programme at a glance – day 1 2019 draft agenda...resilience and resisting attack (m1) safety and...

Lead Sponsors

PROGRAMME AT A GLANCE – DAY 1

TIME ACTIVITY

08:30-10:00 Registration and Exhibition Opens (Hall 4)

10:00-10:40 Plenary 1 (Clyde Auditorium, Armadillo)CEO Welcome and Introduction to CYBERUK 2019Senior Government KeynoteSenior Industry Keynote

10:40-12:15 Plenary 2 (Clyde Auditorium, Armadillo)Five Eyes Panel Discussion on Global Cyber IssuesCYBERUK 2019 Stream Introductions

12:15-14:00 Networking Lunch, Exhibition, Lightning Talks (Hall 4) 12.45-13.25 INTERACTIVE WORKSHOPS

(Carron) (M2&3)

FireEye: Cyber Attack Simulation

Consumer IoT Security: Next Steps for Legislation and Secure by Design

STREAM A STREAM B STREAM C STREAM D STREAM E STREAM F STREAM G STREAM G

COLLABORATING SECURELY (Boisdale)

SYSTEM MODELLING & AI

(Dochart)

COUNTERING THE ADVERSARY (Hall 1)

RESILIENCE AND RESISTING ATTACK (M1)

SAFETY AND CYBER SECURITY (Lomond Auditorium)

GROWING CYBER IN THE UK (Alsh)

INTERACTIVE WORKSHOPS (Carron)

INTERACTIVE WORKSHOPS (M2&3)

14:00-14:40 Cloud: The Latest Thinking from NCSC on Cloud

I’ve Got Data, Now What? A Centenary of Countering Cyber Adversaries

Cyber Leadership: Top Tips for Staff

Why We Should All Care About Safety and Cyber Security

Building a Cyber Security Workforce: Rising to the Challenge of Engaging, Educating, and Enthusing a New Generation of Cyber Talent

Cyber Den (Starting at 13:45)

Building an Ecosystem of Communication Apps that are Interoperable and Secure by Design

14:50-15:30 Collaboration in the Fight Against Cyber Crime: Activating a Community Across Industry

Modelling and AI for Dummies: Science Fact – Not Science Fiction

2019 Threat Assessment Understanding Regulations Triton Malware Case Study: FireEye, Schneider Electric & NCSC

Overview of NCSC Commercial Assurance Schemes

EclecticIQ: Importance of a Shared Data Model for Intelligence Collaboration

15:30-16:10 Coffee Break & Exhibition (Hall 4)

16:10-16:50 ROSA - Collaboration for High Threat Systems

Boosting Security Defence at Cloud Scale through Machine Learning

Pulling up your SOC’s: Addressing Alert Fatigue and the Cyber Skills Gap by Thinking Differently

Identifying Risks in Supply Chain

Industrial Internet of Things Product Assurance: A Dependable Process... or a Series of Unfortunate Events?

Password Managers / HIBP Bitcoin Demonstration

17:00-17:40 Secret on Mobiles? There’s an App (and Architecture) for That

Near Future Impact of AI on Businesses

Cybercrime Botnets: Trends and Observations

Strengthening Cyber Resilience in the Public Sector: The Scottish Experience

Siemens and the Secrets of Stuxnet

Building the Profession SNC-Lavalin’s Atkins: Network and Information Systems (NIS) Regulations – The First Year

17:50-18:30 Plenary 3 (Clyde Auditorium, Armadillo)Cyber Defence Ecosystem

18:30-21:00 Networking Evening (Hall 4)

21:00 CLOSE OF DAY ONE

Lead Sponsors

PROGRAMME AT A GLANCE – DAY 2 THURSDAY 25 APRIL 2019

TIME ACTIVITY

08:15-09:00 Registration and Exhibition (Hall 4)

09:00-10:00 Plenary 4 (Clyde Auditorium, Armadillo)CEO Welcome and Review of Day 1 Panel Discussion: Making the UK the Safest Place to Live and Work OnlineSenior Industry Keynote


10:30-10:50 Plenary 5 (Clyde Auditorium, Armadillo)Ministerial Address

STREAM A STREAM B STREAM C STREAM D STREAM E STREAM F STREAM G STREAM G

COLLABORATING SECURELY (Boisdale)

SYSTEM MODELLING & AI

(Dochart)

COUNTERING THE ADVERSARY (Hall 1)

RESILIENCE AND RESISTING ATTACK (M1)

SAFETY AND CYBER SECURITY (Lomond Auditorium)

GROWING CYBER IN THE UK (Alsh)

INTERACTIVE WORKSHOPS (Carron)

INTERACTIVE WORKSHOPS (M2&3)

11:00-11:40 Securing your Email: Lessons from Active Cyber Defence

Practicalities of Modelling and Analysis of Complex Systems

Making a Molehill out of a Mountain

A Case Study: How to Work with Sensitive UK Contracts whilst Operating in a Complex Threat Environment

Connected and Autonomous Vehicles

CyberFirst Cyber Den (starting at 10:45)

Vulnerability Disclosure

11:50-12:30 Social Media: The Risk to your Organisation from Collaborative Spaces and How to Manage Those Risks

How Many Printers Do I Have on My Network?

Oh That Was Clever! When Even Jaded Incident Responders are Impressed

Active Cyber Defence: Now and the future

What Cyber Security can Learn from Safety

Skills and Education CompTIA: Improving Risk Management and Escaping the Metrics Matrix: Deconstructing the Red and Blue Teams

12:30-14:00 Networking Lunch, Exhibition, Lightning Talks (Hall 4) 12.45 -13.25 INTERACTIVE WORKSHOPS

(Alsh) (Carron) (M2&3)

Protective DNS New Feature Launch: Reporting, Logs & SIEM Integration (Public sector only)

eSentire: Live Hack Demonstration: Inside the Mind of a Hacker

Building and Questioning Realistic Virtual Environments (runs until 13:45)

14:00-14:25 Plenary 6 (Clyde Auditorium, Armadillo)Panel Discussion: Helping to Build a Talent Pipeline that Reflects the Diversity of the UK

14:35-15:15 What Takes Precedence, Prosperity or Security?

Cutting Edge Cyber Security Research into Modelling and AI

Incident Management: ‘Who You Gonna Call?’

