IN-PERSON

UK & Ireland CISO Executive Summit

11 June 2024 | Royal Lancaster London

11 June 2024
Royal Lancaster London

Collaborate with your peers

Get together with UK & Ireland's top CISOs to tackle shared business challenges and critical priorities facing your role today. Participate in this one-day, local program with peer-driven topics and interactive discussions with your true C-level peers.

Join your peers to discuss the most critical issues impacting CISOs today:

Shifting from a Security-Centric Approach to a Resilience-Based Mindset

Exploring Essential Behaviors for CISOs to Influence Leadership Effectively

Positioning Security as a Value-Adding Proposition in Times of Economic Uncertainty

UK & Ireland CISO Governing Body


The Governing Body Co-Chairs shape the summit agenda, ensuring that all content is driven by CISOs, for CISOs.

Governing Body Co-Chairs

Paula Kershaw

Barclays
MD CCO, Cyber & Resilience

Sarah Lawson

University College London
CISO & Deputy CIO

Ewa Pilat

FNZ Group
Group CISO

Helen Rabe

BBC
CISO

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your UK & Ireland CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda


10 June 2024

11 June 2024

16:30 - 18:00  Executive Boardroom

A Sneak Peek of 2024 Gartner Security and Risk Management Summit

Eduardo Mastranza headshot

Eduardo Mastranza

VP, EMEA Lead Gartner for CISO Executive Programs

Gartner

Chris Gould headshot

Chris Gould

Executive Partner, Gartner for CISO Executive Programs

Gartner

***Invitation only*** The Gartner Security & Risk Management Summit brings together experts, thought leaders, and innovators to explore digital risks and strategies for resilience. With over 2,300 professionals participating, this event helps cybersecurity leaders enhance their strategy and gain insights into topics top priorities for security professionals.

Join us for an exclusive session with Eduardo Mastranza and Chris Gould for a sneak peek at key cybersecurity trends for 2024 and beyond.

Delve into:

  • Explore digital risks and resilience strategies that will be showcased at the Gartner Security & Risk Management Summit
  • Enhance your strategy and gain insights into topics like Gen AI, risk management, cloud security, and more
  • Get a sneak peek at key cybersecurity trends for 2024 and beyond

Immediately following this session, the UK & Ireland CISO Summit will begin with a networking reception and dinner: connect with your fellow CISOs before the Executive Summit!

18:00 - 21:00  Networking

Governing Body Welcome Reception

Exclusive to Governing Body members and select guests, this dinner is a can’t-miss opportunity to connect with your peers prior to tomorrow’s Executive Summit. Please join your colleagues for an evening of good food, wine, and lively networking.

08:00 - 09:00  Registration & Breakfast

09:00 - 09:45  Keynote

The Foundations and Scaffolding Behind Effective Cyber Security

Mary Haigh headshot

Mary Haigh

Global CISO

BAE Systems

Geopolitical tensions have escalated cyber threats to BAE Systems, particularly within their strategic defense capabilities, crucial for maintaining our way of life and societal values. In her keynote, Mary Haigh, Global CISO, BAE Systems, will explore what needs to be in place to underpin effective cyber security embedded in the way we do business. She argues that CISOs shouldn't start with the technology, we should focus on developing a clear vision and strategy, governance, transparent reporting, culture and strong moral values within our teams. When conditions are optimal, technology, people, and processes synergies to fortify our cyber resilience against growing threats.

Join Mary to discuss:

  • Get exec buyin to a compelling vision and strategy and communicate ad nauseum until people repeat it back to you!
  • Spend time building the right team culture
  • Use governance and reporting to keep the focus on the right priorities

09:45 - 10:00  Break

10:00 - 10:45  Breakout Session

Navigating the Quantum Shift — Preparing for a Post-Quantum World

James Frampton headshot

James Frampton

CISO, Managing Director, Head of IT Risk, Security & Controls

MUFG Bank

Join James Frampton, CISO and Managing Director at MUFG Bank, for an interactive session focusing on preparations for a Post-Quantum world. Delve into essential strategies and considerations necessary for readiness in the face of quantum computing advancements. Engage in discussions, share insights, and collaborate on developing robust plans to navigate the challenges of this emerging landscape. You’ll enhance your understanding and preparedness for a Post-Quantum era.

