SC Congress London Programme

SC Congress London sessions are carefully curated to inform and engage our audience about the inner workings of what is going on in today's cyber-security world. Our topics and speakers are hand-picked by our editorial team and highlight unbiased seasoned professional advice and information to help attendees tackle the latest issues facing the cyber-security industry today.

8:30 AM - 9:00 AM

Registration and breakfast served

9:00 AM - 9:15 AM

Turning cyber-awareness into good defensive practice

  • Opening Keynote

For our opening keynote, a senior level cyber-security professional from the NCSC will address the ways the industry regards cyber-attacks and created a culture of fear around online security. The NCSC is looking to add some clarity to the subject by cutting through the noise surrounding the issues that matter while fixing basic issues and stepping away from vendor fear, uncertainty and doubt. One particular topic that will be addressed is the TalkTalk hack. Although this was not as large scale as some other hacks, it was an unprecedented cyber-attack by a 17-year-old who exploited a SQL vulnerability, which has been around for over 20 years. The opening keynote at SC Congress London will get back to basics. Let's get the basics done right first, and together build a stronger UK.


  • Senior NCSC Director, , The UK faces a growing threat of cyber-attacks from states, serious crime gangs, hacking groups as well as terrorists. The NCSC will help ensure that the people, public and private ...
9:15 AM - 9:55 AM

The law is of no use in cyber-space

  • Editorial Session 1

Cyber-criminals are getting away with millions, across borders, using the latest technologies, while law enforcement struggles with international cooperation. How do we beef up law enforcement of online activities, while protecting citizens' rights and overcoming the challenges of attribution, jurisdiction and extradition? Should we use offensive responses to disrupt criminal activities - and are we all agreed on what exactly is criminal activity online?


10:00 AM - 10:40 AM

Why businesses should care about cyber-warfare

  • Editorial Session 2

In the future, companies can expect to be impacted by cyber-warfare just as they are currently impacted by a kinetic war. But because the threshold is lower, and cyber-reconnaissance will be conducted ahead of hostilities, the likelihood of your network being attacked by a nation-state is constant. And if you are part of the critical national infrastructure, you can be sure you are being looked at. So how do you know if your network has been breached and what can you do? Who do you call on and to what extent can the government - or anyone else - help? And what - if anything - can you do to protect yourself from state attackers?


10:40 AM - 11:20 AM

Coffee break and Expo Floor

11:20 AM - 11:50 AM

Sponsor Sessions

  • Varonis | How to Detect and Protect against Insider Threats, and be GDPR-ready at the same time!

For many organisations ransomware is a canary in the coalmine. It can be a leading indicator of much deeper security issues. Ransomware is noisy and exposes areas within an organisation that are vulnerable to even more sinister attacks that can't be remedied with a data restore. This session describes a methodology that will enable you to detect suspicious behaviour faster and get a handle on where your sensitive information lives and how to protect it from insider threats. And then creating a long-term data strategy based on Privacy by Design – the building block to GDPR compliance. · How ransomware is forcing organisations to prepare for other insider threats that are much worse · Who are the typical bad actors in an insider incident, and how you tackle them · Building a data strategy that will keep you secure and compliant


Sponsored by : Varonis

  • Centrify | Stepwise Security | A Planned Path to Reducing Risk

Attackers are making major headway into our businesses with simple tactics that exploit our weakest points. It’s clear that we need to bolster our defenses, but prioritisation can seem daunting. Barry Scott, CTO, EMEA from Centrify, will walk through some proven practices for prioritising a risk mitigation strategy, starting with the easy gaps that most often lead to data breach, and moving to sophisticated and comprehensive control.


Sponsored by : Centrify

  • Distil Networks | Know Your Automated Threat


Sponsored by : Distil Networks

11:55 AM - 12:25 PM

Sponsor Sessions

  • High-Tech Bridge | Machine learning in web application security testing: ImmuniWeb

Gartner’s Hype Cycle for Application Security 2016 states that applications, not infrastructure, represent the main attack vector for data exfiltration. Verizon’s Data Breach Investigation Report (DBIR) for 2016 states that attacks on web applications accounted for over 40% of incidents resulting in a data breach, and were the single-largest source of data loss. However, it's not obvious how exactly do the web applications cause the actual damage. This speech will focus on real-life examples of cyber-crimes committed by or via exploiting insecure web applications. Mr. Jonathan Schumann, senior account manager at High-Tech Bridge, will provide an overview of existing AI and machine learning solutions and will show how it can be practically used on example of High-Tech Bridge’s award-winning web security testing platform ImmuniWeb.


Sponsored by : High-Tech Bridge

  • Resilient Systems | The role of Orchestration in Incident Response

Companies today continue to face challenges preparing for and responding to complex cyberattacks. Cyber Resilience is more critical - and harder to achieve - than ever before. Join Resilient’s Chris Neely, Director of Technical Sales EMEA to learn how to measure, assess, and improve your organisation's cyber resilience with orchestrated Incident Response.