In Search of Resilience: Challenges in Building a Resilient Culture

Critical National Infrastructure in Scotland

Research and Innovation Crowdstrike: Hacking Exposed. Stories from the Frontline: Lessons Learnt in Responding to the Most Advanced Cyber Attacks


15:55-16:35 The Human Aspects of Cyber Vulnerabilities

The Ethical Considerations of Developing AI

Future Threats: What Cyber Has in Store

Cyber Security for Individuals and Families

Research and Development in Safety and Cyber Security

Collaborative, Coherent and Inclusive: Scotland’s Approach to Nurturing Cyber Talent

All You Need to Know About Logging Made Easy (LME)

Developing a Diverse Cyber Workforce

16:45-17:30 Plenary 7 (Clyde Auditorium, Armadillo)Panel Discussion: In the Eye of the Storm Closing Comments

17:30 CLOSE OF CYBERUK 2019

PLENARY AGENDA

WEDNESDAY 24 APRIL 2019

PLENARY 110:00 – 10:40

CEO WELCOME AND INTRODUCTION TO CYBERUK 2019 Ciaran Martin, Chief Executive Officer, NCSC

SENIOR GOVERNMENT KEYNOTE

SENIOR INDUSTRY KEYNOTE Kevin Brown, Managing Director, BT Security

PLENARY 210:40-12:15

FIVE EYES PANEL DISCUSSION ON GLOBAL CYBER ISSUESFive Eyes security agencies: Representatives from Australia, Canada, New Zealand, United Kingdom & United States This session will open discussions with our key allies across the world, and address global collaboration on threat sharing, joint operations and beyond, bringing a closer international approach, to the mutual benefit of all.Yasmin Brooks, Director for Cyber Security and Data, DCMS (Chair) Scott Jones, Head of the Canadian Centre for Cyber Security (Canada)Rob Joyce, Senior Cyber Security Advisor, NSA (United States)Ciaran Martin, Chief Executive Officer, NCSCScott MacLeod, First Assistant Director-General Protect, Assure & Enable (Australia) Jan Thornborough, Unit Manager, Outreach and Engagement, National Cyber Security Centre (New Zealand)

CYBERUK 2019 STREAM INTRODUCTIONS

PLENARY 317:50 – 18:30

PANEL DISCUSSION: CYBER DEFENCE ECOSYSTEMThe NCSC’s Active Cyber Defence programme is now two years old. This session will highlight successes of the programme so far, what the future holds, and what users of the service must still do themselves. The NCSC leads will reveal what is coming up next for some of the ACD services, and partners will explain how they’re helping the NCSC scale up the ACD effects to be truly national. The session will conclude with a look to the future for the ACD ecosystem.Paul Chichester, Director for Operations, NCSCCath Goulding, Head of Cyber Security, NominetDave Harcourt, Chief Security Advisor, BTSteve Kennett, Security Director and SIRO, JISCDr Ian Levy, Technical Director, NCSC

THURSDAY 25 APRIL 2019

PLENARY 409:00 – 10:00

CEO WELCOME AND REVIEW OF DAY 1 Ciaran Martin, Chief Executive Officer, NCSC

MAKING THE UK THE SAFEST PLACE TO LIVE AND WORK ONLINE Chaired by Lionel Barber, this panel will explore how different agencies handle their remits in a complex environment. Panellists will discuss how they are working together to fulfil the national ambition of making the UK the safest place to live and work online.Lionel Barber, Editor of the Financial Times (Chair)Elizabeth Denham, Information Commissioner, ICOChief Constable Peter Goodman, Derbyshire ConstabularyCiaran Martin, Chief Executive Officer, NCSCSharon White, Chief Executive, OFCOM

SENIOR INDUSTRY KEYNOTE Adam Palser, Chief Executive, NCC Group

PLENARY 510:30 – 10:50

MINISTERIAL ADDRESS Rt Hon David Lidington CBE MP, Minister for the Cabinet Office and the Chancellor for the Duchy of Lancaster

PLENARY 614:00 – 14:25

PANEL DISCUSSION: HELPING TO BUILD A TALENT PIPELINE THAT REFLECTS THE DIVERSITY OF THE UK There is a greater than ever need for more people to work in cyber security. This session will explore vital issues such as tackling the cultural and gender barriers to careers in cyber security, attracting and supporting neurodiverse staff, and social mobility.Chris Ensor, Deputy Director for Cyber Skills and Growth, NCSCZoe Gorringe, Masters Student reading Intelligence, Security and Strategic Studies, Glasgow UniversityNoha Amin, Information Security Awareness Manager, TalkTalkPearl Noble-Mallock, Head of Product and Cyber Security, BAE SystemsEmma Philpott, CEO, IASME and MD, UK Cyber Security Forum CIC

PLENARY 716:45 – 17:30

PANEL DISCUSSION: IN THE EYE OF THE STORM The closing session of CYBERUK 2019 will look at cyber incidents from varying viewpoints. Panellists from different perspectives (from operational, technical, international and crisis communications backgrounds) will share their experiences and lessons learnt.Clare Gardiner, Director for Engagement, NCSC (Chair)Nicola Hudson, Director of Communications, NCSCGwenda Fong, Director, Strategy, Singapore Cyber Security CentreJim Stokley, Deputy Director, National Cyber Crime Unit, NCAOllie Whitehouse, Global Chief Technical Officer, NCC Group Lewis Woodcock, Head of Cyber Security Compliance, Maersk

CLOSING COMMENTSCiaran Martin, Chief Executive Officer, NCSC

Room: Clyde Auditorium (Armadillo)

STREAM A AGENDA


SESSION 114:00 – 14:40

CLOUD: THE LATEST THINKING FROM THE NCSC ON CLOUDTwo of the NCSC’s most senior researchers into cloud usage will outline what the NCSC sees as the biggest security challenges that come with using the cloud. They will offer some suggestions around where we should be focusing our efforts and present the very latest NCSC thinking around the security properties of IaaS vs. “serverless” technologies.

Cloud Security Research Lead, NCSCSenior Cloud Security Researcher, NCSC

SESSION 214:50 – 15:30

COLLABORATION IN THE FIGHT AGAINST CYBER CRIME: ACTIVATING A COMMUNITY ACROSS INDUSTRYAn assembled panel of leading industry representatives will discuss how their role within the Cyber Security Ecosystem should lead and develop change. The panel will consider the methods, vehicles and responsibilities of industry in shaping and owning the common, high-level objectives as articulated within the National Cyber Security Strategy.

Doug Brown, Account Director for BAE/NCSCKate Kuehn, CEO USA, SenseonJonathan Luff, Co-Founder, CyLon Roxanne Morrison, Senior Policy Advisor, Digital & Innovation, CBI

SESSION 316:10 – 16:50

ROSA: COLLABORATION FOR HIGH THREAT SYSTEMSThis session will take a technical deep dive into how to build modern collaborative IT which can defend against targeted attack.

Portfolio Manager, HMGArchitect, NCSC Service Director, HMG

SESSION 417:00 – 17:40

SECRET ON MOBILES? THERE’S AN APP (AND ARCHITECTURE) FOR THATExplore how the NCSC is designing, building and helping to deploy technology that enables mobile devices to access services such as email, files and chat on high impact (e.g. classified) networks. One of the NCSC’s senior architects will give a brief recap on risks and why this is hard, discussing the new technology the NCSC is developing to tackle this challenge, what is ready now and the technology roadmap.

Architect, NCSC


SESSION 511:00 – 11:40

SECURING YOUR EMAIL: LESSONS FROM ACTIVE CYBER DEFENCEEmail is the biggest communication method for companies. Attackers know this. Companies are widely spoofed by attackers using phishing emails and spreading malware. This can have a multitude of negative effects including significantly reducing trust in these brands. This session will look at the anatomy of real attacks via email and how they work. Learn what you can do to combat this using ACD’s Mail Check technical solution.