James will discuss:

  • When will Quantum Computing (QC) be commercially available?
  • What will happen when this epoch-defining time comes (or has it already happened?) potentially undermining the cryptographic algorithms our organisations' security rely on?
  • What activities and planning should CISO’s be planning & doing now?

10:00 - 10:45  Breakout Session

Conflicts in Trust — An Exploration of who the CISO can Trust

Kent Breaux headshot

Kent Breaux

Senior Vice President, Europe, Middle East & Africa

Proofpoint

We trust that trains will run on time and weather forecasts are accurate. But when it comes to cybersecurity, we must navigate conflicts in trust to best secure our organisations. As a CISO, trust comes in many forms, such as the trust you place in your employees to remember their security training, how you trust cybercriminals to return your ransomed data and how you trust your suppliers to care about their security posture as much as you care about yours.

This is no traditional session; this will be a competition, where you’ll be tasked with choosing the right risk mitigation option as our gamemaster takes you from one scenario to the next. Will you choose the option favoured by our gamemaster? Or will you identify the Darwin Award?

Are you putting your trust in the right places? In this session, you'll:

  • Identify four key elements of trust in cybersecurity
  • Discuss and evaluate risks, implications, and mitigations for each key element
  • Develop a Trust Matrix that you can complete for your organisation

10:00 - 10:45  Executive Boardroom

Threat Intelligence and Third-Party Risk — Doubling Down on Critical Vulnerabilities

Peter Allwood headshot

Peter Allwood

Vice President, Global Cybersecurity Strategy Head  

Mastercard

Chris Day headshot

Chris Day

Chief Information Security & Resilience Officer

Royal London

Kieren Marchant-White headshot

Kieren Marchant-White

Head of Cyber Security

Gymshark

Christine Ford headshot

Christine Ford

Head of Information Security

The Economist

The complete entanglement of cyber risk with business risk is becoming increasingly visible. CISOs now have an opportunity to better pinpoint third parties that present a threat to the organisation. Yet the increasing complexities of third party, and even fourth party, risk management, prompted by a wide range of evolving threats, demands heightened attention. How can CISOs ensure they have a clear overview of the threat landscape and vulnerabilities across ecosystems and supply chains?

Join this session to discuss:

  • Identification of vulnerabilities across your vendor landscape to prioritise response efforts
  • Best practices for mitigating a new wave of sophisticated attacks to keep assets safe
  • The role threat intelligence plays in risk management strategies to safeguard your digital ecosystem

10:00 - 10:45  Executive Boardroom

Embedding Resiliency with Business Continuity Management

Christian Reilly headshot

Christian Reilly

Field CTO

Cloudflare

Sarah Self headshot

Sarah Self

CISO, UK

Aviva

Matt Smith headshot

Matt Smith

Director Cyber and Information Security

St. James’s Place Wealth Management

For many organisations, the question isn't if they'll be attacked, but when and how it will happen. Certain attack types are growing more accessible for a wider variety of attackers, and the risks of distributed work, cloud adoption, and third-party code are impossible to fully contain.

This discussion will focus on strategies security leaders and their teams can use to preserve business operations and protect sensitive data in a world where attacks are inevitable. Specifically, you’ll discuss:

  • Understanding your risk profile – what’s your tolerance for downtimes on business-critical systems
  • Business continuity management — understanding your minimum viable level
  • Organisational strategies for strengthening a culture of security

10:45 - 11:50  Networking Break

10:55 - 11:40  Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:50 - 12:35  Breakout Session

CISO and NED Roles — The Realities, Challenges and Opportunities of Becoming (and Being) a NED

