European Cyber Security Month

ECSM is the EU’s annual advocacy campaign that takes place in October and aims to raise awareness of cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices.

@CyberSecMonth, #CyberSecMonth

VIP Networking Breakfast in the Bistro Cafe 

(limited availability, so by invitation only. Please register here)

Opportunity to meet with others and join the panel discussion around skill shortages in cyber security. The expert panel includes:

- Nicola Whiting, COO at Titania - a rapid growth, award-winning software house, will be discussing how the use of language within cyber security can alienate the public and how this can impact attracting the best talent.

- Stuart Lewis, Head of Cyber Security at the University of South Wales, will cover how the university are preparing students for a career in cyber security.

- Ian Blackburn, Head of Delivery at IntaPeople, cyber security recruitment specialists, will be talking about the talent shortage and how we are able to find the skills that companies require.

- A speaker from the Cyber Security Challenge UK.

Kindly sponsored and hosted by IntaPeople @intapeople

Registration & Exhibition Opens

Tour the exhibition ahead of the symposium.

Welcome

Presentations begin in the auditorium

Dr Adrian Burden, Festival Founder & Managing Director of Innovate Malvern CIC @apburden

Dr Emma Philpott, Managing Director of UK Cyber Security Forum CIC @emphilpott

10:15

Keynote Presentation

A brief on the UK's new National Cyber Security Centre.

NCSC Speaker

More details on the day.

10:45

Launch of a specialist insurance package for UK cyber security SMEs

Cyber security professionals and their SMEs need affordable and tailored cover for their work in this fast-moving high technology sector. Often working with large organisations in areas of significant sensitivity, it is essential to be covered properly for cyber liability and professional indemnity, as well as other risks. This presentation will highlgiht a few important considerations using one or two case studies and then formally launch a new insurance package to be made available through the UK Cyber Security Forum. 

Duncan Sutcliffe, Director of Sutcliffe & Co Insurance Brokers

Duncan is a Director of the family-owned Sutcliffe & Co that has been providing insurance services in Worcestershire and beyond for four generations. Duncan has a wealth of experience with a range of insurance products, particularly suited for cyber security, high technology and IT sectors. Previously he was in the British Army and has a degree from the University of Sheffield.

@sutcliffeCo, @dsutcliffe

11:00

Verifying Cyber Attack Properties

The heterogeneous, evolving and distributed nature of the Internet of Things / Cyber-Physical Systems (CPS) means that there is little chance of performing a top-down development or anticipating all critical requirements such devices will need to satisfy individually and collectively. This talk describes an approach to verifying system security requirements, when they become known, by performing an automated refinement check of its composed components abstracted from the actual implementation. (This work was sponsored by the Charles Stark Draper Laboratories under the DARPA HACMS (High Assurance Cyber Military Systems) project and the views, opinions, and/or findings expressed are those of the speaker and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government).

Prof. Colin O’Halloran, Technical Director at D-RisQ Ltd.

Colin has worked on the mathematical verification and validation of software based systems for over 30 years. He has worked on the foundations of secure software systems before turning to assuring the safety of software based systems. In 1996 he served on the European Space Agency’s board of inquiry into the explosion of Ariane 5 during its first flight. In the mid-nineties he proposed the approach and led the team responsible for the machine based proof of correctness for the avionics control systems for the Typhoon Eurofighter from 2000-2009. He is recognised as a leading practitioner in applying formal methods to industrial problems and is also currently a Professor at the department of Computer Science at Oxford University.

11:15

Smart buildings and the Internet of Things require even smarter people

Some buildings are born to smartness, others have smartness thrust upon them but we must not forget that how we secure and run them as users and security people, has to be equally smart. This talk will provide a snapshot look at how smart buildings and the Internet of Things have provided us with a world of opportunity, a potential quadrillion sensors requiring attention and securing and a whole new way to impact our privacy, our work, our homes and our country. Critical National Infrastructure sits among the IoT and supply chains and this talk will also include a look at how that can be impacted too.

Mike Gillespie, Managing Director of Advent IM Ltd

Mike is an information security practitioner and CLAS consultant of many years’ standing and is well versed in the threat to organisational information assets. An active member of the Security Institute since 2008, Mike was voted onto the board of Directors in 2013 and given special responsibility for Cyber Research and Strategy. Additionally he is part of the Institute’s mentoring scheme and a member of the CSCSS Global Cyber Security Select Committee. As a subject matter expert Mike is called upon regularly to speak at events and contribute editorial, most recently for the BBC and The Sunday Times as well as regular industry media.

@Advent_IM_MD, @Advent_IM

11:30

Defending against an Attack of the Drones

4ARMED has undertaken research on consumer drones and identified some of the challenges they present to traditional cyber security defences. By looking at common drone architectures and their weaknesses, this talk will introduce the proof of concept software 4ARMED have developed that, among other things, can take over a drone mid-flight.

Marc Wickenden, Technical Director at 4ARMED

Marc cut his teeth looking after networks and infrastructure for various online financial services companies before venturing into consultancy and ultimately founding 4ARMED. He is a hacker at heart, in the creative sense, and still enjoys rolling his sleeves up with his team and getting under the hood of, well, pretty much anything with a CPU.

