Cylance: Leveraging the Power of Prevention

7th August 2017

Several years ago, Cylance embarked on a mission to create a robust security solution that can successfully counter both known and unknown threats.



Session ONE – Defending against Risks and Vulnerabilities, Developing Resilience, Deterring Cyber-attacks

  • A review of the risk landscape and emerging vulnerabilities that pose a serious threat to business and government
  • Working in Partnership to reduce the attack surface and solve strategic security challenges
  • Understanding threat vectors and actors, trends and priorities
  • Building skills, capabilities, capacity and responsiveness


The Conference Chair’s Opening Remarks

Dan Raywood, ‎Contributing Editor, Infosecurity Magazine

Keynote Address: The National Cyber Security Strategy (2016-2020)

National Cyber Security Centre (invited)

The National Cyber Security Centre provides a hub of expertise for businesses and individuals to build resilience and respond to major incidents. This morning address covers the three key pillars of the latest cyber security strategy: defend, deter and develop. We also explore how the NCSC is developing relationships with new partners to protect key interests, what steps it has taken to address systemic vulnerabilities and providing leadership on key national cyber security issues.

Working in Partnership to Manage Risks

National Cyber Crime Unit (invited)

Cyber security is not just an IT issue. It presents a real and potent business risk. We look at:

  • The nature of the risks facing businesses
  • How companies are creating alliances and partnerships to deal with growing cyber risks
  • How businesses can stay ahead of the curve, and how they can outpace attackers
Case Study - Transport for London

Richard Bell, Interim Chief Information Security Officer, Transport for London

Using Network Intelligence to tackle evasive Insider Threats

Director Of Product Management, Corvil

81 percent of hacking-related breaches leveraged stolen and/or weak passwords (DBIR, 2017). Once an attacker gains a foothold within a network, with a compromised user account, tracking their activity such as lateral movement becomes challenging and the damage they can cause is severe. For security teams, network traffic tends to be understood as one of the most valuable sources of insight, but also one of the most difficult to extract those insights from. Based on over 10 years of experience analysing network traffic for the top 20 global banks, learn best practice on how to listen to your network to accelerate the time it takes to investigate and respond to such evasive attacks.

Case Study - Lloyds Banking Group

Boris Taratine, Chief Cybersecurity Architect, Lloyds Banking Group


This session will cover three considerations:

  • The basics of what would constitute a reportable breach, who do you report it to, and when do you report it by, will be considered in the context of national and international legislative requirements
  • Examples of what needs to be in place to enable a cyber breach to be reported in an accurate and timely way
  • Punitive actions, current levels of fines, versus likely future levels
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Cyber Insurance – Why it Matters

There are significant consequences attached to cyber breaches. These include among other things the loss of customer data, financial costs, penalties from regulators, disruption of services and reputational damage. What can be done to mitigate the fallout of any breach? Is cyber insurance worth considering?

Case Study - National Crime Agency

Richard Wright , Senior Officer – Security Education, National Crime Agency

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – A New Approach to Cyber Security

Aligning cybersecurity objectives and strategy to the business imperative for growth. 

The Conference Chair Opens the Afternoon Session
How is the relationship between your Records Management and Security experts?

Martin Fletcher, Assurance and Information Management Consultant, The National Archives

The development of technology in data use and storage is faster than it has ever been before. Because of this it is vital that records management and cyber security experts work closely together to ensure that information is handled responsibly and all staff understand what is required of them.

But how often is this close relationship actually the case? What can be done to help facilitate communication of good practice across the business? The National Archives’ Martin Fletcher discusses his experiences talking to organisations across the public and private sector about boosting security through improved communication.

Partly Cloudy with a Chance of Mobile

Senior Security Researcher, SecureWorks Counter Threat Unit 

As IT infrastructure and our relationship with computing devices evolves, so does our threat profile. This session explores emerging areas where intrusions are occurring, exploring specific threats that SecureWorks Counter Threat Researchers have identified, as well as those areas where activity is declining. We will cover observed activity in:

  • Mobile platforms
  • Cloud Infrastructure
  • Traditional enterprise system exploitation.
Training your Employees to Be a Last Line of Defence Against Cyber-Attacks

John Hield, Information Security and Compliance Manager, Veolia

John’s role is to ensure that the 5,500 end users in the UK and Ireland that work for Veolia are able to work (cyber) safely and compliantly. After running five different phishing email tests on his employees earlier this year, John was worried to find that over 700 people fell victim to the tests. For this reason, he turned away from traditional methods of cyber security and awareness training, like in-person sessions, videos and blogs, embracing instead an interactive, gamified approach from Wombat Security Technologies.

Since the interactive training modules were launched within the company on June 12th of this year, as of the end of July, over half had completed compulsory modules, including all of the board. A further 2,000 end users completed voluntary training, with modules on mobile device security and the GDPR being the most popular modules to be voluntarily completed.

In this speaking session, John will explain why he thinks that interactive, gamified cyber security awareness has been so popular with Veolia’s end users, as well as the further benefits of such technology, such as rapid ROI and advanced auditing capabilities, which will be vital for the upcoming GDPR and its relevant legislation.

Case Study - Insurance
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Case Study - British Council

Ian Goodwin, Director of Information Governance and Risk Management, British Council

Case Study - London Digital Security Centre

John Unsworth, Chief Executive, London Digital Security Centre

Cyber-Threat, Risk and Harm

Detective Chief Inspector Vanessa Smith, Yorkshire and Humber Regional Cyber Crime Unit

DCI Smith’s presentation will provide insights into:DCI Smith’s presentation will provide insights into: 

  • An awareness of cyber crime
  •  An overview of the types of cybercrimes committed
  • Profile types of those who commit cyber crime
  • Recommendations of how to protect yourself from becoming a victim of cybercrime
  •  Cyber-attacks on businesses and the impact caused 
  • Traditional crime versus cybercrime
  • Cost of cybercrime
Case Study - JISC

Steve Kennett, Security Director & Senior Information Risk Owner (SIRO), Jisc

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.