 Delegate information

Articles inside

Standard exhibitor profiles

Welsh Government pavillion

Premium exhibitor profiles

Plenary speakers

Plenary chairs

Partner exhibitor profiles

Plenary programme

Content overview

Cyber Ecosystem

Supporting innovation and growth

A safe and positive environment for all

Industry 100

Spotlight Stage

Network, meet and collaborate

Cyber security for the whole of society

CEO’s welcome