NextSec Conference: The Changing Face of Cyber Security

NextSec

I am delighted to invite you to the NextSec Cyber Security Conference ‘The Changing Face of Cyber Security’ on 11 December 2014 at EY, 1 More London Place, SE1 2AF, London.

The conference will provide an opportunity for you to hear senior cyber security leaders, from a range of industries, share their cyber security experiences and insights through presentations following three main themes:
1) the changing cyber threat landscape,
2) the diverse techniques that have been adopted in response to the threat, and
3) the range of cyber security roles across different sectors.

The second half of the conference will address the changing dynamics required for leadership in cyber security including gender diversity and inclusiveness.

An open Q&A panel discussion will close the conference sessions.

Event Details:

  •  Date:           11 December 2014
  • Time:            5.00pm – 8.30pm followed by networking and drinks
  • Location:     Mulberry Restaurant, EY, More London Place

 Chairs

  • Cheryl Martin, Partner, EY
  • Leron Zinatullin, NextSec Committee Member and Information Security Advisor, KPMG

Confirmed speakers and panellists:

  • Cheryl Martin, Partner, EY
  • Sian John, Security Futurologist, Symantec
  • Robert Coles, Chief Information Security Officer, GlaxoSmithKline
  • Elena Cinquegrana, Associate Director, Navigant
  • Lucy Chaplin, Assistant Manager, KPMG
  • Freddie Hult, Senior Cyber Resilience Adviser, Cyber Resilience Ltd

Please visit the website to register for free.

NextSec is a networking group of young professionals working in cyber security and information risk management in the UK. The group exists since January 2012 and currently has over 290 members. These 290 members work for over 59 organisations in the UK. We have a diverse representation of young professionals working in financial services, oil and gas industry, industrial goods and retail, marketing, telecommunications, software, technology, professional services, and public sector. For more information about NextSec, please visit our website and LinkedIn group.

Advertisements

Cyber Security EXPO

Expo

During the 8th and 9th of October 2014, I attended the Cyber Security EXPO in London. It was co-located with IP EXPO Europe and presented the participants with an opportunity to partake in knowledge sharing discussions, various talks, trade stands and many more.

expo1

(ISC)² London chapter were running their regular community meeting. Everyone could also participate in the RANT event

The selection of presentations was great, ranging from fairly technical to business-oriented.

expo2

Bruce Schneier also took part in the event delivering a talk on incident response. It was an interesting discussion on economics and psychology of information security in the context of modern trends.

bruce1

Finally, it was a great opportunity to finally catch up with my friends, including Javvad Malik, Jitender Arora, Mo Amin and many others.


Managing the Cyber Threat: Insights from Senior Leaders

I’m happy to announce that the registration for the NextSec June 2014 Conference is still open.

Location: Investec Bank plc, 2 Gresham Street, London, EC2V 7QP, United Kingdom
Date: 5th June, 2014

Agenda:

18:00 – The role of a CISO in a cloud, mobile and social world

Speaker: David Cripps, Investec CISO

David is the Information Security Officer for the Investec Group and is responsible for the Group’s information security programme; ensuring that the risks to their information assets are identified and appropriately managed. He has a strong technical and networking back- ground in the finance and telecommunications industry. David has also worked as an elec- tronics instructor in Sri Lanka.

David has been awarded a master’s degree in Internet and Telecommunications Law (LLM). He is a Certified Information Security Manager (CISM), Information Systems Auditor (CISA) and Information System Security Professional (CISSP). David has also been awarded an Ad- vanced Professional Certificate in Investigative Practices (APCIP).

18:25 – The rule of three: cyber resilience in a fast-changing world

The rule of three: cyber resilience in a fast-changing world

  • Three walls to structure controls and contingencies against cyber attack
  • Three principles to drive the design of practical and focused cyber defences
  • Three strategies to maintaining agile, adaptive and sustainable counter-measures to meet the cyber challenge

Speaker: Daniel Barriuso, BP CISO

Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cyber security across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contribu- tor at security forums and events. Prior to joining BP, Daniel was CISO at Credit Suisse and coordinated a number of security initiatives across the financial services sector including the ‘Waking Shark’ response exercise. Daniel also dedicates his time as a Professor at the ‘Universidad Politecnica de Madrid’, where he lectures and researches in the areas of IT governance and information security investment.

18:50 – From Graduate to VP: My journey in the realm of Network Security

Speaker: Raghu Nandakumara , Citi Network Security Manager

Following completion of his MSc, Raghu joined Citi in 2004 as part of the UK Technology Graduate Programme and was placed in the EMEA Information Security Services team. Initially working in Operational Support he was part of a team that were responsible for the maintenance and stability of all perimeter security infrastructure in EMEA, including firewalls, proxies and remote access. He moved into the Network Security Engineering organisation in 2008 and was initially responsible for security service delivery on business projects (including handling large scale divestitures and acquisitions) as well as build out of security infrastructure in Citi’s new strategic data centre in the region. Having spent the last few years being the SME for a few Network Security products he now runs the Net- work Security Engineering Tools and Automation team.

