The European Information Security Summit 2018 (TEISS)

TEISS 2017 featured over 60 sessions in 3 distinctive streams


KEYNOTE: Unsafe Harbor – how will today’s regulations affect tomorrow’s operations?

•Preparing for the increase in resource requirements and the change in response processes

•Understanding GDPR’s definition of ‘personal data’, the impact on commercial data, and what this means for compliance requirements

•Will the EU courts allow Privacy Shield to stand? If not, what can businesses do to prepare?

by Edward Lucas, Senior Editor, Author of critically-acclaimed ‘Cyberphobia’, The Economist Show Profile


KEYNOTE: Preparing for the impact of mandatory reporting

•Start the clock: when do your 72 hours begin?

•Budgeting for higher penalties and greater compliance costs

•Mitigating against the potential increase in brand damage

by Paul McCormack, Senior Legal Counsel, Global Data Privacy, Digital and Cyber, HSBC Show Profile


Outlining the UK’s cyber security strategy

The UK government has announced a £1.9bn transformative investment over the next five years in support of its new cyber security strategy. But what does this actually mean? James Snook, Deputy Director of the Office for Cyber Security and Information Assurance (OCSIA), Cabinet Office, explains the Government’s strategy, where the investment will go, and how this is going to impact the cyber security industry.

by James Snook, Deputy Director of the Office for Cyber Security and Information Assurance (OCSIA), Cabinet Office Show Profile


Announcing a new TEISS initiative

  • That InfoSec issue you are struggling with right now – someone else in the room has probably already solved it
  • That InfoSec work you completed recently – many in the room would love to know how you did it
  • How can we tap into the rich experience of the conference audience?

by Stephen Citron, Director, The Peer Awards Show Profile


Refreshment break & networking



  • Achieving digital transformation and compliance successfully, in the light of GDPR and cloud services
    • Hosted by Robert Coleman, Chief Technology Officer – UK&I, CA Technologies
  • How do you solve a problem with non-malware
    • Hosted by John Wood, Cyber Security Evangelist, EMEA, Carbon Black
  • Overcoming the business burden of protecting the endpoint
    • Hosted by Cyberark
  • Cloud identity governance: power up your trajectory into the cloud
    • Hosted by Adrian Crawley, Director UK & Nordics, Sailpoint
  • Gaining visibility in cloud use, compliance and threat protection to achieve data and device security in the cloud
    • Hosted by Charlie Howe, VP EMEA, Skyhigh Networks
  • Tackling the key challenges of an efficient detection and response cyber security operation
    • Hosted by David Belder, Chief Information Officer, Verint Systems Limited
  • Artificial Intelligence – Fancy maths or a pragmatic answer to cyber security gaps and challenges?
    • Hosted by Matt Walmsley, EMEA Director, Vectra Networks
  • Leaveraging machine learning for cyber threat intelligence to predict and block cyber attacks
    • Hosted by Jonathan Gad, Marketing Director, Intsights
  • How can you measure your enterprise cyber risk? 
    • Hosted by Andy Norton, Risk Officer, SentinelOne
  • Effectively and accurately tracking the insider threat
    • Behavioral indicatiors of the insider threat – technical and non-technical
    • How to train staff to be part of effective insider threat management process
    • The future of AI and machine learing and how to get the most out of these technologies
      • Hosted by Dr. Jamie Graves, Founder and CEO, Zonefox



WORKSHOP: AI/Machine Learning: Marketing hype or a True Disruptor in the Security Landscape?

by Evan Davidson, VP EMEA, Cylance Show Profile


WORKSHOP: GDPR vs Insider Threat- Why Insider Threat management is critical for GDPR compliance


Lunch & Networking

CHAIR: Nigel Harrison, Co-Founder, Cyber Security Challenge UK

BUSINESS UPDATE: Shifting responsibility away from IT for a genuinely secure operation

