8am – Welcome, registration and breakfast reception


9am – Conference Opening

Martin Smith MBE Chairman and Founder, SASIG
Mark Walmsley Global CISO, Freshfields Bruckhaus Deringer LLP, and Chairman of the Big SASIG Advisory Board


9.15am – Panel Discussion – Cyber resilience in the real world

Learning from the past, preparing for the worst, and dealing with the inevitable. What does resilience look like when it’s in action? Providing real-life case studies on dealing with crisis management. How do we get to back business-as-usual, what’s worked and what’s failed?

Chaired by:
Andrew Gudgeon OBE Head of Enterprise Risk Management, Zurich Insurance Group

Richard Lewis Head of Operational Risk Oversight, TSB Bank
Elizabeth Green EMEA Advisory and Cyber Lead, Dell Technologies
Ruth Anderson Chief Operating Officer, Lloyds Banking Group
Irfan Hemani Deputy Director, Cyber Security, DCMS
David Prince Cyber Security Consulting Lead, Baringa


10.25am – 12.15pm – Partner workshops, one-to-one meetings and networking forum

10.25am – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

The human element: Fixing the behaviours that lead to breaches

Steve Malone VP of Product Management, Egress
Jack Chapman VP of Threat Intelligence, Egress

Cybercriminals continue to launch increasingly sophisticated social engineering attacks. Coupled with a rise in human error, it’s no surprise that 85% of today’s security breaches involve a human element.* Traditional approaches fall short of solving this problem, with legacy technology and security awareness training unable to reduce human-activated risk on email.

Join this presentation to learn more about:

• Today’s email security landscape and the emerging threats you need to know about
• The behaviours behind email data breaches
• Why legacy approaches are no longer fit for purpose
• How to use behavioural science and zero trust to take back control over data loss
• How real-time teachable moments are more effective at changing human behaviour than traditional security awareness training

*2021 Verizon Data Breach Investigations Report


Procure security effectively – The way out of the CIO/CISO dilemma

Simeon Mussler Chief Operating Officer, Bosch CyberCompare
Clare Patterson
Advisory Board Member, Bosch CyberCompare

Hardly a day goes by without new attack reports; ransomware attacks alone have increased by over 400% since 2019. The pressure to do ‘something’ to strengthen cybersecurity is increasing – and with it, the uncertainty of what will be the strategically correct next step. The provider market is growing every day, with more offers, company presentations and services on the IT department or CISO’s agenda. Cybersecurity is just one topic among many for the CIO to tackle, alongside digitisation, cloud migration, a shortage of skilled talent, and enabling the new ways of remote working. Together with you, we will explore transparent and efficient ways to find the right provider for your cybersecurity needs.

Puzzling through the XDR Jigsaw pieces: Buzzword or genuine security movement?

Elliott Went Senior Enterprise Systems Engineer, SentinelOne

XDR. It’s the hottest domain in the cyber world right now and the biggest buzzword you’ll see plastered over LinkedIn and debated amongst security vendors. But ask around and you’ll find very few people truly understand the field and even fewer know what the initials stand for. Is it just a marketing buzz, or is there a profound and significant movement occurring?
Join Elliott Went, Senior Enterprise Systems Specialist at SentinelOne, as he helps us look beyond the acronyms, explains the history and development of XDR practice, and decodes the secrets of enrolling a successful XDR technology across your network.


11.05am – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

Drive Accountability with Cyber Risk Governance

Nuno Almeida Manager, Consulting Engineer – EMEA, Bitsight

Cyber risk governance defines the guidelines for how the organisation manages cybersecurity. Cyber risk management is the execution of the policies and procedures defined by the Governance team to implement controls, prioritise remediation, and respond to incidents. The two functions often work hand in hand, but in some extended businesses, the organisational hierarchy can be rather complex, leading to numerous challenges for driving accountability across the business.
Many forward-thinking security leaders have opted to enforce cybersecurity performance standards across their business units, subsidiaries, or geographic teams. But what standard should be used? And how do you manage to this standard in an efficient way? Join us as we explore the topic of driving accountability with cyber risk governance in more detail.
In this session we will discuss:
• Different options for setting standards, and ideas for implementation
• How cyber risk quantification can be applied to drive accountability
• How to incorporate benchmarking and peer comparisons into your standards