Elaine Bucknor headshot

Elaine Bucknor

Strategic Advisor, Non Executive Director and Technology Executive

Claire Davies headshot

Claire Davies

Partnership CISO

John Lewis Partnership

CISOs have a unique and valuable skill set that makes them excellent candidates to take on NED roles. Taking on such additional responsibilities can also provide additional growth opportunities and professional network expansion. But what does the role of a NED actually entail? How do you know which potential NED role is right for you? What are the realities of juggling a growing plate of priorities alongside your current workload, and how can you make sure you’re set up for success? Join Elaine Bucknor Strategic Advisor, Non Executive Director and Technology Executive and Claire Davies Partnership CISO, John Lewis Partnership as they have an open conversation about the multiple routes CISOs could take after leaving the hot seat, including considering an NED position.

Specifically, they will discuss:

  • Identifying what the role of a NED actually is, and what the role entails
  • Elaine's story, decision-making process and criteria around becoming a NED
  • Open discussion around the benefits, challenges and shared experiences of NED roles for Security leaders

11:50 - 12:35  Breakout Session

Securing the Enterprise — Streamlining Security for 77,000 Daily Devices

Jon Abbott headshot

Jon Abbott

CEO

ThreatAware UK

Douglas Weekes headshot

Douglas Weekes

CISO and Director of Data Governance

Sainsbury's

In the ever-evolving landscape of cybersecurity, navigating the unknown is a constant challenge, especially for enterprises safeguarding vast numbers of devices. Douglas Weekes, CISO and Director of Data Governance at Sainsbury's, confronted this challenge directly in his mission to bolster the supermarket's security defences, safeguarding 77,000 devices from potential attacks. In an insightful dialogue, Doug sits down with Jon Abbott, CEO of ThreatAware, to share the lessons learned and strategies employed in overcoming these hurdles.

Join and Jon and Doug to discuss:

  • Leadership in Integration — Insights into leveraging API connectivity to uncover hidden assets, eliminating the need for additional tools
  • Strategic Reporting for Informed Decision-Making — Empowering leaders with concise reports to streamline management of diverse devices
  • Operational Excellence — Lessons in efficient device management and providing precise insights for strategic leadership decisions

11:50 - 12:35  Executive Boardroom

Creating Scalable Governance to Future-Proof AI in the Cloud

Tom Finch headshot

Tom Finch

Head of Solution Engineering, UK&I

Wiz

Jon Allen headshot

Jon Allen

IT Director (Core infrastructure, Cyber Security, Risk and Compliance)

Halma plc

Simon Goldsmith headshot

Simon Goldsmith

Information Security Director (CISO) & Enterprise IT Lead

OVO

In today's dynamic business landscape, AI platforms serve as catalysts for enhanced efficiency and agility. For CISOs, the pivotal question is: how can we harness this transformative power securely? By assessing risks and implementing robust controls, CISOs can facilitate secure advancements in productivity. Successful AI adoption hinges on prioritising resilience and understanding controllable factors. Through fostering dialogue centered on leadership, resilience, and strategic foresight, this session aims to empower CISOs with actionable insights to navigate the complexities of AI governance in the cloud era.

Join us to explore:

  • AI guidelines— Design frameworks balancing innovation and security for confident AI integration
  • Proactive Risk Mitigation — Implement policies to ensure data availability, integrity and confidentiality in cloud-based AI adoption
  • DLP Navigation — Explore proactive strategies to mitigate data leakage, data rights and operational response

11:50 - 12:35  Executive Boardroom

Adopting a Risk-Based Approach to Strengthen SecOps and Compliance

Matthew Schofield headshot

Matthew Schofield

Solutions Architect

BlueVoyant

Ian Snelling headshot

Ian Snelling

Senior Security Leader

Skipton Building Society

Kyle Headley headshot

Kyle Headley

CISO

Phoenix Group

As the attack surface grows, CISOs know they need a holistic view of their security posture to stay safe. Recognised within Gartner’s re-classification of security operations, CISOs must ensure they detect and mitigate third party and internal threats. By adopting a risk-based approach, CISOs can assess cyber maturity, address compliance gaps and ultimately, prioritise how they spend security investment.  

