Supply chains have become the largest attack surface in cybersecurity — yet many organisations still rely on static, compliance-driven third-party risk management approaches that fail to reflect how modern ecosystems actually operate.

This session explores the shift towards Active Supply Chain Security (ASCS) — a continuous, network-driven model designed to deliver real-time visibility, proactive risk response, and collective defence across interconnected supplier ecosystems. Learn how organisations are moving from fragmented, point-in-time assessments to a collaborative approach that uncovers systemic risk, reduces supplier fatigue, and strengthens resilience across every link in the chain.

Key takeaways from the session:

• Why traditional TPRM no longer works: Static, compliance-driven approaches fail to address the complexity, speed, and interconnected nature of modern supply chains — leaving organisations exposed to systemic and nth-party risks.
• What Active Supply Chain Security looks like in practice: A shift towards continuous visibility, network-driven insight, and collaborative defence that enables organisations to detect emerging threats and respond proactively.
• How organisations can strengthen resilience across the ecosystem: Standardisation at scale, shared supplier intelligence, and collective action reduce supplier fatigue while giving CISOs and security teams a clearer, real-time view of risk across every link in the chain.

Sean takes a look at the impact of AI in cyber security, discussing the current state of play, the human cost, agentic AI, the future for security operations and what needs to change.

As cyber leaders grapple with an evolving threat landscape, payments organisations face a unique challenge: identifying and stopping fraud before damage occurs. This panel 
explores how AI and machine learning can move beyond theoretical models to indicators of fraud behaviour in live payments systems.

Discussion points:

• How can AI models be operationalised to detect real-time fraud typologies in faster payments?
• What are the biggest barriers in integrating agentic AI into existing fraud engines and SIEM platforms?
• Balancing model explainability with performance: when should leadership accept ‘black box’ models and when not?
• Lessons from incident response: what successful AI-augmented detection looked like in practice.

Security awareness often ends up as a poster on the wall or a piece of mandatory training that people forget. It is frustrating when you put in the effort and the behaviour you hoped to influence doesn’t shift. Many teams feel stuck at this point, unsure how to make their programme truly matter.

With just one cyber security professional for every 68 UK businesses, the competition for security talent is fierce. Join experts from Socura and iProov as they break down the findings of Socura’s latest employment trends report—"A Wave in Cyber"—an analysis of ONS data, and discuss why partnering with a Managed Detection and Response (MDR) provider is the preferred option for many organisations to access the talent they need to keep pace with threats.

Step inside the seedy underworld of cyber crime, where stolen identities, hijacked inboxes and VPN logins are traded like business leads. In Cyber Crime Unmasked, Huntress Sales Engineer Alex Hitchen goes undercover into the modern cyber crime economy - pulling back the curtain on how attackers really operate, and how you can shut them down before they cash out.

You’ll follow the money trail from that first “harmless” phishing email through Business Email Compromise (BEC), session token theft and Ransomware‑as‑a‑Service. Along the way, Alex will decode the roles of initial access brokers, affiliates and ransomware operators. This will include how the same playbooks that fuel their profits can be used against them with the right visibility and response.

A brief overview of the key changes to Cyber Essentials scheme from April 2026, including the introduction of mandatory Multi-Factor Authentication (MFA) and a 14-day patching rule. The talk will also cover clearer scoping rules, and stricter processes for CE Plus assessments, ensuring greater consistency and accuracy in compliance.

While cyber security awareness is now important for almost everyone, it is often presented in a manner that struggles to engage a wider audience, with an uphill battle to promote a topic that they don’t necessarily want to know about in the first place. One means of addressing this is through gamifying the experience. However, while various cyber security games have been created, they sometimes require an investment of time that many people don’t have and/or need prior cyber knowledge to play or facilitate them.  What may be preferable are short-form activities that can provide a foundation for later discussion. This session describes and demonstrates interactive activities that have been designed to provide such a provocation of interest, helping to make initial cyber engagement and awareness more fun. These include the fairground-style Hacker Whacker and the adversarial game of Cyber Defence Dice. The session will explain and demonstrate the games … and may even let you play them.