  • Clarifying the roles of information owners and information custodians
  • Why you should give responsibility to non-IT personnel
  • Creating a culture of ownership in order to make everyone responsible for security

by Steve Durbin, Managing Director, Information Security Forum Show Profile


HOW TO: Strengthen your business continuity plans


CASE STUDY: Implementing an effective cyber security education process

  • Reinventing information security & privacy training – lessons learned from global organisations
  • Training the trainer – lessons learned from global training providers
  • Is innovating efficient?

by Noriswadi Ismail, Senior Manager- Risk (Data Protection & Privacy),,  Ernst & Young Show Profile


SPRINGBOARD DISCUSSION: Bringing good practice in business continuity management to cyber security

An expert in business continuity will outline the best practice tips on preparing organizations to build resilience in dealing with potentially disruptive incidents. Our panel of experts will then discuss how to these practices relate to cyber security.

by Patrick Alcantara, Senior Manager, Business Resilience, Insight & Strategy, Business Continuity Institute Show Profile

by Adam Bland, Head of Emergency Preparedness, Resilience and Response, NHS England Show Profile

by Silas Bartlett Show Profile

by Kev Brear, Senior Manager, Grant Thornton LLP Show Profile


Refreshment break & Networking


BUSINESS UPDATE: Minimising the vulnerabilities of external and internal threats

by David Gibbs, Compliance/Risk officer, Knight Frank Investment Management Show Profile


SPOTLIGHT: How should security risk feature within the corporate agenda?

•Calculating your customer risk appetite: awareness vs transferred cost

•Balancing fear against security needs: is there a danger that fear is governing company priorities?

•Which cyber risks are necessary in order to do business?


PANEL DISCUSSION: Developing a communications strategy to get the Board on board

•Translating technical risk management into financial impact: how does cyber security affect the company’s bottom line?

•How to justify your cyber defence funding in the absence of a breach

•Finding the risk appetite: achieving an economically acceptable level of security

by Sanjay Kapoor, Head of Security, Worldline Show Profile

by Laura Dawson, CIO, British Council Show Profile

by Steve Watt, CIO, University of St Andrews Show Profile

CHAIR: Ed Moyle, Director of Thought Leadership & Research, ISACA

HOW TO: Prepare for the rise of the connected machine

•Managing the risks of lack of native security and patching in newly connected devices

•Updating security architecture with BYOD as standard, and re-thinking our approach to inventory

•The final death of perimeter defence: exposing home networks and connecting them to the corporate environment

by Patrice Slupowski, Vice President Digital Innovation, Orange Show Profile


BUSINESS UPDATE: the new era of cyberthreats – the shift to self-learning, selfdefending networks

•Preparing for the new age of silent, stealthy attacks that lie low in networks for weeks and months

•Understanding why legacy approaches, like rules and signatures, are proving inadequate on their own

•Exploring how new ‘immune system’ technologies based on advanced mathematics and machine learning are being deployed today

•Real-world examples of subtle, unknown threats that routinely bypass traditional controls

by John Dyer, Account Director, Darktrace Show Profile


SPRINGBOARD DISCUSSION: Holding a power grid to ransom – what to plan for in a connected world

•Understanding the risks of an industrial, national or global system hack: who is at risk, how are the attacks organised, and why are they successful?

•How does this impact corporate and government risk appetite?

•Protecting corporate information in globally connected operations

•How can manufacturers be persuaded to build security into their devices?

by Nikolay Koval, Retired Head of Unit , State Service of Special Communications and Information Protection of Ukraine & former CERT-UA officer Show Profile

by Ian Smith, Technical Lead Project Manager, GSMA Show Profile

by Ken Pease, Visiting Professor of Crime Science, Department of Security and Crime Science, UCL Show Profile

by Niels Haverkorn, Vice President Connected Solutions,, Volvo CE Show Profile


Refreshment break & Networking


BUSINESS UPDATE: Cyber hunting on steroids – how machine learning accelerates cyber-hunting

  • Implementing a proactive approach to security
  • Using automated technologies to locate and triage breaches
  • Understanding how machine learning makes cyber-hunting accessible

by Simon Minton, Director of Business Development EMEA, Cybereason Show Profile


HOW TO: Implement Privacy by Design and Default

  • Implementing privacy by design and by default into new technology
  • Mitigating and managing privacy and security risks
  • Ensuring compliance with GDPR when developing new technology

PANEL DISCUSSION: Privacy challenges surrounding data analytics

•Why consolidating data will improve your data analytics

•Complying with GDPR requirements: are you giving power to the customer to review their data at any time?