Join this Executive Boardroom to discuss how to:

  • Implement a risk-based approach to your SecOps process to better monitor vulnerabilities and remain compliant
  • Strengthen your security strategy to prioritise spend and controls to optimise your SOC and maximise security investment
  • Work towards continual improvement to defend against future threats across the attack surface and prepare for future regulatory obligations

12:35 - 13:30  Lunch Service

13:30 - 14:15  Keynote

Unlocking Full Cloud Potential — Security Enhancements for Today’s Enterprise

Scott Montgomery headshot

Scott Montgomery

VP, Strategic Initiatives

Island

While the vast majority of infrastructure has been upgraded and modernised to secure the shift to the cloud, enterprise IT teams are still missing an equally seamless access method to safely deliver those now cloud-native apps and data. While traditional browsers have become the de facto access point for the majority of business critical applications, they lack the deep inspection capabilities and hyper-granular security controls enterprises need. This results in security teams surrounding their browsers with layers of tech to meet those needs.

Join this keynote session to discover:

  • Why traditional cloud security methods undermine your modernisation efforts and end-user experience
  • Embracing technological momentum to adapt to a "more-with-less" security landscape
  • How enterprise CISOs are using this solution to bolster cloud security

14:15 - 14:30  Break

14:30 - 15:15  Breakout Session

Moving From Cyber Security to Cyber Resilience, an Interactive Discussion

Lindsey Bateman headshot

Lindsey Bateman

CISO

M&G Plc

Neil Blagden headshot

Neil Blagden

Group CISO

SSE

In today's rapidly evolving threat landscape, the imperative for cybersecurity has surpassed mere defense to encompass a broader notion of cyber resilience. This shift underscores the need for CISOs to not only fortify security measures but also cultivate operational resilience, positioning them as strategic leaders within their organisations. Join us to explore how embracing cyber resilience transcends traditional security paradigms, empowering organisations to effectively anticipate, withstand, respond, and adapt to cyber threats. Let's pivot from outdated security notions to holistic resilience strategies, mitigating risks and propelling business resilience forward.

Join us to discuss:

  • Collaborative Accountability — CEOs and CISOs unite in fostering cyber resilience, transcending siloed security approaches
  • Informed Trust —  Shift from blind to informed trust, accepting limited risk for resilience
  • Operational Resilience — Identify minimum resilience levels to sustain key operations

14:30 - 15:15  Executive Boardroom

Transforming the Role of the CISO — How Identity is at the Core of Business Transformation

Stephen McDermid headshot

Stephen McDermid

Chief Security Officer, EMEA

Okta

Zibby Kwecka headshot

Zibby Kwecka

CISO

Arnold Clark

Andy Piper headshot

Andy Piper

CISO - Investment Bank & Markets

Barclays

It's widely acknowledged that CISOs are evolving from purely technologists into strategic business leaders. In this open discussion, we'll delve into strategies aimed at broadening the scope of the CISO's responsibilities beyond merely managing staff access to encompassing Customer Identity and Access Management (CIAM). By integrating CIAM, CISOs can transition from an 'us vs. them' mindset to a more cohesive model. This session seeks to foster conversations centred on comprehending customers, their consumption behaviours, and future service delivery considerations. Positioning the CISO as a proactive business enabler, transcending the traditional role of a mere gatekeeper.

Join this conversation to discuss:

  • Strategies to expand CISO's role beyond staff access management, and increase influence across the business
  • Exploring the variations in CIAM approaches across each CISOs organisations
  • Application of traditional security practices (e.g. JIT and JEA) to enhance service delivery in the context of CIAM

14:30 - 15:15  Executive Boardroom

SSPM — Best Practices for Securing your Business-Critical SaaS Clouds

Brandon Conley headshot

Brandon Conley

CRO

AppOmni

Paul Tuck headshot

Paul Tuck

Head of Information & Cyber Security

Rathbone Brothers Plc

Rahul Colaco headshot

Rahul Colaco

CISO

NSK Ltd

Attacks on SaaS systems are on the rise, and SaaS is increasingly becoming a target of nation-state threat actors (e.g. Midnight Blizzard). However, most often sensitive data from SaaS Systems is simply exposed to the world due to admin-induced misconfigurations.