Key takeaways include:
• Ideas for driving accountability across your extended organisation
• Tips for utilising cyber risk quantification as a performance metric
• An introduction to how security ratings can play a key role in your governance standards

Next Generation Defence: Using Hackers to Beat Hackers

Justin Shaw Gray Sales Director, UKI, Synack Inc.
Mark Walmsley Global CISO, Freshfields Bruckhaus Deringer

Remote work, although not new, has made itself a top priority of every CISO’s immediate agenda in light of today’s remote working environment. For CISOs, designing security for a decentralised workforce requires revisiting where and how security and risk management leaders direct their efforts. In this session, Synack’s Justin Shaw-Gray, and Mark Walmsley, CISO, Freshfields Bruckhaus Deringer LLP, will discuss the security challenges CISO’s face in today’s business climate and how Synack’s innovative crowdsourced security model and continuous pen testing offering address these challenges.
Attendees will learn:
– How concerns and security implications for organisations and their remote workforce have played a role in security decisions.
– How to secure your organisation while managing a remote workforce from the executive’s perspective.
– How agile businesses are able to respond quickly to opportunities and threats.
– How security researchers are playing a pivotal role in securing companies’ assets.

Zero in on what matters to reduce your cyber-exposure by understanding your unique attack surface

Bob Vickers Sales Director Northern Europe, Skybox Security

Accelerated cloud migration and adoption, deployment of newly connected devices and systems, increased mobile and distributed users, and business process transformation all introduce new vulnerabilities and exposures, and at the same time, expand your attack surface.

With the huge amount of data being presented to you about threats and vulnerabilities, which do you prioritise within the context of your organisation? How do you know where you are most vulnerable in this maddening hybrid network labyrinth that consists of a growing jumbled mess of tools, devices, firewalls, and policies?

Answer? Network modelling. It sees through the storm, behind the wall, and illuminates the shadows to find pressing dangers.

This workshop will examine the following questions and discuss the best way forward:
• Do you know what you are dealing with?
• Are you collecting and analysing the right sets of data?
• Are you factoring exposure risk into your analysis?
• Are you being prescriptive when fixing vulnerabilities?


11.45am – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

Real-time security awareness – A behavioural science approach

Tim Ward CEO and Co-founder, ThinkCyber

When 90% of cyber attacks start with the human user, we need to move beyond tackling the human factor with a tick box approach to awareness. In this talk, ThinkCyber unpicks the science and theory behind behaviour models to help us understand why risky behaviours happen, and, more importantly, how to stop them.
From research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour models that highlight the need for timely cues, we will explore how a real-time approach can allow awareness to form part of incident response and actively prevent incidents. This talk will offer real-world examples and ways that all organisations can apply the theories that drive secure behaviour change.

Using behavioural indicators of intent to stop data exfiltration at the planning stage

Remon Verkerk Insider Risk Specialist, DTEX

In Formula 1, as in many industries, data exfiltration can be extremely damaging. Join us to discover how Williams Racing’s use of behavioural indicators of intent stops data exfiltration at the planning stage rather than when it is too late.

Zero Trust Security – Death to the firewall

Ade Taylor Technical Director, Secrutiny
Ian Heritage Partner Engineer, Google Cloud Chronicle Security

Given the new work-from-home environment and cyberattacks like phishing, ransomware, and business email compromise at all-time highs, the way we’re taught to build networks isn’t effective in today’s world of distributed teams, systems, and applications.
The challenges that organisations now have with traditional perimeter-centric security approaches and technologies have elevated the need for continuous verification of trust – across the device, user, and application bases. But confusion about Zero Trust’s real meaning and purpose makes it harder to implement the ideas in practice.
Join us in this workshop to:
• Look at why the industry’s favourite catchphrase isn’t any one product or system, but a holistic approach to minimising damage.
• Explore how Google achieved Zero Trust and their journey from research to implementation.
• Discover how to change the battlefield and make it more difficult for an attacker, with a security framework that detects everything and trusts nothing.