As the security perimeter dissolves into a borderless and identity-driven landscape, managed service providers face a dual challenge; defending customers against increasingly sophisticated "log-in" breaches while maintaining operational efficiency in the SOC. When attackers move with legitimate credentials, traditional siloed alerts often fail to provide the context required for a rapid response, leading to "swivel-chair" fatigue and extended dwell times.

This session is designed for MSSP and lean security teams looking to bridge the "Identity Gap," the lethal space between network telemetry and user behavior. We will explore how a more integrated architectural approach can transform service outcomes. By fusing Identity-aware Network Detection and Response with an open framework, and Autonomous SOCs, providers can move away from manually stitching together data toward a single, cohesive view of the threat landscape.

The threat landscape has evolved, and backup alone is no longer enough. Today’s cyberattacks are faster, more targeted, and costlier than ever. Organisations need to move beyond reactive strategies and embrace a full-circle approach to security: Detection, Protection, and Recovery, all unified in one platform.
 
The value of cyber resilience is no longer just about data recovery, it’s about business continuity and risk mitigation in real-time.

The question is whether it’s still changing behaviour, or just generating better metrics.

In this session, Neil Frost, CEO of Bob’s Business, shares hard-earned lessons from two decades at the frontline of security awareness. Not tools. Not theory. Patterns.
Neil will explore why mature programmes often plateau, how box-ticking quietly replaces judgement, and what genuinely high-performing security cultures do differently once the basics are “done”.

This is a candid session for security teams who already know awareness matters and want it to actually hold up over 20 years.

In Gray zone Warfare: From IT Systems to OT Effects, Ian Thornton‑Trump CD examines how modern cyber conflict operates in the space “between peace and war,” where adversaries pursue strategic advantage without crossing traditional thresholds of armed conflict. Using his established insights into hybrid warfare and cyber‑physical risk, Thornton‑Trump reveals how attacks that begin in enterprise IT environments increasingly cascade into operational technology (OT), critical infrastructure, and industrial control systems. This session presents cyber incidents as components of intentional Gray Zone campaigns that blend espionage, disruption, economic coercion, and psychological pressure. Thornton‑Trump demonstrates how weaknesses in identity systems, supply chains, governance, and security visibility are exploited to bridge IT and OT, turning digital access into real‑world consequences—including safety risks, service disruption, and national‑level instability. Ultimately, this presentation challenges leaders and security professionals to view cyber defence as a matter of operational safety and geopolitical reality—recognizing and countering Gray Zone activity before IT compromise becomes irreversible OT impact.

Hackers today rarely "hack in" like the movies. More often, they phish, steal credentials, and log in through the front door. This presentation explains how modern attacks use deception, fake login pages, and compromised identities to gain access-proving that the biggest cyber risk is often trust, not technology.

Before you invest further, ensure you’re extracting the full potential from what you already have.

In this session, Tom Morgan, co-founder of Morgan Cyber Solutions, guides IT leaders through the critical layers of the networking stack. He will explain, in clear, non-technical terms, how correct configuration genuinely protects and empowers business. This is not a technical deep-dive; it is a leadership checklist designed to help you challenge assumptions, unlock return on existing investments, and reduce risk.

You will leave empowered to:

• Recognise the overlooked fundamentals that most commonly lead to security breaches, outages and wasted investment.
• Ask the right questions and set clear expectations so your teams deliver secure and reliable infrastructure with a measurable ROI.
• An understanding of the S.U.R.E methodology and how it is used during project planning, execution and operations.

The CISO role is at an inflection point. Fewer businesses feel they need one; a capable CTO, CIO, or Head of Security can increasingly cover the ground. Remuneration has stalled, the senior market has compressed, and AI is quietly absorbing work the industry once considered irreplaceable. So what comes next for cyber security leaders - and for the wider pipeline of talent behind them?

In this 30-minute Q&A, Christian Toon and Will Poole take an honest look at where cyber leadership is heading. Christian shares his view on the dwindling CISO market and the paths to reinvention - from head-of-function roles and fractional advisory to working alongside (and policing) AI. Will broadens the lens to the wider talent pain points and the rise of AI agents stepping into roles humans used to fill. Practical, candid, and occasionally uncomfortable.