In the past year AppOmni has witnessed far-reaching events impacting thousands of customers. How can CSO organisations secure and monitor highly-dynamic and highly-abstract SaaS systems that are managed outside of the IT function, when tools like SASE have proven ineffective and network-centric?

Join this boardroom to discuss:

  • The inherent complexities of effectively securing large-scale SaaS deployments
  • How the traditional kill chain applies to SaaS, and why SecOps monitoring is necessary
  • How SaaS Security Posture Management (SSPM) can be incorporated into existing security programs like CTEM and Vulnerability Management and Zero Trust

14:30 - 15:15  Executive Boardroom

Thriving Through Economic Uncertainty with Effective Cost Optimisation

Amir Ofek headshot

Amir Ofek

CEO, AxoniusX

Axonius

Lorraine Dryland headshot

Lorraine Dryland

Global CISO

First Sentier Investors

Sarah Lawson headshot

Sarah Lawson

CISO & Deputy CIO

University College London

In an era of economic uncertainty, organisations are facing intensified scrutiny over budgets across all departments, including security. As CISOs reassess technology investments, cybersecurity teams are challenged to achieve more with less. This necessitates a strategic approach to cost optimisation and resource allocation. To navigate these challenges, CISOs must prioritise the automation of manual tasks and leverage existing tools and assets effectively.

Join this session to discuss:

  • Identifying the types of cost inefficiencies in your security team
  • Develop strategies to optimise costs and showcase ROI during financial challenges
  • Embrace modern cybersecurity asset inventory for cost optimisation and enhanced protection

15:15 - 15:45  Networking Break

15:45 - 16:30  Breakout Session

Defend Your Cybersecurity Investments with Executives Through Outcome Driven Metrics

Eduardo Mastranza headshot

Eduardo Mastranza

VP, EMEA Lead Gartner for CISO Executive Programs

Gartner

Elevate your cybersecurity discourse to the executive level with Outcome Driven Metrics (ODMs). Join this workshop to deepen your understanding of how ODMs can enhance critical conversations about cybersecurity with key stakeholders. Through engaging role-playing, gamification, and hands-on practice, participants will harness the power of ODMs to navigate crucial discussions effectively, ultimately safeguarding their cybersecurity initiatives and investments.

You'll leave this workshop with:

  • ODM Mastery: Gain expertise in ODM frameworks for clearer communication and alignment with executives in cybersecurity discussions
  • Presentation Proficiency: Enhance your ability to craft compelling presentations using ODMs, effectively articulating cybersecurity needs and demonstrating value to decision-makers
  • Investment Defense: Equip yourself with tools to defend cybersecurity investments with concrete outcomes and metrics, fostering confidence and support from executive leadership

15:45 - 16:30  Executive Boardroom

Quantifying Cyber Risk — How are you Approaching it?

Jim Roach headshot

Jim Roach

CISO

Whitbread plc

Matt Broomhall headshot

Matt Broomhall

CISO

Lloyd's of London

Quantifying cyber risk remains a formidable challenge for CISOs across industries. From articulating risk appetites to demonstrating ROI, navigating the landscape requires innovative approaches and shared insights. Join us for an open, interactive discussion as we delve into key questions, and explore strategies for refining risk quantification methodologies. There’s no silver bullet, but this session aims to create an open forum for CISOs to discuss how they approach this key topic.