12.15pm – Lunch, exhibition and networking


1.30pm – Partner workshops, one-to-one meetings and networking forum


1.30pm – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

Seeing the attacker’s view: A people-centric approach to security

Andrew Rose Resident CISO, Proofpoint

When a simple internet search can tell the attacker all they need to know about prospective targets, and email gives them direct access to their victim, it’s no surprise that modern attackers have entirely pivoted to targeting people, largely via simple phishing tactics, rather than systems. The World Economic Forum confirmed this in 2022 stating that 95% of cyber breaches have a human focus!
You likely know that email fraud, or BEC, is costing organisations billions of dollars, and that 75% of ransomware starts via email, but do you know why these attacks continue to reach new levels of success?
Join this session to learn how you can identify your most attacked and riskiest users, and how to design better strategies and protections to stop these attacks before they reach your employees, customers, and business partners.


Is your data safe? The why & how of building a data-first security program

Matt Lock, Technical Director, Varonis

We’re in the midst of a perfect storm for cyber threats. Cyber warfare, the rise of crypto, increased regulation and a skills shortage in IT teams.
Where do you start? Well, how about starting with the data?
Join this session to get an inside look at the evolving trends and how attackers think, plus practical advice on building and evolving your security program to keep up with emerging threats. We’ll also cover how collaboration and data sharing tools have changed how we think about cybersecurity and rapidly evolving ransomware threats.

Enhance security programs with insights and key takeaways from the 2022 DBIR

Mesut Eryilmaz Principal DFIR Consultant VTRAC, Verizon

Changes in the real world often occur rapidly, and they rarely give advanced notice of their arrival. Organisations are forced to react quickly and make decisions regarding their security stance accordingly.

Informed decisions are the wisest decisions. While no one can accurately predict the threats organisations may have to face next month or next year, they can discern what eventualities are most probable and prepare for those.

During this session, Verizon will present the key findings from the 15th edition of the Verizon Data Breach Investigations Report (DBIR) and provide guidance on how to effectively protect your organisation from today’s greatest security threats.


2.10pm: Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

White House DNS Down! Stop DNS becoming the root of your cybersecurity problems

Peter Goodwin CSA Director EMEA, EfficientIP

The importance of insider threats was highlighted by the recent White House breach. Once again, abuse of the Domain Name System (DNS) was at the forefront, being used to compile information about which computers and servers were being communicated with. Threat actors know the critical role DNS can play in the cybersecurity kill chain, so it’s become a priority target for them. IDC’s Threat Survey in 2021 revealed that 87% of organisations had experienced at least one DNS attack, and more than 26% of these had sensitive information stolen. It’s therefore clear that DNS security needs to be taken seriously.

Learn in this session about different DNS attack types and the tools to mitigate them, as well as techniques to turn DNS into your first line of defence by using threat intelligence and application access control at the user level for blocking the lateral movement of malware.


Is cyber threat intelligence useful, essential or an unnecessary luxury?

Andrew Lee Director of Government Affairs, ESET

Cyber threat intelligence is a term that is one of those buzzy sounding things, but what does it really mean, why is it important, and how can it be used?
Andrew Lee will walk you through the ‘What, Why and How’ of threat intelligence using real-world scenarios and data from recent incidents to show how cyber threat intelligence provides crucial information that can help defend against and mitigate cyber attacks.

How to make security an enabler and growth partner for business

Neil Thacker CISO EMEA, Netskope

For many CIOs, cybersecurity is seen as an additional challenge to navigate in the path to a successful project outcome. It puts limits on innovation through its dependence on binary ‘allow or block’ decisions. But just as travel insurance gives tourists the confidence to see the world, so security gives business leaders the mandate and platform to innovate.
Security is at last evolving to become ‘smarter’; able to see nuance and context, upon which it can build agility and flexibility. This session will consider the security transformation that is necessary both to respond to evolving threats and to enable business growth and agility. Covering topics including SASE, SSE and Zero Trust, it will provide tangible examples of ways in which modern security architecture supports businesses through an increasingly disrupted landscape.


2.50pm – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

How Threat Intel Enhances Red Teams

Stephen Begley Red Team Principal, Mandiant

Threat Intelligence isn’t just for the defenders – in this presentation, Mandiant will outline how red teams can leverage the latest observations of threat actor motivations and TTPs to deliver targeted adversary simulations. TI-led red teaming helps organisations exercise their controls against the most realistic threat scenarios, and to focus their resources on the threats which are most relevant to their business. We will outline our approach to TI-led testing, its advantages, and the wider landscape of regulation and other kinds of security testing which can be delivered with an intelligence-focussed lens.