As networks expand and threats accelerate, the old divide between networking and security is no longer sustainable. This fast-paced session reveals how HPE’s AI-native, edge-to-cloud security architecture—powered by Integral Security, Unified SASE, and hybrid mesh firewalls—enables organisations to protect users, devices, and applications with unprecedented simplicity and precision.

You’ll see how identity-based Zero Trust, shared visibility, and AI-driven operations converge to deliver stronger protection, lower cost, and radically improved user experiences. Real-world results—like 60% cost reductions, faster deployments, and industry-leading threat efficacy—show what’s possible when security becomes integral to the network itself.

If you’re looking to modernise your security posture, streamline operations, or prepare your organisation for an AI-driven future, this session gives you the clarity and direction to take the first step.

A short introduction to the day from our theatre host David McGrath.

In this session, we'll discuss the security implications of browser use and how Kasm Workspaces can make those issues a thing of the past.

Explore KnowBe4's strategic partnership with Microsoft and how our integrated approach strengthens your security posture (technical controls and human intervention). Discover how our HRM platform complements the Microsoft ecosystem.  We will cover the type of sophisticated attacks that are missed by 365 but caught by KnowBe4, how we prevent human error, the use of agentic AI to train your team, the MS industry benchmarking report and why we have less duplication than any of our competitors, and proven strategies that will measurably lower your organisational risk score.

Recent developments in cyber security policy, including new Codes of Practice, updated frameworks and the Cyber Security and Resilience Bill, reflect a growing emphasis on resilience, governance and risk management. As regulatory expectations continue to evolve, what are the implications for the sector? This session will explore the practical and strategic impacts of recent policy developments and consider how organisations can position themselves to respond effectively to the future direction of cyber policy.

This session looks at how changes in cyber law, the use of AI, emerging quantum technologies, and growing demands around digital sovereignty are starting to impact UK organisations in day-to-day decision-making. Drawing on experience working directly with boards, it highlights where senior leaders are increasingly accountable, where existing governance arrangements are under strain, and why these issues now sit firmly outside the IT function. The aim is to create an informed and practical discussion about what needs attention now to safeguard data, protect organisational credibility, and remain resilient in an increasingly complex operating environment.

A talk about physical tools on unattended networks, which will lead to analogic access that escalates directly to the cloud.

When a cyber breach hits, the difference between control and chaos is measured in seconds.

Drawing on frontline investigative experience and surviving the 2004 Asian tsunami, this talk reveals how the same crisis behaviours that determined survival in the Indian Ocean determine outcomes when your business is on the line.

Securing the Internet of Things: Challenges and Solutions explores the rapidly expanding IoT landscape and the critical security challenges it presents, including device vulnerabilities, insecure communication, and lack of standardisation. This session will highlight real-world case studies of IoT security breaches, discuss emerging threats such as IoT botnets, and provide actionable solutions like secure device design, encryption, and regulatory frameworks.

Attendees will gain valuable insights into best practices for safeguarding IoT ecosystems and fostering a secure, connected future.

Modern application security programmes still rely heavily on reactive scanning, manual triage, and late-stage validation. While “shift left” has become widely adopted in principle, most tooling still operates as pattern-matching engines rather than contextual security testers. This talk explores how agentic AI changes that model. Instead of signature-driven scanning, autonomous agents can reason about application behaviour, model intent, adapt to responses, and pursue exploit paths in a goal-driven manner. This enables continuous offensive validation earlier in the SDLC, reducing feedback loops and surfacing real, reproducible risk rather than theoretical findings.

Attendees will learn:
•    Why traditional DAST and SAST approaches struggle to truly shift left
•    What “agentic” testing means in practical AppSec terms
•    How autonomous reasoning differs from payload spraying and rule matching
•    Where AI excels in early lifecycle testing
•    Where human testers remain essential
•    How to safely operationalise AI-driven testing in CI/CD pipelines
•    Governance considerations when deploying autonomous offensive systems

The session will include real-world testing examples, detection comparisons, and a practical framework for integrating agentic AI into modern AppSec workflows without increasing noise or operational risk.