Mail Check Cloud Infrastructure Lead, NCSCTechnical Director for Security Engineering, NCSC

SESSION 611:50 – 12:30

SOCIAL MEDIA: THE RISK TO YOUR ORGANISATION FROM COLLABORATIVE SPACES AND HOW TO MANAGE THOSE RISKSThreat actors use social media platforms to identify UK nationals working in government, the private sector and academia. By getting your workforce to think about their digital footprint and what they share online, you can ensure your staff stay safe and your critical assets remain secure. Colleagues from defence, government and academia will discuss the current threat and collaborative approaches to building a secure culture that can reduce organisational risk.

HMG RepresentativesProf Karen Renaud, Professor in Cyber Security, Abertay University

SESSION 714:35 – 15:15

WHAT TAKES PRECEDENCE, PROSPERITY OR SECURITY?How can government incentivise industry to ensure that national security needs are met, even if that means commercial viability suffers?This session will afford the audience an opportunity to learn from the experience of UK HMG, NSA and industry in to ensure that national security needs are met alongside meeting prosperity goals.

Malcolm Carrie, Global Head of Strategy & Architecture, BAE Systems (Moderator)Jacqui Chard, Deputy Director, Defence & National Security, NCSCJohn Cook, Head of Defence Assurance & Information Security, MoDRichard Elphick, Sector Lead for Energy & Utilities, BAE Systems Applied IntelligenceMike Lamont, Associate Deputy National Manager, NSA

SESSION 815:55 – 16:35

THE HUMAN ASPECTS OF CYBER VULNERABILITIESOnline scams and phishing emails have become commonplace in our daily work and domestic lives. As humans we often struggle to recognise these as malicious. Evidence shows that training has had, at best, marginal effects on alle-viating our susceptibility. Dr Phillip Morgan will talk about the difficulties we face and how we can learn to differentiate between fraudulent and genuine communications more easily.

Dr Phillip Morgan, Reader/Associate Professor in Cognitive Science & Human Factors Psychology, Cardiff University

COLLABORATING SECURELYRoom: BoisdaleExploring key considerations for leaders and cyber security professionals when establishing and working in a secure collaborative environment, using lessons learned from across government and industry.

SPONSORED BY:

STREAM B AGENDA


SESSION 114:00 – 14:40

I’VE GOT DATA NOW WHAT?To understand how data can be used to direct cyber security, it’s vital to determine the effectiveness of the latest wave of related technologies and navigate myths and preconceptions. This session busts some of the myths, guiding those who want to use these technologies in the right way to make the most out of the data they have available.

Dr Robert Hercock, Chief Research Scientist, BT Sociotechnical Security Researcher, NCSC

SESSION 214:50 – 15:30

MODELLING AND AI FOR DUMMIES: SCIENCE FACT - NOT SCIENCE FICTIONThere are a wide variety of tools and technologies that underpin the fields of system modelling and artificial intelligence. Knowing which of these are appropriate to use for cyber security is not always clear. This session aims to draw on academic expertise to describe the capabilities of the tools and approaches that are viable for cyber security stepping through common design decisions and pitfalls.

Prof Chris Hankin, Co-Director, Institute for Security Science & Technology, Imperial College LondonProf Michael Wooldridge, Head of Department & Professor of Computer Science, University of Oxford

SESSION 316:10 – 16:50

BOOSTING SECURITY DEFENCE AT CLOUD SCALE THROUGH MACHINE LEARNINGMicrosoft will share some of their experiences from failed early attempts to apply AI techniques to cyber security. They will then discuss some important detection challenges in cyber defence, both on the endpoint and in the cloud. Finally concluding with discussions about future direction, including interpretability of results achieved, and work that is putting these data-science tools in the hands of the traditional security practitioner while helping avoid learned pitfalls.

Tim Burrell, Principal Security Engineering Manager, Microsoft Joshua Neil, Principal Data Scientist Lead, Microsoft

SESSION 417:00 – 17:40

NEAR FUTURE IMPACT OF AI ON BUSINESSESArtificial intelligence is a rapidly moving field, the next wave of tools and techniques are being developed that will affect businesses. Consequently, there will be associated cyber security challenges which will impact uptake and effectiveness. This session looks to ask a panel of experts about where AI is headed for business in the next 2 - 3 years, and how to address the cyber security challenges this will bring.

Ivana Bartoletti, Head of Privacy & Data Protection, Gemserv & Co-Founder, Women Leading in AI Network Jamie Harrison, Innovation Lead, Digital Catapult (Chair)Sian John MBE, Chief Security Advisor, Microsoft Rob McCargow, Director AI, PwC Chris Moore, AI Expert & Technology Specialist, DITDr Nick New, CEO & Founder, Optalysys


SESSION 511:00 – 11:40

PRACTICALITIES OF MODELLING AND ANALYSIS OF COMPLEX SYSTEMSThe NCSC serves a wide customer base; building understanding of the cyber security challenges they face is not an easy task. This joint session between NCSC researchers and a Head Consultant from one of our Certified Cyber Security Consultancies, demonstrates the processes that underpin how system modelling can support the NCSC’s customer base to better understand their cyber security challenges.

Tony Badsey-Ellis, Co-Founder, 2T Security Senior Sociotechnical Security Researcher, NCSCSociotechnical Security Researcher, NCSC

SESSION 611:50 – 12:30

HOW MANY PRINTERS DO I HAVE ON MY NETWORK?One of the challenges facing cyber security experts is not having a good enough understanding of the problem space. Sandia National Laboratories will introduce a means of solving this using tools and techniques for building realistic virtual representations of real networks. They will demonstrate the method of performing experimental science, analysis of design alternatives, test and evaluation, or idea generation, and how this contributes to solving complex cyber security problems.

Dr David Fritz, Principal Member of Technical Staff - Cyber Security Research & Development, Sandia National Laboratories Dr Vincent Urias, Principal Member of Technical Staff, Cyber Security Research & Development, Sandia National Laboratories

SESSION 714:35 – 15:15

CUTTING EDGE CYBER SECURITY RESEARCH INTO MODELLING AND ARTIFICIAL INTELLIGENCE (AI)Research in the space of cyber security is moving at a rapid pace with many open problems and challenges. In a series of lightning talks, researchers will cover a variety of topics on system modelling and AI, demonstrating the work they are undertaking to further understand these subject areas and develop practical outcomes for cyber security.

Eirini Anthi, Research Associate, Cardiff University Jack Chapman, CTO, Aquilai Marco Cook, Researcher, University of Glasgow Rogério de Lemos, Senior Lecturer, University of Kent

SESSION 815:55 – 16:35

THE ETHICAL CONSIDERATIONS OF DEVELOPING ARTIFICIAL INTELLIGENCE (AI)The ethics behind AI is one of the most important topics surrounding the expansion and adoption of this technology. There are a wide variety of questions and concerns that impact the way we all think about AI. This session aims to table the views of thought leaders from academia, government and industry to explore how to address this.