•Managing data encryption, access and ownership in accordance with customer preferences

by Cameron Craig, Deputy General Counsel - Data Privacy & Digital - Group Head of Data Privacy, HSBC Show Profile

by Steve Wright, Group Data Privacy & InfoSec Officer, John Lewis Show Profile

by Kirsten Mycroft, Chief Privacy Officer, BNY Mellon Show Profile

by Simon Wright, Strategic Governance Manager - Data Protection and Privacy, Sky Show Profile

Moderator: Emma Lindley, UK Board Member, OIX

BUSINESS UPDATE: Demystifying trust, digital security and eID

  • Understanding the EU and its new EU Trust Services Regulations
  • How do Trust Services impact your business?
  • Knowing how  your business can take advantage of eID

by Jon Shamah, Chair, EEMA Show Profile


HOW TO: Create a decentralized identity architecture to improve security

•Empowering the individual vs. centralised identity management: the pros and cons

•Understanding if a blockchain is appropriate for your organisation, and how to implement it

by Adam Cooper, Lead Technical Architect for Identity Assurance Programme, Government Digital Service, Cabinet Office Show Profile


SPRINGBOARD DISCUSSION: The risks and rewards of biometric access

•Using context-based and behaviour biometrics to track usage patterns and flag potential incidents

•Assessing reliability: are biometrics up to the job?

•Linking wetware to firmware: anonymity, identity control, and the Big Brother problem

by Adam Cooper, Lead Technical Architect for Identity Assurance Programme, Government Digital Service, Cabinet Office Show Profile

by Paul Stanborough, Managing Director, Aditech Show Profile

by Stephen Savage, Head of Customer Experience Solutions, Naunce Communications Show Profile


Refreshment break & Networking


HOW TO: Manage IAM in the Internet of Things

•How to monitor privileges and access levels in identities cloned across the cloud

•Authenticating the identities of connected devices •Securing connected devices inside the corporate perimeter

by Paul Simmonds, CEO, Global Identity Foundation Show Profile


HOW TO: Make Active Directories work with your systems

•Linking corporate systems in with cloud and the Internet of Things

•Managing dummy accounts for off-payroll access

•Is there a solution for triggering the release of defunct identities from access systems?


PANEL DISCUSSION: Enforcing the perimeter – increasingly important or increasingly impossible?

•Scaling solutions to the Internet of Things: are current IAM systems up to the job?

•Agency and primacy in the new world: who controls identity on the connected device?

by Stijn Stabel, Head of Architecture & Innovation, Alcopa Show Profile

by Paul Simmonds, CEO, Global Identity Foundation Show Profile

by Paul Raines, CISO, United Nations Development Programme Show Profile

by Hans-Robert Vermeulen, Solution Sales Lead EMEA, Sailpoint Show Profile


Cyber security for SMEs – Part 1

•Examining the risks, threats and latest MOs of cyber criminals, and methods for avoiding them

•Using case studies and police data to analyse areas of weakness

•Looking at localised threat reports, targeting the areas where those in attendance have their businesses

by Jack Lemon, Community Engagement and Threat Intelligence, London Digital Security Centre Show Profile

by Angela Heeler, Senior Business Analyst, London Digital Security Centre Show Profile


Refreshment break & Networking


Cyber security for SMEs – Part 2

•Exploring cyber hygiene and what SMEs need to do to stay secure

•Implementing Cyber Essentials for SME businesses, including: awareness, secure habits, security software, updating and patching, system configuration, network protection, access control, firewall configuration

by Jack Lemon, Community Engagement and Threat Intelligence, London Digital Security Centre Show Profile

by Angela Heeler, Senior Business Analyst, London Digital Security Centre Show Profile