AI is transforming the way we work, defend, attack, and innovate - but without the right guardrails, it can just as easily become our biggest liability. Join me for a fast‑paced, myth‑busting session that cuts through the hype and exposes the real security risks hidden behind the AI revolution. We’ll explore why good governance isn’t a blocker but the secret sauce for safe, scalable AI adoption. Whether you’re a techie, a business leader, or an academic, you’ll walk away with fresh insights, practical takeaways, and a few laughs - plus a sharper view of how to stay ahead in the age of intelligent machines.

- Mainframe history, prevalence, and status as critical national infrastructure silently powering the UK economy
- High-level overview of the mainframe attack surface
- Insight into common risks and impacts discovered as part of mainframe testing
- Suggestions for risk reduction via enhanced, comprehensive mainframe assessment regimens

Modern applications and APIs are evolving faster than ever, driven by rapid release cycles, new integrations, and changing business logic. While this pace enables innovation, it also challenges traditional approaches to application and API security that were designed for more static environments.

This session explores the shift toward pre-emptive, proactive offensive security where organisations continuously attack their own applications and APIs with AI that behaves like a real adversary. Through continuous testing, exploitable risk can be realised as applications evolve, rather than after the fact.

Attendees will gain a practical perspective on how continuous, AI-driven offensive security fits into modern security strategies, what problems it is best suited to solve, and why security leaders must move away from a reactive approach to defense.

Compliance shouldn’t feel like speed‑dating for security standards, yet most organisations are juggling ISO 27001, Cyber Essentials, NIST, SOC 2, PCI, and whatever new acronym appeared last Tuesday.

The result?

Confusion, duplicated effort, and a security team quietly questioning their life choices.

In this talk, we cut through the chaos. I’ll show you how all these standards overlap far more than they admit, how to stop treating them like Pokémon you have to collect, and how choosing one well‑designed framework can simplify everything.

You’ll leave with a clear, practical method for mapping requirements, reducing workload, and building a security baseline that actually works, without needing a second coffee just to read the guidance.

Jake lifts the lid on the darker side of artificial intelligence, taking you deep into the criminal underworld powered by today’s most advanced technology. In the name of research, he used AI driven face-swapping tools to pass a live video job online interview under a completely false identity.

Not once, but repeatedly. Through these real-world experiments, Jake reveals how powerful AI tools are already being weaponised by criminals to infiltrate organisations from the inside, bypassing traditional security and exploiting human trust. But it doesn’t stop there. With the same tools now widely available, Jake demonstrates how AI can clone voices, generate convincing documents and create fake identities in seconds, giving cybercriminals everything they need to scale deception like never before. Nothing is real anymore.

The question is, would you spot it?

Traditional cyber security tools cannot keep up with today’s threats. We will explore why layered products fail – and how a unified platform, built on zero trust, least privilege and AI-powered automation, redefines modern defence. Learn how seamless access control, real-time threat response and machine-level protection come together to secure every user, device and session.

As cyber threats evolve at unprecedented speed, the greatest vulnerability - and the greatest opportunity - remains the human layer. This panel brings together leaders in security, workforce development and organisational culture to explore how the industry can overcome the persistent talent gap and build a resilient, future-ready workforce. 

The discussion will examine the full talent pipeline: from inspiring early-career entrants and upskilling mid-career professionals to retaining experienced specialists in an increasingly competitive marketplace. Panellists will address the barriers preventing new talent from entering the sector, the skills most needed for tomorrow’s threat landscape, and the practical steps organisations can take to embed continuous learning.

Crucially, the session will shine a spotlight on culture - how businesses can foster environments that encourage curiosity, psychological safety and shared responsibility for security. With human behaviour often the deciding factor in breach prevention, the panel will explore why culture is not just a “nice to have”, but a foundational pillar of effective cyber resilience.

The pace of change is rapid, breaches can go from one user to a business wide security risk in a matter of moments. This session challenges leaders to rethink how leaders today must evolve their incident response strategies to keep up with the pace of modern threats, and the role of proactive penetration testing plays in exposing hidden attack paths, including how AI is redefining the way bad actors move through organisations.

Explore how the adoption of artificial intelligence is reshaping DevSecOps practices across the software development lifecycle. From automated code analysis and vulnerability detection to intelligent threat modelling and real-time incident response, AI is changing how security is embedded into development and operations. A look at how AI-driven tools can accelerate deployment, reduce human error, and improve security outcomes, as well as the new challenges they introduce around governance, trust, skills, and accountability.