Risk Vs Reality – Understand today’s threat landscape to build a successful defence strategy

Zeki Turedi CTO CrowdStrike EMEA, Crowdstike

We all want to defend our organisation to our best capability. Modern networks, countless new vulnerabilities and remote working all create complexities to making that possible.

The easiest route for most is to add more technology to solve those new issues, but how do we identify the right technology and strategy that will solve the biggest risks to your organisation? How do you identify acceptable risk versus unacceptable risk?

It all starts with understanding the actual threat to your organisation.


State of Security 2022 – What are your peers saying?

Kirsty Paine Strategic Advisor – Technology & Innovation, Splunk

Want to know how your peers are responding to their ‘top of mind’ technical issues? In our latest State of Security research, we surveyed 1,200+ security leaders worldwide about how they’re grappling with cloud complexity, supply chain attacks, high rates of burnout and other pressing challenges. We’ve put all our findings into one neat report and presentation for Big SASIG 2.

Join former UK National Cyber Security Centre Mathematician, Kirsty Paine, to see how your priorities compare to other security leaders, draw inspiration from our research findings, and overcome your strategic challenges.



3.30pm – Partner workshops

Workshop Stream 1 Workshop Stream 2 Workshop Stream 3

Fast and Furious Attacks: Using AI to Surgically Respond

Beverly McCann Principal Analyst Consultant, Darktrace

Fast-moving cyber-attacks like ransomware can strike at any time, and security teams are often unable to react quickly enough. Join Beverly McCann, Principal Analyst Consultant at Darktrace, to learn how Autonomous Response uses self-learning AI’s understanding of ‘self’ to take targeted action to stop in-progress attacks, without disrupting your business.
Join this workshop to:
• Learn how Autonomous Response knows exactly the right action to take, at the right time, to contain an in-person attack
• Discover how AI takes precise action to neutralise threats on the behalf of security teams
• See how real-world threat finds illustrate the workings of Autonomous Response technology


Evaluating Third Party Cyber Risk Maturity

Mark Tilston Head of Third Party and Supplier Risk UK, BlueVoyant

Cyber risk has evolved and third parties are and will continue to represent a huge segment of it. Geopolitical factors and global events have recently drawn attention to supply chain issues, and threat actors are continually more motivated to use vendors and partners as a shortcut to compromising an organisation.

There is a need for better management of these risks across all industries. Many organisations are much further behind than most are willing to admit in their risk mitigation and reduction programs. In this presentation you will discover a maturity model for third party cyber risk management, a tool to help organisations understand where they stand and how they can improve and evolve their mitigation programs through clear, concrete steps.


Resilience – Is it the key to Human Cyber Readiness?

Bec McKeown Director of Human Science

In this session, Bec McKeown, a Chartered Psychologist and Director of Human Science at Immersive Labs, explains the psychology behind resilience, and how the discipline of behavioural science can help cybersecurity professionals increase resilience and reduce risk.

The session will cover:

• What is resilience?
• Why is it so important?
• How we can build resilience by developing knowledge, skills, and judgement.




4.10pm – Conference closing keynote – Managing the hidden risks to the cyber security profession              

The number and type of security breaches are increasing, and the fallout still dominates the media spotlight. Breaches remain in the top 10 risks for the World Economic Forum. We look at the cybersecurity profession and why the UK Cyber Security Council must provide stewardship for the highest possible standards of expertise, excellence, professional conduct and practice in the profession. This presentation shares how the Council delivers its mission as the profession’s voice.

Presented by:
Dr Claudia Natanson Chair of the Board of Trustees, UK Cyber Security Council



4.45pm – 6pm – Conference networking drinks reception

At the conference venue
The post-conference networking opportunity, where end-users and vendors meet as equals.

Sponsored by:


6.45pm for 7.30pm – Conference Dinner

In the true SASIG tradition and against the sumptuous backdrop of one of the finest private clubs in London, we will gather to enjoy good company, good food, fine wine and excellent networking, all strictly under the Chatham House Rule and by invitation only.

A perfect end to a perfect day.

Co-Sponsored by:

Big SASIG evening dinner will be supporting the Children’s Air Ambulance.

We will be carrying out a fundraising auction during the evening in aid of the Children’s air ambulance