Drinks Reception

Chairman: Nigel Harrison, Co-Founder, Cyber Security Challenge UK

HOW TO: Design a training programme that works with the way people naturally behave

•Using psychology to make cyber security training stick

•Measuring the impact of security controls on productivity

•Working within ‘desire lines’: minimizing friction in security processes

by Professor Angela Sasse, Professor of Human-Centred Technology, Director, UK Research Institute in Science of Cyber Security (RISCS), UCL Show Profile


CASE STUDY: The Jigsaw Effect – how hackers groom your staff

•Raising staff awareness of their security profile across all personal and professional platforms

•Applying real-world security to the online environment

•The methodology behind the Anthem breach: it could happen to you

by Tim Wilson, CISO, Optum International Show Profile


PANEL: Finding a common language to promote awareness across the company

•Building a culture of holistic cyber security awareness

•Not just IT: how to make cyber security everyone’s responsibility

•Converging communications between Information Technology and Operational Technology

by Martin Smith, Founder, The Security Company Show Profile

by Gary George, Head of Technical Services, HH Global Show Profile

by Jeremy King, International Director, PCI Security Standards Council Show Profile

by Professor Lizzie Coles-Kemp, Professor of Information Security, Information Security Group, Royal Holloway University of London Show Profile


Refreshment break & Networking


HOW TO: Educate your extended enterprise – going beyond your employees

•Ensuring your suppliers and customers are aware of the risks

•Making a business case for an external training programme

•Best practice for educating non-employees to your security standards

by Martin Smith, Founder, The Security Company Show Profile


BUSINESS UPDATE: Strengthening the cyber security of British businesses

  • Managing cyber security as a business risk: Where to find help and advice
  • Getting the basics right: The Cyber Essentials scheme
  • Regulation: Implications of the General Data Protection Regulation for cyber security

by Helen Musgrove, Deputy Director Cyber Security - Europe, Data, Digital and Security Directorate, Department for Culture, Media & Sport Show Profile

CHAIR: Ed Moyle, Director of Thought Le adership & Research , ISACA

CASE STUDY: Negligent cyber security – how and when did we become liable to third parties?

•Understanding how security failures can also create liability to others

•How liability arises: looking beyond the immediate supply chain

•Re-examining security assumptions to minimise risk in the extended enterprise

by Robert Carolina, Executive Director, Institute for Cyber Security Innovation, Royal Holloway University of London Show Profile


HOW TO: Secure the supply chain in the cloud

•Assessing the risk and level of protection cloud can provide

•Working with suppliers who use cloud when your company doesn’t

by Dave Allen, RVP Western Europe, Palo Alto Networks Show Profile


PANEL DISCUSSION: Tackling the challenges of compliance in the extended enterprise

  • Understanding the processes and security policies of suppliers before enforcing governance on them
  • To comply or not: what if the client’s requirements are a bad idea?
  • Compliance with the law versus compliance with speaker contracts



by Dai Davis, Solicitor & Chartered Engineer, Percy Crow Davis & Co. Show Profile

by Don Eijndhoven, Founder, Dutch Cyber Warfare Community Show Profile

by Ben Lindgreen, Head of Security Delivery, PaymentsUK Show Profile

by Jane Whitgift, Founder - Whitgift Security, IASME Certification Body Show Profile


Refreshment break & Networking


BUSINESS UPDATE: Mitigating DDoS attacks

•Understanding the different types of DDoS attacks and how they can affect organisations

•Mitigating their impact – what solutions are available?

by Mike Smith, Solutions Architect - Security Systems, Sungard Availability Services UK Show Profile


CASE STUDY: Delivering secure citizen wallet services on a replicable smart city data platform

•Addressing the challenges of authentication, privacy and resilience when delivering a secure citizen wallet interface

•Replicating a cloud based solution stack using a consistent architecture

•Evolving new citizen services without redesigning

by Paul Copping,  Chief Innovation Officer,, Digital Greenwich; Royal Borough of Greenwich Show Profile