Dr Genevieve Liveley, Senior Lecturer, Bristol University Jeremy Poulter, Director National Security, MicrosoftSociotechnical Security Researcher, NCSCDr Michael Rovatsos, Associate Professor at School of Informatics & Director of Bayes Centre, University of Edinburgh Neal Ziring, Technical Director, NSA (Chair)

SYSTEM MODELLING & AIRoom: DochartExploring techniques in advanced modelling and AI that will deliver greater understanding to help realise safer and more secure systems.

SPONSORED BY:

STREAM C AGENDA


SESSION 114:00 – 14:40

A CENTENARY OF COUNTERING CYBER ADVERSARIESThomas Rid will deliver a keynote speech on the history of cyber threats; setting the historical and geopolitical context behind the threats and adversaries facing the UK today.

Thomas Rid, Professor of Strategic Studies, School of Advanced International Studies, Johns Hopkins University

SESSION 214:50 – 15:30

2019 THREAT ASSESSMENTThe NCSC will brief on our latest understanding of the cyber threat to the UK.

Deputy Director, Cyber Assessment, NCSCDeputy Head of Focussed Threats & Operations, NCA

SESSION 316:10 – 16:50

PULLING UP YOUR SOC’S: ADDRESSING ALERT FATIGUE AND THE CYBER SKILLS GAP BY THINKING DIFFERENTLYA session around the fundamental shift in thinking required for security operations of the future. Why learning in automation and orchestration services will let you hunt the threats that you really need to focus on, not the alerts.

Colin Slater, Cyber Security Partner, PwC

SESSION 417:00 – 17:40

CYBERCRIME BOTNETS: TRENDS AND OBSERVATIONSThis session will provide an overview of the most prevalent cybercrime threats facing the UK. We will explain the evolution of the cybercrime threat, in particular the key trends over the past 12 months.

Stewart Garrick, Special Projects Manager, The Shadowserver FoundationMike Hulett, Head of Operations, National Cyber Crime Unit, NCA David Watson, Director, The Shadowserver Foundation


SESSION 511:00 – 11:40

MAKING A MOLEHILL OUT OF A MOUNTAINYou’ve heard about countering the adversary, but as an organisation with limited experience, where do you begin? What threats should you care about? How do you detect attacks? We outline the building blocks of a proportional security monitoring approach, and then delve into the practical steps the NCSC can help an organisation take to build a Detect capability. Introducing the NCSC’s upcoming ‘Logging Made Easy’ project and getting access to our threat intel.

Lead Security Architect, NCSCHead of Intelligence & Engagement, NCSC

SESSION 611:50 – 12:30

OH THAT WAS CLEVER! WHEN EVEN JADED INCIDENT RESPONDERS ARE IMPRESSEDWhen you spend your time dealing with cyber-incidents most start to become boring: ‘User was phished, attacker moved laterally and gained full compromise’ or ‘system on internet only had single factor authentication, attacker sprayed passwords at it until one of them worked’ – occasionally attackers impress us – these are the things that surprised us last year.

Incident Handler, NCSCKris McConkey, Threat Detection & Response Lead Partner, PwC Technical Director, Incident Management, NCSC

SESSION 714:35 – 15:15

INCIDENT MANAGEMENT: ‘WHO YOU GONNA CALL?’An overview of how the NCSC and UK law enforcement can support organisations who are victims of cyber attacks, to limit the impact on their business and their customers. This session will cover the roles of different public sector bodies, and assurances over the management of victims’ data and commercial sensitivities.

Mike Hulett, Head of Operations, National Cyber Crime Unit, NCA Incident Coordinator, NCSC Deputy Director, Incident Management, NCSC

SESSION 815:55 – 16:35

FUTURE THREATS AND TRENDS: WHAT CYBER HAS IN STOREThe NCSC joins up with experts from industry, academia and law enforcement to contemplate what new and evolving threats will test our collective analysis and response abilities in the years ahead. Is IoT scarier than quantum? Are cities set to outsmart us all? When will AI rule the world? Come with your questions for the panel and see what you make of their powers of prediction.

Head of London Operations, NCSCDeputy Director, Cyber Assessment, NCSCKris McConkey, Threat Detection & Response Lead Partner, PwCHead of Intelligence & Engagement, NCSCNCA RepresentativeProf Jeremy Watson, Professor of Engineering Systems & Vice-Dean of Engineering Sciences, University College London

COUNTERING THE ADVERSARYRoom: Hall 1 Providing cyber security leaders and professionals with an understanding, as well as practical advice around the current cyber threat environment, as observed by the NCSC and its partners.

SPONSORED BY:

STREAM D AGENDA


SESSION 114:00 – 14:40

CYBER LEADERSHIP: TOP TIPS FOR STAFFHow do leaders create the right security environment that will allow their organisations to thrive and grow without stifling innovation and prosperity? Our keynote speakers will share their own personal reflections about balancing risk and operational demands in a modern organisation, drilling down into the major cyber security challenges & issues that keep them awake at night, before expanding on how they’ve gone about addressing some of these.

James Crask, Senior Vice President, MarshClare Gardiner, Director for Engagement, NCSC (Chair)Jon Gilbert, CISO, Department for Education - Operations Group Nat Gudgeon, Cyber Advisor, SecureCloud+Chris Ulliott, CISO, RBS

SESSION 214:50 – 15:30

UNDERSTANDING REGULATIONSHow effective is the current regulatory framework around cyber security and how can we ensure it is fit for the future? This interactive session will consider the impact of current regulation; the incentives in place for organisations to do more on proactive cyber risk management; and where further regulation might be needed to drive improved practices, with opportunities for attendees to hear from regulators and organisations and contribute to the debate.

James De Cort, Data Protection Officer, ASOS Emma Green, Head of Cyber Security Incentives & Regulation, DCMSAlex Holmes, Deputy Director Cyber Security, DCMSGeorge Mudie, CISO, ASOSJames Dipple-Johnstone, Deputy Information Commissioner, ICO

SESSION 316:10 – 16:50

IDENTIFYING RISKS IN SUPPLY CHAINThis interactive panel session will cover risk grouping of suppliers, the need for cyber security clauses in contracts and the use of questionnaires. It will go on to look at the emerging market of aggregators of assessments, vulnerability scanning and advise on the benefits of using Cyber Essentials within your supply chain. Finally, it will cover onsite audits and penetration tests and how to check on improvements in cyber security posture. Find out what companies and government are doing.

Lucy Aldous, Deputy Director, Policy & Strategy, Cabinet OfficeDave Grealis, Operations & Security Director, Delivery Assurance, L3 TRL (Chair)Alex Holmes, Deputy Director Cyber Security, DCMSDeputy Director PS-CNI, NCSCJohn Pringle, Principle Information Assurance Adviser, AWE

SESSION 417:00 – 17:40

STRENGTHENING CYBER RESILIENCE IN THE PUBLIC SECTOR: THE SCOTTISH EXPERIENCEScottish Ministers have set a goal for Scotland’s public sector to be an exemplar in respect of cyber resilience. This session will explore the work done across 180+ public sector organisations to implement the Public Sector Action Plan on Cyber Resilience. Following a presentation from the Scottish Government Cyber Resilience Unit, there will be a panel session with key representatives from the police, health, local authority and education sectors.

