7 minute read
Plenary programme
PLENARY 1
Advertisement
09:45 – 11:00
PLENARY 2
11:45 – 12:30 TUESDAY 10 MAY
Welcome and introduction by Chair of CYBERUK 2022, Lindy Cameron, CEO, NCSC
Senior Government Keynote, Sir Jeremy Fleming, Director GCHQ Lead sponsor BT Keynote, Kevin Brown, Managing Director, Security, BT
Global response, Global impact: Strategic alignment and collaboration
Reduce harm and carry on? Exploring the practical reality of good digital security for individuals and organisations
We’ll have heard about global trends in cyber security through the opening speeches and panel sessions at this conference. Along with the very latest thinking on strategic response from the UK and partner governments and industry leaders. In this session we switch focus to what it all means in practice to protect the whole of society from the negative impacts of these changes in the big picture. This session will invite a range of views from people and organisations who rely on digital connectivity for their life and work: bringing to the fore the things that worry them the most and exploring the most effective ways of doing something about them. Chair: Paul Maddinson, Director, National Resilience and Strategy, NCSC
In this session, we will explore strategic trends within the global cyber landscape and examine how international collaboration between responsible cyber powers can help to protect and promote effective cyber governance and security. Our debate seeks to establish the value of unity and common purpose among international partners and the benefits it brings to strengthening our collective resilience to the spectrum of cyber threats.
Chair: Lindy Cameron, CEO, NCSC
Panellists:
Abigail Bradshaw, Head Australian Cyber Security Centre Australian Signals Directorate
Juhan Lepassaar, The Executive Director of the European Union Agency for Cybersecurity
Rob Joyce, Director, Cybersecurity Directorate, NSA
Panellists:
John Edwards, UK Information Commissioner
Rob Jones, Interim Director General, National Economic Crime Centre (NECC), NCA
Nelson Ody, Product Manager, RM
Siwan Rees, Senior Programme Manager, Impact Innovation
PLENARY 3
18:00 – 18:45 Will we still be able to do cyber security in 5 years?
We’ve started to see the balkanization of tech, driven by countries’ needs to be sovereign and not dependent on their strategic competitors and adversaries. This is leading to unprecedented actions that will fundamentally change how technology is designed, standardised and built and whose values it embodies. Will our current cybersecurity approaches work in this new context? How do we ensure that our ever-increasing dependence on technology is safe for the long term? This session will start to explore these topics, and possible responses. Dr Ian Levy, Technical Director, NCSC will lead a conversation
Plenary programme
PLENARY 4
09:00 – 10:10 WEDNESDAY 11 MAY
Welcome to day two Keynote, Lindy Cameron, CEO, NCSC
Ministerial address, The Rt Hon Steve Barclay MP, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office Lead sponsor AWS Keynote, Chris Hayman Director, UK Public Sector, AWS and Amie Alekna, Director of Security, Privacy, Live Services and Information Management at Ministry of Justice
Keynote, Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA)
The demand for Supply Chain
The Supply Chain can be large and complex, involving many suppliers doing many different things. Securing it can be hard because vulnerabilities can be inherent or introduced and exploited at any point within it. The ever-increasing outsourcing of services, the globalisation of the Supply Chain, and our reliance on the resilience of these multi-national companies, present a significant risk to our security and even our way of life. This session provides an insight into how the US and UK approach the Supply Chain exam question and how separately and together, we are on the same page.
Chair: Marsha Quallo-Wright, Deputy Director for Critical National Infrastructure. NCSC
Panellists:
Ben Aung, Chief Risk Officer, Sage Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA) Ian McCormack, Deputy Director for Government Cyber Resilience, NCSC Jimmie Owens, Global Chief Information Security Officer at DXC Technology
PLENARY 5
10:40 – 11:30
PLENARY 6
15:30 – 16:25 Chartering new territory for employers and practitioners
The UK is a global tech leader and cyber security is core to this success. But while organisations understand its importance, they often don’t know who to hire for what role, and newcomers to the profession don’t know where to start. Launched last year, the UK Cyber Security Council is the self-regulatory body for the UK’s cyber security profession. Bringing together the existing qualification and certification market, it will create clear professional standards and pathways within the profession. This session will explore how the UK Cyber Security Council will demystify the cyber profession for employers and practitioners.