19:10 – ISACA’s Cyber security Nexus (CSX) Program

Overview of ISACA including Cybersecurity Nexus (CSX), ISACA’s recently launched pro- gram that provides insights and resources for cybersecurity professionals.

Speaker: Allan Boardman, ISACA International Vice President

Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, is a risk officer at Morgan Stanley and International Vice President at ISACA. He began his career with Deloitte in Cape Town and has over 30 years experience in IT assurance, risk, security and consultan- cy roles at organizations including JPMorgan, Goldman Sachs, KPMG, PwC, Marks and Spencer, and the London Stock Exchange. He is a past president of ISACA London Chapter and has served on the BCS’ Information Risk Management and Audit Committee. He is a member of ISACA’s International Board of Directors, currently chairing its Credentialing and Career Management Board, and is a member of ISACA’s Strategic Advisory Coun- cil. He has served on ISACA’s Leadership Development Committee and chaired ISACA’s CISM Certification Committee. He was a volunteer at the Paralympics in London 2012 and Sochi 2014, and is a school governor where he chairs the Finance Committee.


NextSec Information Security Conference 2014

ID-100204342

Join us on our first 2014 conference focused on sharing knowledge of cyber security for the energy sector. We have a mixture of senior security leaders and NextSec members delivering a rich content to help you on your professional development

Attend this event, to meet and talk with technical experts, and network with like minded professionals from several industries

Information Security – Who is accountable?
Emma Leith BP IST CISO.
This session will discuss the role of Information Security teams in managing information security risks and who is truly accountable for the risks. It will cover some real-life example from BP in how they approached this whilst providing an insight into how they are starting to achieve their goal to ‘make security part of everyone’s job’.

The Importance & Limitations of Cross-Company Collaboration in the Infosec Industry
Adam Wood, National Grid and Michael Ramella, AstraZeneca.
This talk is aimed at covering what it means to truly collaborate within the Infosec industry. Expanding on lessons learned, guidance for successful collaboration will be presented, allowing the audience members to leave with next steps: The ability to understand and clarify their individual and their team levels of collaboration, and how to increase said levels if they so choose.

Securing Industrial Control Networks
Ian Henderson, BP Lead PCN Security Architect.
Ian will introduce Industrial Automation systems explaining how these critical systems have become a security issue. He will explain what can be done to secure these systems and highlight approaches that work. He will also explore the cultural and human aspects related to securing these systems and the perceived divide between the IT security and Engineering communities.

Securing data flows in the Energy sector with an API Gateway
Mark O’Neill, VP Innovation and Antoine Rizk, VP Vertical Markets, Axway.
The energy sector faces new challenges in governing all types of data flows with un-precedent volumes and security requirements. These data flows include; mobile device access for employees and field personnel, customer access for smart meter monitoring and bill payment, public access for locating charging stations and smart grid data exchanges. The speaker will illustrate technical security features and case studies of work with the energy sector.

The impact of major data losses on corporations and individuals
Yiannis Chrysanthou, Cyber Security Analyst.
The recent Adobe data breach exposed account information for 153 million users. This session will describe the means by which an attacker can leverage the Adobe leaked information to launch attacks against corporations and individuals.

Time & Date: 7th March, 2014 15:15 to 19:45
Location: KPMG – Canary Wharf, London

To sign up please complete the form.

Sign up early, limited places are available!

Image courtesy of kongsky / FreeDigitalPhotos.net


NextSec: Junior Professionals Network


I’ve recently joined the NextSec committee to help deliver opportunities to young professionals, so that they can meet and support each other through the first years of their career. We aim to bridge the gap between employers and students, and offer insight to inspire the next generation to join our profession.

NextSec is a networking group for junior professionals working in Information Security and students aspiring to begin a career in this industry.

NextSec’s Aims and Objectives

  • Networking and Collaboration. We aim to enable networking, drive active participation and collaboration of junior professionals in cyber security coming from a vast range of industry sectors.
  • Education. Facilitate educational events, seminars and workshops delivered at parent organisations by industry experts and leaders, passionate in preparing today’s “next generation” to be tomorrow’s information security workforce.
  • Inspiration. Mentor students by providing them with networking opportunities, career advice, job fairs and real insight into the industry to enable them to make informed decisions about their career aspirations.

I’m going to help organise the next event  in the first quarter of1 2014. The conference would be hosted by KPMG and be dedicated to information security trends in the oil and gas industry.

The dates and speakers would be confirmed in the near future.
Meanwhile, please feel free to check out the website and join the LinkedIn group.