DS Nicola Burnett, Police ScotlandPaul Chapman, Head of Public Sector Cyber Resilience, Scottish GovernmentAndy Drought, Head of Cyber Resilience Unit, Scottish GovernmentClare Gardiner, Director for Engagement, NCSC (Chair)Andy Grayland, CISO, Local Government Digital OfficeDeryck Mitchelson, Director of National Digital & Information Security, NHS National Services ScotlandJordan Schroeder, CISO, HEFESTIS


SESSION 511:00 – 11:40

A CASE STUDY: HOW TO WORK WITH SENSITIVE UK CONTRACTS WHILST OPERATING IN A COMPLEX THREAT ENVIRONMENT Security is complex for companies who operate in international markets whilst having to protect the core technology used in national security solutions. L3 TRL provides a case study on the security employed to address these complexities - highlighting industry practice covering the spectrum of development, manufacturing, sustainment, and support. This presentation includes practical examples of the techniques needed to manage access control, insider threat, supply chain security, and governance.

Paul Ruddock, Head of IA & Cryptkey Consultancy, L3 TRL

SESSION 611:50 – 12:30

ACTIVE CYBER DEFENCE: NOW AND THE FUTUREActive Cyber Defence is a key part of the offering of the NCSC. A number of programmes have now been running successfully and in this session, we will explore learning from some of these programmes, with lessons learned highlighted by the programme developers and users in the public sector. As expansion of some ACD services into other sectors is considered, we will explore strategies for broadening into sectors beyond the existing public sector users.

Phil Bassett, Technical Architect, Scottish ParliamentAlan Digman, Departmental IT Security Officer, BEISData Analytics, NCSC DigitalCTO Digital, NCSC (Chair)

SESSION 714:35 – 15:15

IN SEARCH OF RESILIENCE: CHALLENGES IN BUILDING A RESILIENT CULTUREResilience has multiple meanings, and therefore implications, when examined through the lenses provided by the academic literatures on the subject. Each of these definitions have different implications for practice and can be seen to relate to the processes of recovery, robustness, and adaptation. This session considers the implications of the three main approaches to resilience for the development of organisational strategies for the management of crises.

Prof Denis Fischbacher-Smith, Research Chair in Risk & Resilience, University of Glasgow

SESSION 815:55 – 16:35

CYBER SECURITY FOR INDIVIDUALS AND FAMILIES A recent nationwide survey of the public commissioned by the NCSC and DCMS found that 28% had been a victim of cyber crime. As more individuals are falling victim, and many more are worried by daily headlines about cyber attacks, we all need to step up our efforts to protect the public. This session will provide new insights from ground-breaking re-search on people’s attitudes and behaviours towards cyber security and discuss the government’s plans for increasing its support to the public.

Mick Dodge, Cyber PROTECT Network Coordinator, City of London Police Head of Strategic Communications, NCSCNicola Hudson, Director of Communications, NCSCAssistant Director, Cyber Security Communications, DCMS Head of Public Engagement, NCSC

RESILIENCE AND RESISTING ATTACKRoom: M1 Aimed at leaders and cyber security professionals, this stream will provide best practice advice, guidance and tools to help prevent, identify and manage cloud and cyber security risk in organisations and their supply chains, and ensure compliance with regulation.

SPONSORED BY:

STREAM E AGENDA


SESSION 114:00 – 14:40

WHY WE SHOULD ALL CARE ABOUT SAFETY AND CYBER SECURITYThis session sets the scene for Stream E by examining how safety and cyber security are intertwined in many areas of our lives and work today. We will be identifying safety risks that could develop by threat actors exploiting cyber security vulnerabilities. We will be providing both an industry and a government perspective on this topic.

Clare Dobson, Deputy Director, Energy Cybersecurity, BEIS Brian Holliday, Managing Director, Siemens Digital Industries UKDeputy Director, PS-CNI NCSC (Facilitator)

SESSION 214:50 – 15:30

TRITON MALWARE CASE STUDY: FIREEYE, SCHNEIDER ELECTRIC & NCSCThis session will look at a real incident, discussing how the Triton malware was deployed to impact the safety systems of a Critical Asset in 2017. FireEye, who led the investigation, will talk through the attack lifecycle, showing how the attacker moved through the network. Schneider Electric, as the vendor, will present their view of what happened and why.

Dan Caban, Incident Response Manager, Mandiant/FireEyeVictor Lough, Head of UK Business, Schneider ElectricFacilitated by NCSC Operations

SESSION 316:10 – 16:50

INDUSTRIAL INTERNET OF THINGSThe drive to improve efficiency and performance is giving rise to greater convergence of Information Technology (IT) and Operational Technology (OT). Connecting IT and OT gives better performance data and lets operators connect to their equipment from anywhere. This connectivity can involve safety systems, which are not usually designed with security. This talk will show how this connectivity can be exploited to disrupt a real industrial process.

Dr Barney Craggs, University Lecturer, University of BristolJoe Gardiner, University Lecturer, University of BristolDeputy Director, PS-CNI, NCSC (Facilitator) Prof Awais Rashid, Professor of Cyber Security, University of Bristol

SESSION 417:00 – 17:40

SIEMENS AND THE SECRETS OF STUXNET Siemens provide a unique insight into the Stuxnet incident that significantly interrupted the Iranian nuclear programme. This incident utilised vulnerabilities in Siemens hardware and software. This presentation will give you a unique view of the incident, from their perspective. It will cover the activities that were initiated after this compelling event and will include a summary of the holistic security concept (HSC) that Siemens has developed and deployed since the event.

Stefan Woronka, Director, Siemens Industrial Security ServicesFacilitated by an NCSC Senior


SESSION 511:00 – 11:40

CONNECTED AND AUTONOMOUS VEHICLESThe introduction of connectivity and autonomy to the automotive industry is a complex challenge. It’s understood how to design physical impact safety and anti-theft security; but what about cyber safety and security? As boundaries merge and services overlap, who is responsible for setting the minimum standard? Discussing these issues is a panel representing the UK’s interests, sharing their insight and perspective to help us understand this industry.

Andy Davis, Transport Assurance Practice Director, NCC GroupDarren Handley, Policy Lead - Connected & Autonomous Vehicles, Department for Transport Chief Technical Officer, PS-CNI, NCSCRichard Porter, Director Technology & Innovation, Meridian MobilityGraeme Simpson, Engineering Service Lead - Cyber Protection, Roke

SESSION 611:50 – 12:30

WHAT CYBER SECURITY CAN LEARN FROM SAFETYThe Health and Safety Executive (HSE) are including cyber security risks in their inspections and guidance to cover safety and security of supply. They have recently produced guidance for H&S inspectors and conducted trials at several sites. HSE will talk about applying lessons from the safety industry to cyber security, key findings from the trials and inspections, and the challenges that remain. This talk is aimed at decision-makers and those that manage the risk.