Chair: Chris Ensor, Deputy Director for Cyber Skills and Growth, NCSC
Panellists:
James Dipple-Johnstone, Deputy Commissioner and Chief Regulatory Officer, Information Commissioner’s Office Simon Hepburn, Chief Executive, UK Cyber Security Council Erika Lewis, Director, Cyber Security and Digital Identity, DCMS Pearl Noble-Mallock, Head of Product Security, BAE Systems Ministerial address, The Rt Hon Damian Hinds MP, Minister of State, Minister for Security and Borders
Through the cyber looking glass - “I don’t like the look of it at all,” said the King
Great power competition had already found cyberspace to be a fruitful domain long before this year, but world events are likely to accelerate this even further. This closing panel of CYBERUK 2022 will look ahead and discuss how cyber security is likely to play a pivotal role in defending not just our information and systems, but our values and entire way of life. Chair: Paul Chichester, Director of Operations, NCSC
Panellists:
Sami Khoury, Head, Canadian Centre for Cyber Security, Communications Security Establishment Merle Maigre, Cybersecurity Expert, E-Governance Academy, Estonia Vikram Thakur, Technical Director at Symantec, Broadcom Juliette Wilcox CMG, UK Cyber Security Ambassador, Department for International Trade
Cyber Den awards and CYBERUK 2022 Close
Lindy Cameron, CEO, NCSC
Technical masterclasses programme
Take a deep dive into specialist areas to expand your cyber security knowledge with 2022’s host of technical masterclasses. Led by the NCSC’s CTOs, the new CYBERUK technical masterclasses delve into the management of privileged accounts using MS RAMP, lateral movement and propagation, vulnerability handling and malware analysis. All sessions are rated five chillies to challenge the deep technical experts within our community.
TUESDAY 10 MAY
TECHNICAL MASTERCLASS 1 09:45 – 11:00
Protecting the keys to the kingdom - Adopting an effective privileged access strategy
Understand the importance of protecting privileged accounts and how to adopt an effective privileged access strategy for your organisation based on Microsoft’s Security Rapid Modernization Plan. This session introduces the roadmap and discusses the key elements for success, allowing delegates to implement effective changes across their own estates.
Al Platt, Principal Security Consultant, NCC Group Martin Hill, Managing Security Consultant, NCC Group
TECHNICAL MASTERCLASS 2 11:45 – 12:30
What attackers do when they get in?
This masterclass will cover how attackers move around your network, how you can make that harder and how you can spot them doing it. We’ll cover common lateral movement tools and techniques, how you can safely test to make sure that they won’t work on your estate or how to detect them if blocking them isn’t possible.
Christian Lopez, EMEA Triage Lead, Bug Bounty Services, NCC Group
TECHNICAL MASTERCLASS 3 09:00 – 10:10
When a vulnerability comes knocking at your door
This masterclass will provide details on how to build maturity in vulnerability handling. We’ll provide an insight to NCSC’s handling of vulnerabilities via the Vulnerability Reporting Service and how organisations can improve their own handling. Then we’ll cover the top three vulnerability types we’ve seen, a detailed explanation on what they are, and how organisations can help build resilience against them.
Speakers:
Christian Lopez, EMEA Triage Lead, Bug Bounty Services, NCC Group Matt Trueman, Technical Delivery Director for Government, NCC Group Vulnerability Management Lead, NCSC NCSC CTO for Government
What’s common about the majority of breaches? Malware.
Whether it’s phishing documents, webshells, reconnaissance tools, credential harvesters, in memory payloads or backdoors, malware is used by all attackers, from cyber criminals to nation state actors.
This Technical Masterclass will cover current tactics and techniques actors utilise to ensure their malware avoids your defences and how best to detect and prevent breaches.
Liam Glanfield, Managing Security Consultant, NCC Group Deputy Director Technical Director Operations, NCSC Michael Matthews, Managing Security Consultant, NCC Group Rob Smallridge, Principal Consultant CIRT, NCC Group
