Compliance shouldn’t feel like speed‑dating for security standards, yet most organisations are juggling ISO 27001, Cyber Essentials, NIST, SOC 2, PCI, and whatever new acronym appeared last Tuesday.

The result?

Confusion, duplicated effort, and a security team quietly questioning their life choices.

In this talk, we cut through the chaos. I’ll show you how all these standards overlap far more than they admit, how to stop treating them like Pokémon you have to collect, and how choosing one well‑designed framework can simplify everything.

You’ll leave with a clear, practical method for mapping requirements, reducing workload, and building a security baseline that actually works, without needing a second coffee just to read the guidance.

Jake lifts the lid on the darker side of artificial intelligence, taking you deep into the criminal underworld powered by today’s most advanced technology. In the name of research, he used AI driven face-swapping tools to pass a live video job online interview under a completely false identity.

Not once, but repeatedly. Through these real-world experiments, Jake reveals how powerful AI tools are already being weaponised by criminals to infiltrate organisations from the inside, bypassing traditional security and exploiting human trust. But it doesn’t stop there. With the same tools now widely available, Jake demonstrates how AI can clone voices, generate convincing documents and create fake identities in seconds, giving cybercriminals everything they need to scale deception like never before. Nothing is real anymore.

The question is, would you spot it?

Modern application security programmes still rely heavily on reactive scanning, manual triage, and late-stage validation. While “shift left” has become widely adopted in principle, most tooling still operates as pattern-matching engines rather than contextual security testers. This talk explores how agentic AI changes that model. Instead of signature-driven scanning, autonomous agents can reason about application behaviour, model intent, adapt to responses, and pursue exploit paths in a goal-driven manner. This enables continuous offensive validation earlier in the SDLC, reducing feedback loops and surfacing real, reproducible risk rather than theoretical findings.

Attendees will learn:
•    Why traditional DAST and SAST approaches struggle to truly shift left
•    What “agentic” testing means in practical AppSec terms
•    How autonomous reasoning differs from payload spraying and rule matching
•    Where AI excels in early lifecycle testing
•    Where human testers remain essential
•    How to safely operationalise AI-driven testing in CI/CD pipelines
•    Governance considerations when deploying autonomous offensive systems

The session will include real-world testing examples, detection comparisons, and a practical framework for integrating agentic AI into modern AppSec workflows without increasing noise or operational risk.

With just one cyber security professional for every 68 UK businesses, the competition for security talent is fierce. Join experts from Socura and iProov as they break down the findings of Socura’s latest employment trends report—"A Wave in Cyber"—an analysis of ONS data, and discuss why partnering with a Managed Detection and Response (MDR) provider is the preferred option for many organisations to access the talent they need to keep pace with threats.

Supply chains have become the largest attack surface in cybersecurity — yet many organisations still rely on static, compliance-driven third-party risk management approaches that fail to reflect how modern ecosystems actually operate.

This session explores the shift towards Active Supply Chain Security (ASCS) — a continuous, network-driven model designed to deliver real-time visibility, proactive risk response, and collective defence across interconnected supplier ecosystems. Learn how organisations are moving from fragmented, point-in-time assessments to a collaborative approach that uncovers systemic risk, reduces supplier fatigue, and strengthens resilience across every link in the chain.

Key takeaways from the session:

• Why traditional TPRM no longer works: Static, compliance-driven approaches fail to address the complexity, speed, and interconnected nature of modern supply chains — leaving organisations exposed to systemic and nth-party risks.
• What Active Supply Chain Security looks like in practice: A shift towards continuous visibility, network-driven insight, and collaborative defence that enables organisations to detect emerging threats and respond proactively.
• How organisations can strengthen resilience across the ecosystem: Standardisation at scale, shared supplier intelligence, and collective action reduce supplier fatigue while giving CISOs and security teams a clearer, real-time view of risk across every link in the chain.

Modern applications and APIs are evolving faster than ever, driven by rapid release cycles, new integrations, and changing business logic. While this pace enables innovation, it also challenges traditional approaches to application and API security that were designed for more static environments.

This session explores the shift toward pre-emptive, proactive offensive security where organisations continuously attack their own applications and APIs with AI that behaves like a real adversary. Through continuous testing, exploitable risk can be realised as applications evolve, rather than after the fact.

Attendees will gain a practical perspective on how continuous, AI-driven offensive security fits into modern security strategies, what problems it is best suited to solve, and why security leaders must move away from a reactive approach to defense.