Nic Butcher, ECI Specialist Inspector, HSEClare Gardiner, Director for Engagement, NCSC (Facilitator)Sarabjit Purewal, Principal Specialist Inspector, HSE

SESSION 714:35 – 15:15

CRITICAL NATIONAL INFRASTRUCTURE IN SCOTLANDWhilst in Glasgow, seize the opportunity to find out more about what cyber security means for Scottish industry. Chaired by NCSC leadership, we have a Scottish Minister and Scottish Industry able to give you a privileged insight into innovative Scottish cyber security work, including partnerships between government and industry. Be a part of the discussion and bring your questions for the panel.

Kate Forbes, Minister for Public Finance and Digital Economy at Scottish GovernmentClare Gardiner, Director for Engagement, NCSCMark Murphy, Cyber Security Operations Manager, Scottish WaterChris Ulliott, CISO, RBS

SESSION 815:55 – 16:35

RESEARCH AND DEVELOPMENT IN SAFETY AND CYBER SECURITY This presentation will argue that the cyber security of safety-related systems relies on the integration of technical, organisational and human mitigations. The aim is to present current research on ways in which top-down socio-techni-cal approaches to incident analysis and threat identification support and are supported by the lower level, bottom-up insights derived from forensic labs. Our argument will be illustrated by an example from the air traffic industry.

Researcher, Sociotechnical Security Group, NCSC Prof Chris Johnson, Head of Computing, University of GlasgowDeputy Director, PS-CNI, NCSC (Facilitator)

SAFETY AND CYBER SECURITYRoom: Lomond AuditoriumIdentifying threats and vulnerabilities related to safety and cyber-physical systems; how safety and security can complement each other; and the future of IoT and autonomous vehicles.

SPONSORED BY:

STREAM F AGENDA


SESSION 114:00 – 14:40

BUILDING A CYBER SECURITY WORKFORCE: RISING TO THE CHALLENGE OF ENGAGING, EDUCATING, AND ENTHUSING A NEW GENERATION OF CYBER TALENTNorthrop Grumman ask the question, ‘How are we going to meet the government target of 1.2 million new technical and digitally skilled people in the workforce by 2022?’ Hear from an IT teacher, Northrop Grumman’s Chief Executive, Head of Educational Partnerships, and a STEM Ambassador on how the organisation have risen to the challenge of engaging, educating, and enthusing a new generation of cyber talent. They will share successes, explore challenges, and explore why it’s mission critical to capture ability wherever it exists.

Gillian Arnott, International Communications & Marketing Manager, Northrop GrummanNick Chaffey, Chief Executive UK & Europe, Northrop GrummanMartin Peake, Head of Computer Science, Cleeve SchoolKim Reid, Senior Software Engineer, Northrop Grumman

SESSION 214:50 – 15:30

OVERVIEW OF THE NCSC’s COMMERCIAL ASSURANCE SCHEMESA magazine style ‘chat show’ production simply explaining how the NCSC’s Assurance Schemes can help support your wider cyber security strategy and safeguard your business against cyber threats. Our schemes are undergoing a major overhaul and the ‘show’ will take a peek at what the future may hold, how we use our brand and expertise to differentiate quality products and services offered by industry.

Victoria Axon, Security Strategy & Transformation Practice Lead, DXC TechnologyDr Ian Levy, Technical Director, NCSCTony Richards, Group CISO & Head Consultant, Securestorm

SESSION 316:10 – 16:50

PRODUCT ASSURANCE: A DEPENDABLE PROCESS... OR A SERIES OF UNFORTUNATE EVENTS?Interesting stories and unexpected experiences from the world of product assurance, where misunderstandings and misinterpretations can sometimes result in unintended consequences.After an introduction from Chris Ensor, speakers will talk about:• Pentesting networks (NCC Group)• Deploying networks: How assured products are viewed and possible changes to improve security (CISCO)• Smart metering industry: Implementing changes to meet Commercial Product• Assurance (CPA) Security CharacteristicsThere will also be a short brief from Ian Levy on NCSC’s thoughts on the future of product assurance.

Natasha Free, Senior Executive Officer, BEISMark Jackson, Principle Information Assurance Architect, CISCODr Ian Levy, Technical Director, NCSCMatt Trueman, Associate Director, NCC Group

SESSION 417:00 – 17:40

BUILDING THE PROFESSIONThis session will cover:• The current work and progress on establishing a Cyber Security Council to provide thought leadership and speak for

the profession as a whole.• Using the CyBOK (Cyber Security Body of Knowledge) to underpin the profession. Providing vision for its role in

building the profession; its nature as a community endeavour and impact discussed with the aid of case studies.• The future direction of CCP (Cyber Certified Professional Scheme) distinguishing specialists, using the CyBOK as a

basis for the profession.

Cian Galvin - Policy Lead, Cyber Security, DCMSPearl Noble-Mallock, Head of Product and Cyber Security, BAE SystemsMatt Parsons, Head of Cyber Security Skills, DCMS Prof Awais Rashid, Head of Cyber Security, University of Bristol


SESSION 511:00 – 11:40

CYBERFIRSTThis session will showcase the CyberFirst initiative and mainstreaming for the future with some current examples and case studies from government, academia and industry. In addition, DCMS will provide an update on the Interim Cyber Skills Strategy and how CyberFirst fits into the strategy.

Cdr Paul Haines, Youth & Cadets COS, MoDClare Johnson, Head of Cyber Security, University of South Wales Andy Miles, CEO, Think MarbleMatt Parsons, Head of Cyber Security Skills, DCMS David Redwood, Head of Audit & Security, Think Marble

SESSION 611:50 – 12:30

SKILLS AND EDUCATIONHow do we ensure that cyber security education is relevant, interesting, and reaches as many learners as possible? This session will showcase some of the initiatives underway at both school and university level, aimed at students and teachers alike. The session will be interactive, and there are lots of opportunities to become involved in the programmes, helping to ensure their success.

Dr Charles Clarke, Lecturer in Cyber Security, School of Computer Science & Mathematics, Kingston UniversityDr Natalie Coull, Head of Division of Cyber Security, Abertay UniversityDr Phil Legg, Associate Professor in Cyber Security, UWE Emma Williams, Computer Science Teacher, Wyedean SchoolRichard Yorke, Director, Deep3

SESSION 714:35 – 15:15

RESEARCH AND INNOVATIONDCMS will introduce the UK Government’s Science and Technology Strategy for Cyber Security.Professor Pete Burnap, Dr Kevin Jones and Matilda Rhode will share experiences of establishing and collaborating in the Airbus Centre of Excellence in Cyber Security Analytics at Cardiff University.Mariella Thanner will speak about her experiences and life since graduating from the GCHQ Cyber Security Accelerator, and the 7 members of the current cohort will give elevator pitches about their company.