Networks and communities elicit value for so many. Join the SASIG's Martin Smith MBE, Liz Murray and members of the SASIG community as they discuss their experience of communities, value for helping cyber professionals gain understanding of best practice, help deliver supply chain security and provide vital points of contact when a cyber incident happens. 

Small businesses are buying security tools at an astonishing rate- EDR, SIEM, MDM, email filters, threat intel feeds, and anything else a vendor can demo in under 20 minutes.

But more tools don’t automatically mean more security. In fact, over‑tooling often creates the opposite: desensitisation, budget drain, no integration, analysis paralysis, and a false sense of safety.

This talk explores why so many organisations end up with a sprawling toolset that nobody has the time, skills, or processes to manage, and how to break that cycle. We’ll look at the common pitfalls, how to invest smartly, and how to ensure every tool you buy actually delivers value. Most importantly, we’ll explore a practical alternative: understanding your risks, assets, and requirements first, so you only buy tools that genuinely solve a problem.

Honest, practical, and free of sales buzz words, this session will help you get more security from fewer tools.

As 2026 marks a tipping point for traditional security, this session explores why the "Reset Password" button is becoming an expensive relic of the past. We demonstrate how transitioning to FIDO2 passwordless authentication slash helpdesk costs and eliminate phishing risks while creating a seamless, "one-touch" employee experience. Discover a proven roadmap to move your organization towards a more secure, efficient, and truly password-free future.

Supply chain risk is no longer just a third-party issue. It’s a shared, systemic challenge.

In this interactive discussion, Justin Kuruvilla (Chief Cyber Security Strategist, Risk Ledger) will kick things off with a perspective on how supply chain risk has evolved beyond traditional TPRM towards Active Supply Chain Security.

From there, the conversation opens up to the room. We’ll explore real-world challenges, concentration risks, and what’s actually working in practice, from visibility to supplier engagement.

Together, we’ll discuss how organisations can move from siloed approaches to a more collaborative, network-based model, and what it truly means to Defend-as-One.

A recent SASIG event hosted by BFBS brought enlightening insight to the Vendor community whilst also showing CISOs how they might assist innovation in the UK Cyber Industry. Join Martin Smith MBE and Liz Murray of the SASIG, together with representatives of the SASIG Community as they discuss 'What Makes CISOs buy and what turns them off'.

Arup experienced a deepfake social engineering attack in 2023 which lead to the loss of 25 million GBP. In this session, learn about the incident at a high level and how it occurred. You can also learn about the key steps of the attack and how Arup responded, as well as an outline of what was learned and how others can learn from the mistakes made.

Phishing has always been the favoured gateway for advanced persistent threats — but AI has rewritten the rules. In this session, James Dyer exposes how a recent large-scale phishing APT leveraged deepfakes, cloned voices, and generative AI to create unprecedented levels of deception and persistence.

Attendees will see how threat actors are operationalising AI to automate reconnaissance, craft hyper-personalised lures, and deliver synthetic interactions that blur the line between human and machine. The talk will dissect the campaign's tactics, infrastructure, and social engineering methods, highlighting how traditional detection and awareness models are being outpaced.

Finally, Dyer will explore how organisations can adapt — from enhancing phishing resilience and deepfake detection to reshaping threat intelligence processes in an era where seeing and hearing are no longer believed.

Most businesses run IT and security through separate vendors, and that separation is exactly where breaches happen. This session makes the case that treating them as two different conversations was always the wrong model. ThreatSpike's Kevin Price explains what changes when the team running your infrastructure and the team defending it are the same.

WiFi can be used as a biometric because the human body subtly changes radio signals as we move. These changes, captured as Channel State Information (CSI) by ordinary WiFi devices, contain distinctive patterns related to how people walk, move, and occupy space.

Research shows that an individual’s gait can be identified with high accuracy using machine‑learning models, providing a contactless alternative to cameras and wearables. In this talk, we explore what WiFi can and cannot do for identification and recognition, and discuss the associated limitations and privacy concerns.