An unmissable part of National Cyber Security Show, our high-level Cyber Conference features keynotes, interactive discussion panels and content sessions through which you'll uncover the new age of threats and strategies to mitigate upcoming threats to the UK's cyber security. Learn best practice guidance for managing and securing the digital supply chain.
Arup experienced a deepfake social engineering attack in 2023 which lead to the loss of 25 million GBP. In this session, learn about the incident at a high level and how it occurred. You can also learn about the key steps of the attack and how Arup responded, as well as an outline of what was learned and how others can learn from the mistakes made.
A brief overview of the key changes to Cyber Essentials scheme from April 2026, including the introduction of mandatory Multi-Factor Authentication (MFA) and a 14-day patching rule. The talk will also cover clearer scoping rules, and stricter processes for CE Plus assessments, ensuring greater consistency and accuracy in compliance.
As cyber threats evolve at unprecedented speed, the greatest vulnerability - and the greatest opportunity - remains the human layer. This panel brings together leaders in security, workforce development and organisational culture to explore how the industry can overcome the persistent talent gap and build a resilient, future-ready workforce.
The discussion will examine the full talent pipeline: from inspiring early-career entrants and upskilling mid-career professionals to retaining experienced specialists in an increasingly competitive marketplace. Panellists will address the barriers preventing new talent from entering the sector, the skills most needed for tomorrow’s threat landscape, and the practical steps organisations can take to embed continuous learning.
Crucially, the session will shine a spotlight on culture - how businesses can foster environments that encourage curiosity, psychological safety and shared responsibility for security. With human behaviour often the deciding factor in breach prevention, the panel will explore why culture is not just a “nice to have”, but a foundational pillar of effective cyber resilience.
The question is whether it’s still changing behaviour, or just generating better metrics.
In this session, Neil Frost, CEO of Bob’s Business, shares hard-earned lessons from two decades at the frontline of security awareness. Not tools. Not theory. Patterns. Neil will explore why mature programmes often plateau, how box-ticking quietly replaces judgement, and what genuinely high-performing security cultures do differently once the basics are “done”.
This is a candid session for security teams who already know awareness matters and want it to actually hold up over 20 years.
Before you invest further, ensure you’re extracting the full potential from what you already have.
In this session, Tom Morgan, co-founder of Morgan Cyber Solutions, guides IT leaders through the critical layers of the networking stack. He will explain, in clear, non-technical terms, how correct configuration genuinely protects and empowers business. This is not a technical deep-dive; it is a leadership checklist designed to help you challenge assumptions, unlock return on existing investments, and reduce risk.
You will leave empowered to:
Recognise the overlooked fundamentals that most commonly lead to security breaches, outages and wasted investment.
Ask the right questions and set clear expectations so your teams deliver secure and reliable infrastructure with a measurable ROI.
An understanding of the S.U.R.E methodology and how it is used during project planning, execution and operations.
In a sector as competitive as cyber, technical expertise alone isn’t enough. Leaders need to communicate with clarity, build trust quickly, and stand out in a crowded marketplace. Yota’s talk shows cyber professionals how to leverage personal branding as a strategic business tool, one that drives visibility, strengthens client relationships, and opens doors to new opportunities.
Explore how the adoption of artificial intelligence is reshaping DevSecOps practices across the software development lifecycle. From automated code analysis and vulnerability detection to intelligent threat modelling and real-time incident response, AI is changing how security is embedded into development and operations. A look at how AI-driven tools can accelerate deployment, reduce human error, and improve security outcomes, as well as the new challenges they introduce around governance, trust, skills, and accountability.
This session looks at how changes in cyber law, the use of AI, emerging quantum technologies, and growing demands around digital sovereignty are starting to impact UK organisations in day-to-day decision-making. Drawing on experience working directly with boards, it highlights where senior leaders are increasingly accountable, where existing governance arrangements are under strain, and why these issues now sit firmly outside the IT function. The aim is to create an informed and practical discussion about what needs attention now to safeguard data, protect organisational credibility, and remain resilient in an increasingly complex operating environment.