Prof Peter Burnap, Professor of Data Science & Cyber Security, Cardiff UniversitySarah Foster, Cyber Security Research, Science and Technology, DCMSDr Kevin Jones, Head of Cyber Security Architecture, Innovation & Scouting, AirbusMatilda Rhode, Airbus-sponsored PhD Candidate, Cardiff University Mariella Thanner, Co-Founder, CyberSmart

SESSION 815:55 – 16:35

COLLABORATIVE, COHERENT AND INCLUSIVE: SCOTLAND’S APPROACH TO NURTURING CYBER TALENTAn insight into how the Scottish Government is working with its partners to create a cyber security skills development pipeline that is fit for Scotland’s needs. It will shine a light on some of the impactful activities underway that seek to develop a system that values collaboration over competition; that seeks to present clear and coherent learning path-ways into cyber security careers; and that is inclusive and creative in its search for new talent.

Clare El Azebbi, Head of Cyber Resilience Policy, Scottish Government Daniel Sellers, Educational Consultant to Scottish Government

GROWING CYBER IN THE UKRoom: Alsh Developing and maintaining a strong pipeline of skills, talent and assured commercial services to keep the UK at the forefront of the cyber security industry. Explore the ongoing challenges and discuss updates on key initiatives.

SPONSORED BY:

STREAM G AGENDA


LUNCH SESSION12:45 – 13:25Carron

CYBER ATTACK SIMULATIONJoin FireEye and our Mandiant Consulting experts to experience a Cyber Attack Simulation event first hand. See the impact of an attack on an organisation, the level of resource that can be consumed to resolve an attack and the overall potential impact to your business.Utilising team play in an interactive scenario we will help you discover some key best practice behaviours that we should all adopt to best mitigate the risks of a breach.

Mike Trevett, Director, UK&I, FireEye Mandiant

LUNCH SESSION12:45 – 13:25M2&3

CONSUMER IOT SECURITY: NEXT STEPS FOR LEGISLATION AND SECURE BY DESIGNIn October 2018 the UK Government published a Code of Practice for consumer Internet of Things (IoT) security. This Code of Practice provides a set of thirteen IoT security guidelines to help the developers, manufacturers and consumers of IoT. Since then, much of the content has been adopted by a new ETSI Technical Specification, designed to work for European and wider global needs. Discussions on how to encourage and enforce the best practice are now ongoing. This workshop, led by industry experts, will allow attendees to contribute to those discussions. We will seek to answer questions such as: What form should legislation take? How do we provide a path for manufacturers and retailers to comply? How can we build a better portfolio of policy, guidance and tools to support industry to implement best practice and protect consumers?

Carey Huscroft, Cyber Security & Security Research Strategist, HP Labs Jonathan Marshall, Co-Founder, Connect DevicesDavid Rogers, Mobile Technology, Cyber Security & Standards Adviser, DCMS Peter Stephens, Head of Secure by Design, DCMSSenior Security Researcher, NCSC Callum Wilson, Co-Founder, Connect Devices

SESSION 113:45 – 14:40Carron

CYBER DENEntrepreneurs from 12 innovative businesses will participate in a ‘Dragons’ Den’ style competition to crown the best and most innovative ideas. Pitches will be judged by the fearsome Technical ‘Dragons’ from the NCSC, NCC Group and BT.

Judging Panel: Dr Ian Levy, Technical Director, NCSCDeputy Director, Capability, NCSCDavid Stark, Vice President, BT Security Portfolio, BTIan Thomas, Managing Director, NCC Group

SESSION 114:00 – 14:40M2&3

BUILDING AN ECOSYSTEM OF COMMUNICATION APPS THAT ARE INTEROPERABLE AND SECURE BY DESIGN There are several important aspects enterprise users should consider when selecting a communication app, such as reliable data security and auditability. But there is a third aspect that remains unresolved. Just as phone numbers connect enterprise users of different telephony networks, so too should it be possible for users of different communication apps. Following two years of collaborative work, Secure Chorus a not-for-profit membership organisation, serving as a platform for government-industry cooperation in information security, has recently announced the completion of its first set of interoperability standards for encrypted voice calls. This workshop will bring on stage Secure Chorus with like-minded cyber security organisations that have initiated the multi-brand ecosystem of messaging apps that are interoperable and secure by design. The workshop will include a case study presenting a scenario where enterprise users from different organisations were able communicate with ease, reliability and security using different brands of communication apps.

Dan Barnett, Principal Cyber Systems Engineer, Dstl Head of Strategic Technical Industry Relationships, NCSCEd Gillett, Sales & Campaign Delivery Director – Defence, BAE Systems Applied IntelligenceDr Andy Lilly, CTO, Armour CommunicationsJon Turner, Cyber Sales Manager, Leonardo Elisabetta Zaccaria, Chairman, Secure Chorus



IMPORTANCE OF A SHARED DATA MODEL FOR INTELLIGENCE COLLABORATIONWorkshop participants will be given an overview of the challenges, current, and developing solutions associated with Intelligence Collaboration, with a special focus on Data Models. Equipped with insights & lessons learned from around the world, attendees will be empowered tackle their organisations own Intelligence Collaboration challenges, enabling analysts to spend less time in the Collection & Processing phases, and more time in the Analysis & Dissemination phases of the Intelligence Cycle.

Andrew Foster, Senior Threat Intelligence Analyst, EclecticIQ


PASSWORD MANAGERS / HIBPBreaches – they happen. This session presents the NCSC’s current thinking and guidance on password management. We will also discuss some of the ideas we have in the pipeline to help gain awareness of large-scale breaches. This will be an interactive session, with the NCSC looking for audience feedback on what more it could do!

UK Assurance Lead, NCSC

SESSION 316:10 – 16:50M2&3

BITCOIN DEMONSTRATIONWhat is a Cryptocurrency? How does Bitcoin work?Many ransomware attacks ask for payment in cryptocurrencies. Bitcoin was the payment method of choice for the WannaCry perpetrators.If you’ve ever wondered how these currencies work, how they are stored and transferred, come along to this short hands-on demo and we’ll guide you through the process and let you spend some Bitcoin.Places are limited for this session, and will be allocated on a first-come, first-served basis.

Infrastructure Technical Director, NCSC

SESSION 417:00 – 17:40 Carron

NETWORK AND INFORMATION SYSTEMS (NIS) REGULATIONS: THE FIRST YEARNIS is fast approaching its first birthday – how has the first year been? We examine the evolution from the NIS Directive to the Regulations and what it has meant to the Operators of Essential Services and the Competent Authorities. Atkins has accumulated a wealth of experience helping organisations adapt to NISR and this is an opportunity to share that experience and understand the experiences of others. We will look at the impact NISR is having on the cyber resilience of UK CNI, what the challenges are and what the future holds. This was a hot topic last year stimulating extensive debate. The discussions should be even livelier this year now that we are all getting to grips with what NISR actually means.