Moderator: Emma Lindley, UK Board Member, OIX

CASE STUDY: Best practice advice for managing Segregation of Duties access

•Understanding new regulations and governance around segregated access

•Managing multi-faceted cyber security policies across an international business

•Creating control activities to detect exceptions to access rights

by Edina Dobos, Global Segregation of Duties & Application Controls Manager, Diageo Show Profile


HOW TO: Visualise your environment to understand the attack surface

  • Visualising existing security vulnerabilities: how attackers using privileged accounts to move laterally throughout the environment?
  • Understanding the attack surface and prioritising risk mitigation
  • Using technology to provide insight into the IT environment

by David Higgins, Presales & Professional Services Manager, Cyberark Show Profile


PANEL DISCUSSION: Segregating third party access in the cloud

•Do you know how much control you have over your own data in the cloud?

•Monitoring and segregating third party access to data, including cloud hosts

•Assessing your suppliers’ compliance and implementing controls

by James Hamon, Head of Information Security, Financial Ombudsman Service Show Profile

by Antonis Michalas, Head of the Cyber Security Group, University of Westminster Show Profile

by Mark Manulis, Deputy director of Surrey Centre for Cyber Security, University of Surrey Show Profile


Refreshment break & Networking


HOW TO: Achieve system interoperability for improved identity and access management

•Avoiding technology lock-in: looking at the options available on the market

•Tackling the challenges of connecting access management systems

•Working towards the future of superset identity management

by Karthik Selvaraj, Consultant Platform Architect, British Gas Show Profile


CASE STUDY: Creating identities for ‘thin files’

•Solving the global identity crisis around people who can’t be remotely verified due to lack of online presence, such as refugees

•Making ‘thin file’ electronic identities work in a secure environment

by John Edge, Chairman, Show Profile


Crisis Media Skills – Part 1

•Anatomy of a crisis: TalkTalk vs. Mumsnet

•Top tips on marshalling the essential information

•How to give a clear and positive report without laying yourself open to blame

•Taking the initiative when the media onslaught begins

by Paul Murricane, Course Director, Media Mentor Show Profile


Refreshment break & Networking


Crisis Media Skills – Part 2

•Practical exercise: a 1-1 interview which may start as you expect but end quite differently

•Playback and analysis

by Paul Murricane, Course Director, Media Mentor Show Profile



Improving Recovery Speed


Defining security KPIs


Making Cyber Insurance Useful

by Adrian Davis, Managing Director, ISC(2) Show Profile


Lunch & Networking



CHAIR:  Paul Taylor, Partner & UK Head of Cyber Security, KPMG

KEYNOTE: The maturing threat landscape – what to watch out for

•The falling cost of Crime as a Service – collaboration and organised gangs

•State-sponsored cyber attacks: the changing geopolitical climate

•The threat to critical infrastructure and newly connected IoT devices

•Understanding what data is being sold and for how much

by Jamie Shea, Deputy Assistant Secretary General, Emerging Security Challenges, NATO Show Profile


KEYNOTE: Countermeasures to protect against ransomware

The ransomware epidemic is showing no signs of slowing down. We are not only seeing the surfacing of newer families, but the commitment of malware creators to create continuous updates in previously-released malware for its easy deployment and potential for profit. In the first five months of 2016 alone, 50 new ransomware families were discovered – an average of 10 per month.

This session will look in detail at the aggressive nature of cyber extortion campaigns, what is driving this surge in Ransomware, and what organisations can do to better protect themselves. Rik Ferguson will outline the tactics used by cyber criminals, and the countermeasures needed to address these at every stage of the attack lifecycle.

by Rik Ferguson, Vice President Security Research, Trend Micro Show Profile


CLOSING KEYNOTE: How secure are you, Mr. Smith?

Poacher-turned-gamekeeper Jamie Woodruff will demonstrate how he gained access to some of the world’s most secure areas through social engineering. As the expert in cyber security at your firm, surely you can’t be hacked?

by Jamie Woodruff, Social Engineer, Patch Penguin Show Profile

16:10 Close of Conference
back to top

Copyright © Lyonsdown Ltd. 2016. All rights reserved.