Sponsored by : Resilient Systems

  • Skyhigh Networks | Cloud security, compliance and data protection

The average UK organisation is using 1,000 different cloud services, some approved (such as Office 365), many not. Meanwhile the application teams are spinning up IaaS services and writing new apps. On the other side there are increasing regulations, GDPR and high risks for data loss. IT sits in the middle trying to encourage employees to be productive and yet should control and manage the cloud services. Charlie will discuss the latest research on cloud use, the risks and costs of getting it wrong, top aspects of GDPR and provide advice on the steps needed to adopt the cloud in safety, setting up a cloud adoption team, evaluating your cloud risks and how to deliver safe cloud to your users.


Sponsored by : Skyhigh Networks

12:25 PM - 1:05 PM

Expo Floor - Pick up lunch at 1:00 to take into Keynote

1:05 PM - 1:30 PM

Keynote Lunch

  • Part 1 - Ignoring it won't make it go away. What you need to do now to prepare for EU GDPR.

Companies in the UK have come around to the idea that Brexit will not alleviate them from the need to comply with new EU data protection regulations coming on 25 May 2018, nor the fact that onerous penalties will apply to all who breach the regulations after that date with no excuses. But what should you be doing now? How does encrypting your data reduce your reporting requirements? Will training up a data protection officer now avoid joining the recruitment scrabble in 18 months? Find out what you need to do.


  • Part 2 - Hacking the human - how social engineering sidesteps the technology


2:10 PM - 2:55 PM

Editorial Tech Panels

  • Ransomware - how do we protect ourselves?

Beyond backups, how can we avoid getting our data locked down? And, if it does happen, what should we do?

  • Do data breaches matter? Mitigating impact

Share prices plunge after a breach and heads often roll - but don't they just bounce back, and haven't people got short memories?


  • DDoS protection in the age of IOT attacks

1.1 TB in Oct. 2016, and continuing to grow, via armies of cctv cameras and goodness knows what next in the age of IoT. Is the rise of DDoS stoppable? If so, how?


3:00 PM - 3:30 PM

Sponsored Sessions

  • Positive Technologies

Today’s enterprise environment is increasingly software hungry. Business units across the board are demanding an ever increasing pace of development and deployment for connected applications. For security teams, more connected code means more vulnerabilities, increasing the attack surface to the point where it becomes unmanageable. This significantly increases the risk of breach, putting your brand in danger and leading to financial loss. Here, Roy Duckles will outline how an attacker can find and abuse the flaws in your connected applications.


Sponsored by : Positive Technologies

  • Zonefox | EU GDPR compliance

EU GDPR compliance - what you need to know, the technology you need to have in place, and how to easily meet the 72 hour breach notification rule. With a session designed to take you through the practical and technological considerations your organisation must consider, attend this timely roundtable and: - Learn how you can keep on track to fulfill your GDPR duties - Discover how UEBA and AI technologies can support EU GDPR compliance with critical insights on data flow and use - Gain insights into how with the right tools in place, you can respond to, and meet, the requirements of the 72 breach notification. 


Sponsored by : Zonefox

  • Unisys | Enabling Trust, Security, and Resiliency through Micro-Segmentation

The historical approach to network security was one built on strong perimeter defenses and a well understood concept of resource and infrastructure allocation (i.e., physical and logical topologies, DMZs, etc…). Today’s reality is completely different and thus requires a change in the way we think about security and the supporting business process models. This is the era of micro-segmentation and software defined networking (SDN), and the “earned trust” or “zero trust” model.

A new approach to information security has to realize that the enemies are already inside the perimeter and adopt a new paradigm. This presentation provides an overview of how micro-segmentation addressed these challenges and enable trust, enhance security, reduce costs and improve resilience for modern enterprises


Sponsored by : Unisys

3:30 PM - 3:45 PM

Beverage/coffee break in the Exhibition Hall

3:45 PM - 4:30 PM

Extending transport safety models into the cyber-sphere

  • Editorial Session 3

From Stuxnet to Ukraine's power stations, we now know our critical infrastructure is either under or potentially under cyber-attack, yet we don't share the lessons learned. In this session, our panelists will consider whether or not traditional aviation safety models could be implemented throughout the cyber-security landscape, particularly industrial control systems and real world infrastructure. We will be discussing what they do well, and what someone working in energy or defence could learn from them.


4:30 PM - 5:10 PM

Will CISOs still have a job in the age of AI?

  • Editorial Session 4

Cyber-security skills 2020 – will you still be relevant? What's the future for the CISO, and how do we reconcile the role of AI in cyber-security vs people? Should CISOs be board members, and how will the impact of EU GDPR fines and breach reporting affect the role? Will it be a tech post or will communication, project management and business risk skills dominate? And what about the opportunities for women? Where else will the skill sets come from, including all the DPA officers needed under GDPR?


5:10 PM - 6:30 PM

Exhibition Hall: Closing cocktails and Passport to Prizes

  • Passport to Prizes

Get your "passport" stamped at all sponsor stands for a chance to win prizes such as tablets, i watch, a Go Pro camera, an iPad mini, bluetooth speakers and more! Winners will be drawn during the cocktail hour in the Exhibition Hall and must be present to win.

By registering for SC Congress London and attending any sponsored session you are agreeing to your data being held by the organizers in the UK and US, and to being contacted by the host and its partners.  If your badge is scanned by an exhibitor on an exhibitor stand you are opting-in to receiving communications from that entity. You will be subject to their communications and privacy policy and must opt-out with them directly.