Ian Buffey, Technical Director, SNC Lavalin’s Atkins Business Campbell Hayden, Principal Security Consultant, SNC Lavalin’s Atkins Business

INTERACTIVE WORKSHOPSPlease check each session for room details The NCSC have worked with sponsors and partners to create a compelling seventh stream, which includes the Cyber Den, presented in partnership with the Department for Digital, Culture, Media and Sport (DCMS).

Lunch to be provided in room


STREAM G AGENDA THURSDAY 25 APRIL 2019


CYBER DENEntrepreneurs from 12 innovative businesses will participate in a ‘Dragons’ Den’ style competition to crown the best and most innovative ideas. Pitches will be judged by the fearsome Technical ‘Dragons’ from the NCSC, NCC Group and BT.

Dr Ian Levy, Technical Director, NCSCDeputy Director, Capability, NCSCDavid Stark, Vice President, BT Security Portfolio, BTIan Thomas, Managing Director, NCC Group

SESSION 511:00 – 11:40M2&3

VULNERABILITY DISCLOSURENCSC are working with central government departments to establish individual Vulnerability Disclosure Programs that provide an easy to use route to report a vulnerability, have it triaged, and ultimately have it remediated.This workshop will focus on how NCSC are helping the UK adopt a mature and scalable approach to vulnerability disclosure. It will include presentations and a technical panel to discuss Vulnerability Disclosure Programs and is aimed at those wishing to learn about building a Vulnerability Disclosure Program and central government departments who are interested in participating in the NCSC Vulnerability Disclosure Coordination Pilot.

Kirsty Alsop, EMEA Program Success Manager, HackerOneSam Gold, Enterprise Account Executive, HackerOneLaurie Mercer, Solution Engineer, HackerOneVulnerability Disclosure Lead, NCSCAdam Ruddermann, Director, Bug Bounty Services, NCC Group


IMPROVING RISK MANAGEMENT AND ESCAPING THE METRICS MATRIX: DECONSTRUCTING THE RED AND BLUE TEAMSCompTIA research has shown that cyber security professionals and their organisations struggle to create, customise and use meaningful, real-world metrics. As a result, it is difficult for them to show progress. They also struggle to provide useful cost justifications for security controls, headcount and foundational security procedures.Join Dr Stanger to learn more about customising metrics using various teams, including ‘red’, ‘blue’ as well as end user and technical support.

James Stanger, Chief Technology Evangelist, CompTIA

LUNCH SESSION12:45 – 13:25Alsh

PROTECTIVE DNS NEW FEATURE LAUNCH: REPORTING, LOGS & SIEM INTEGRATIONThis workshop will provide an overview of the brand new PDNS customer dashboard, available reporting, how it could fit into an organisation’s SIEM, user testimonials and opportunity for Q&A. It will explore:• How customers can monitor the health of their network with PDNS• What to do if reporting identifies possible issues• How dashboard data & reporting can be integrated into their SIEM

Service Owner, NCSCCarys Lindsay, Customer Success Manager, NominetJames Richards, Chief DNS Analyst, Nominet

LUNCH SESSION12:45 – 13:25Carron

LIVE HACK DEMONSTRATION: INSIDE THE MIND OF A HACKERBusinesses in critical industries continue to be a key target for cyber breaches. Risk factors such as third-party access, limited IT and security resources, staff and no specific regulated guardrails for cybersecurity policies and procedures. While new vulnerabilities present new vectors to target, attack techniques remain fundamentally the same: discover, analyse, attack and exploit. Watch as a hacker shows you how they find a way through your defences and steal your critical assets.

Alex Feick, Senior Security Architect, eSentire IncMark Sangster, VP & Industry Security Advocate, eSentire IncMike StJohn-Green, Independent Cyber Security Consultant


LUNCH SESSION12:45 – 13:25M2&3

BUILDING AND QUESTIONING REALISTIC VIRTUAL ENVIRONMENTSThis workshop will look to provide a hands-on opportunity to work with modelling tools to build and question realistic networks. It will cover the basics of the Emulytics toolkit, guiding participants through generating basic networks by hand and with automated tools. This will expand to look at common network topologies and how they are created with the toolkit. The session will close by looking at the kinds of common questions that users ask of the system and how those results can be achieved using Emulytics.The workshop will be supported by experts with the toolkit from the NCSC and Sandia National Laboratories.

Dr David Fritz, Principal Member of Technical Staff, Cyber Security Research & Development, Sandia National LaboratoriesCaleb Loverro, Principal Member of Technical Staff, Cyber Security Research & Development, Sandia National LaboratoriesDr Vincent Urias, Principal Member of Technical Staff, Cyber Security Research & Development, Sandia National Laboratories Support given by NCSC


HACKING EXPOSED. STORIES FROM THE FRONTLINE: LESSONS LEARNT IN RESPONDING TO THE MOST ADVANCED CYBER ATTACKSCrowdStrike continues to expose unprecedented efforts by highly sophisticated adversaries targeting and in some cases, selectively leaking information stolen from sensitive government, corporate and private networks.In this session, CrowdStrike will lift the lid on the alarming new trends observed in the global threat landscape – emanating from Iran, North Korea, Russia and beyond, and discuss the evolving best practices proving most successful against criminal, hacktivist & nation-state adversaries.• The current threat landscape – real life examples of the extraordinary tradecraft routinely employed to steal state

secrets, gain access to critical infrastructure or poach valuable intellectual property• How nation-state threats are crafted and how their Tactics, Techniques, and Procedures (TTPs) are infiltrating the

corporate world in the form of advanced attacks• Who are the most notable adversaries in 2019 and the key European security themes based on the latest threat intel

uncovered by CrowdStrike’s global intelligence operation• What are the indicators of attack and how you can apply them to defeat the adversary?

John Titmus, Director Security Engineering, CrowdStrike


ALL YOU NEED TO KNOW ABOUT LOGGING MADE EASY (LME)NCSC, alongside Renfrewshire Council and Creative Scotland, will step through the development of the Logging Made Easy project, where the project is today and how CYBERUK19 delegates can get involved in the future.This workshop will talk about the need for the project within small to medium scale deployments and how the Cabinet Office funded Logging Made Easy project can provide massive impact with little investment. Combined with anecdotes of real-world implementations, real-world impact, live-demos and QA sessions, the workshop aims to be a one-stop shop for LME.

Duncan Atkin, Senior Security Consultant, NCC GroupGavin McMenemy, ICT Engineer, Creative ScotlandCarol Peters, Cyber Security Architect, Renfrewshire Council Technical Security Architect, NCSC

SESSION 815:55 – 16:35M2&3

DEVELOPING A DIVERSE CYBER WORKFORCEEffective diversity and inclusion are important to every organisation operating in the cyber security industry. It ensures people stay within cyber security and perform at their best. In this workshop, the NCSC will discuss where they have been successful with diversity and inclusion but will also be honest about where they still have further to travel.Attendees are be invited to share examples of good practice from their own organisations that can be taken forward by other organisations in the cyber security industry, so that together we can create a more diverse and inclusive sector.

Deputy Director, PS-CNI, NCSC




programme at a glance – day 1 2019 draft agenda...resilience and resisting attack (m1) safety and...

Documents