Join us to unpack:

  • Exploring universal principles for risk quantification such as articulating risk appetite, showcasing improvement and justifying investments
  • Navigate nuances in metric selection, alignment with goals, and industry benchmarking
  • Sharing your approach to risk quantification, and how you’ve adapted it after changing roles

15:45 - 16:30  Executive Boardroom

Navigating Regulatory Compliance Across a Global Footprint

Michell Martins headshot

Michell Martins

CISO

Scania

Juan Manuel Munoz Perales headshot

Juan Manuel Munoz Perales

Global Head of Security in Digital Transformation

MAPFRE

Sanjay Kapoor headshot

Sanjay Kapoor

CISO, Global Corporate IT

Worldline

Amidst a surge of regulations in various nations and the EU, alongside a continuously evolving attack landscape, regulatory bodies are intensifying their emphasis on cyber defence. This shift underscores the pressing need for CISOs to navigate the expanding array of regulations across diverse markets. Join us for an in-depth roundtable dialogue featuring experts in the field of network and information systems security to discuss the critical aspects and implications of the new regulations. Delve into crucial insights and ramifications of emerging regulations, as we explore strategies for effective compliance management in this dynamic environment.

Join this Executive Boardroom to discuss:

  • Discussing strategies for CISOs to comply with differing regulations across a global footprint
  • Best practices for compliance, including the newest risk assessment methodologies and security controls
  • Considering specific new regulations such as the NIS2 Directive, DORA and the SEC's New Cybersecurity Disclosure Requirements

15:45 - 16:30  Executive Boardroom

Securing OT Convergence — Key Considerations for CISOs

Ashish Shrestha headshot

Ashish Shrestha

Group CISO

Jaguar Land Rover

Paul Key headshot

Paul Key

CISO & VP Information Security

Smith & Nephew

As organisations converge their Operational Technology (OT) and enterprise IT systems, new opportunities emerge alongside potential security threats. This session addresses the initial challenges faced by CISOs in this context, including managing security without disrupting business operations, ensuring data integrity for AI-driven decision-making, and understanding the strategic perspective of executives. The session also explores the roles and responsibilities within the converged environment and their implications for the overall security strategy.

Join this boardroom to delve into these key points:

  • Balancing Security and Productivity — CISOs secure operations without disrupting productivity targets
  • Reviewing the challenges you face when dealing governance risk paradigm with coherent management of IT, OT and IOT convergence
  • Strategic Considerations — The session explores executive actions and perspectives in OT and enterprise IT convergence

16:30 - 16:45  Break

16:45 - 17:30  Keynote

How Adaptability Will Help You Drive Multi-Year Cyber Maturity

Nigel Richardson headshot

Nigel Richardson

Managing Director

Adapt and Exceed Limited

Enhancing your business's cyber capability is a multi-year journey towards ever-evolving maturity, transcending daily threat management and business support. It competes with other organisational transformations while contending with the innovative strategies of cybercriminals. As a CISO, your strategic plan must anticipate frequent and significant changes, requiring constant adaptation. The psychological demands on CISOs and their teams in navigating this dynamic, chaotic landscape extend beyond keeping your organisation secure.

In this session, we will explore the CISO world through the psychological lens of Adaptability, focusing on some of the critical Ability, Character, and Environmental factors that you can understand and develop to grow:

  • The skills of you and your team for the journey ahead
  • The mindset of your stakeholders as advocates of the journey required
  • Your business inherent “Changeability” as the journey reveals unexpected hazards and course corrections

17:30 - 18:00  Closing Comments and Prize Drawing

10 June 2024

11 June 2024

We look forward to seeing you at an upcoming in-person gathering


Evanta cares about the health and safety of our community. Please review the following recommendations prior to attending the gathering.

Location


Venue & Accommodation

Royal Lancaster London
MORE INFORMATION

A block of rooms has been reserved at the Royal Lancaster London at a reduced conference rate. Reservations should be made online or by calling 020 7551 6000 . Please mention UK CISO Executive Summit to ensure the appropriate room rate.

Deadline to book using the discounted room rate of £432 GBP (plus tax) is 17 May 2024.

Your Community Partners


Global Thought Leader
CISO Thought Leaders
Key Partners
Program Partners

Community Programme Manager


For inquiries related to this community, please reach out to your dedicated contact.

Luis Arango Abello

Senior Community Programme Manager

+44 (0)1784 267 880

luis.arangoabello@gartner.com