While cyber security awareness is now important for almost everyone, it is often presented in a manner that struggles to engage a wider audience, with an uphill battle to promote a topic that they don’t necessarily want to know about in the first place. One means of addressing this is through gamifying the experience. However, while various cyber security games have been created, they sometimes require an investment of time that many people don’t have and/or need prior cyber knowledge to play or facilitate them. What may be preferable are short-form activities that can provide a foundation for later discussion. This session describes and demonstrates interactive activities that have been designed to provide such a provocation of interest, helping to make initial cyber engagement and awareness more fun. These include the fairground-style Hacker Whacker and the adversarial game of Cyber Defence Dice. The session will explain and demonstrate the games … and may even let you play them.
Traditional cyber security tools cannot keep up with today’s threats. We will explore why layered products fail – and how a unified platform, built on zero trust, least privilege and AI-powered automation, redefines modern defence. Learn how seamless access control, real-time threat response and machine-level protection come together to secure every user, device and session.
Recent developments in cyber security policy, including new Codes of Practice, updated frameworks and the Cyber Security and Resilience Bill, reflect a growing emphasis on resilience, governance and risk management. As regulatory expectations continue to evolve, what are the implications for the sector? This panel will explore the practical and strategic impacts of recent policy developments and consider how organisations can position themselves to respond effectively to the future direction of cyber policy.
The pace of change is rapid, breaches can go from one user to a business wide security risk in a matter of moments. This session challenges leaders to rethink how leaders today must evolve their incident response strategies to keep up with the pace of modern threats, and the role of proactive penetration testing plays in exposing hidden attack paths, including how AI is redefining the way bad actors move through organisations.
In Gray zone Warfare: From IT Systems to OT Effects, Ian Thornton‑Trump CD examines how modern cyber conflict operates in the space “between peace and war,” where adversaries pursue strategic advantage without crossing traditional thresholds of armed conflict. Using his established insights into hybrid warfare and cyber‑physical risk, Thornton‑Trump reveals how attacks that begin in enterprise IT environments increasingly cascade into operational technology (OT), critical infrastructure, and industrial control systems. This session presents cyber incidents as components of intentional Gray Zone campaigns that blend espionage, disruption, economic coercion, and psychological pressure. Thornton‑Trump demonstrates how weaknesses in identity systems, supply chains, governance, and security visibility are exploited to bridge IT and OT, turning digital access into real‑world consequences—including safety risks, service disruption, and national‑level instability. Ultimately, this presentation challenges leaders and security professionals to view cyber defence as a matter of operational safety and geopolitical reality—recognizing and countering Gray Zone activity before IT compromise becomes irreversible OT impact.
Securing the Internet of Things: Challenges and Solutions explores the rapidly expanding IoT landscape and the critical security challenges it presents, including device vulnerabilities, insecure communication, and lack of standardisation. This session will highlight real-world case studies of IoT security breaches, discuss emerging threats such as IoT botnets, and provide actionable solutions like secure device design, encryption, and regulatory frameworks.
Attendees will gain valuable insights into best practices for safeguarding IoT ecosystems and fostering a secure, connected future.
- Mainframe history, prevalence, and status as critical national infrastructure silently powering the UK economy
- High-level overview of the mainframe attack surface
- Insight into common risks and impacts discovered as part of mainframe testing
- Suggestions for risk reduction via enhanced, comprehensive mainframe assessment regimens
WiFi can be used as a biometric because the human body subtly changes radio signals as we move. These changes, captured as Channel State Information (CSI) by ordinary WiFi devices, contain distinctive patterns related to how people walk, move, and occupy space.
Research shows that an individual’s gait can be identified with high accuracy using machine‑learning models, providing a contactless alternative to cameras and wearables. In this talk, we explore what WiFi can and cannot do for identification and recognition, and discuss the associated limitations and privacy concerns.
.png)
.png){kind=logo}
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)
)