 @marcwickenden, @4ARMED

11:45

Securing industrial control / SCADA systems within Critical National Infrastructure

Critical infrastructure, with its complex legacy systems and bolt-on connections to the Internet, sits in a cyber security category of its own. Attacks occupy the boundary between the physical and the cyber-world, and are rapidly increasing in number and complexity. The attacks often focusing on industrial systems, production lines, transport and telecommunications networks, hacking into SCADA systems, sometimes through basic tactics such as spear-phishing or malware, before spreading out to manipulate or even disable the infrastructure. As more of a nation's infrastructure becomes interconnected, so the security of basic services is of paramount importance.

Cevn Vibert, Industrial Cyber Security Consultant and Evangelist

Cevn has over 25 years of experience in Security Solutions, C2, Emergency Management, Industrial Automation and ICS Industrial Information Systems, Manufacturing Production and Industrial Information Solutions, and Critical Infrastructure Protection. Cevn has worked in UK, and places like France, Italy, Norway and Colombia for many systems integrators and blue chip multinationals.

Networking Lunch

Opportunity to tour the exhibition

13:30

The emergent Defensive Cyber Operations challenge

Assimilation and exploitation of nascent technology has been the hallmark for the Royal Air Force since its creation as an independent Service nearly a century ago. With modern Air Forces entering ‘5th generation’ warfare, the information age heralds a wealth of network-enabled capabilities for the warfighter; however, our growing reliance on bulk data capture, processing and dissemination presents operational threats for which we must maintain a robust and comprehensive defensive cyber posture. This presentation outlines the scope of the challenge for the modern Royal Air Force through a Defensive Cyber Operations lens.

Sqn Ldr James Doyle, Officer Commanding 591 Signals Unit, Royal Air Force

Squadron Leader Jim Doyle is a Royal Air Force communications  and electronics engineer whose experience is predominantly in Air Defence Radar and deployed communications information services.  Currently Commanding No. 591 Signal Unit, Jim is charged with developing and delivering a comprehensive defensive cyber strategy for the Royal Air Force.

14:00

Offensive Cyber Security

According to a Wall Street Journal report, at least 29 countries have formal military and intelligence units dedicated to offensive hacking efforts. Unlike nuclear weapons, obtaining cyber weapons is cheaper and easier. To protect themselves from the growing threats of cyber-attacks and to develop sovereign capabilities in cyber-space, the government will invest £1.9 billion over the next five years. This talk will highlight the sophisticated techniques used by state actors to conduct industrial and corporate espionage, and how we might protect against them.

Zubair Khan, CEO of Tranchulas

Zubair has more than a decade of industry experience in assessing and implementing IT security of large enterprises. He has also been actively involved in security and cyber warfare research. Previously he has presented at renowned security conferences including Hack.lu Luxembourg, Hack In The Box Malaysia, ISS World and Infosek Slovenia. He is Honoree for Asia-Pacific Information Security Leadership Achievement Program by (ISC)2. He is CISA, CISM and also ISO27001 Auditor. Zubair holds a bachelor’s degree in Business IT from Curtin University of Technology, Australia.

@zubairkhan, @tranchulas

14:20

Replacing Trust with Proof: why Blockchain is the future of Individual Identity

Blockchain technology offers an opportunity to greatly improve security and privacy, as well as accountability and regulation, of the 7 billion personal identities on the planet. Using proof scoring instead of trust, Vchain provides reliable and trustworthy identification and verification. The technology also helps institutions secure data and ensures airlines (first clients) meet API requirements & The Privacy by Design (Article 23 ) / EU Data Reform Act. This presentation will provide an overview of the current strategy and highlight how this unique blockchain-enabled technology can be deployed in the market place.

Irra Ariella Khi, Co-founder and CEO of Vchain Tech

Irra is a serial entrepreneur based in London, who is obsessed with cyber security and data privacy. She is the co-founder and CEO of VChain, a deep tech company that is developing and patenting a blockchain solution for Digital DNA, to identify each person online and reinvent verification, privacy and trust. Irra speaks 9 languages, and graduated from Oxford University with 1st Class Honours. She is a speaker and mentor at General Assembly, StartUpBootcamp and Oxford Entrepreneurs.

14:35

The Vulnerability of Things

The “things” in the “Internet of Things” are connected embedded devices. As well as traditional IT security risks, there are other security risks associated with these devices and with the whole IoT concept. This talk will be a whistle-stop introduction to: embedded device security and what makes it difficult; why the IoT can be dangerous; why the threat is increasing; and what is being done to improve the security.

Dr Carl Shaw, Co-founder and CEO of MathEmbedded Ltd

Carl Shaw is an embedded systems technical security expert and is a co-founder of MathEmbedded Ltd., a company providing software security consultancy to the global “smart” device market since 2010. He is also co-founder of a new start-up providing hardware security consultancy and embedded system security testing services. He has over 20 years’ experience and has held senior technical positions in the defence and consumer electronics industries.

14:50

Cyber Essentials 2020

A presentation on the future developments of the UK's Cyber Essentials scheme.

CESG Service Owner Industry Schemes Speaker

More details on the day.

Close

4ARMED are an expert provider of technical information security services. They help their clients ensure their information security strategy is both relevant and effective through their holistic, no nonsense approach. Their services include penetration testing, vulnerability scanning, security reviews of IT systems, as well as providing consultancy and training around all aspects of cyber security for your business or organisation. [Stand A7]

Assuria Cyber Security software solutions and Managed Security Services help commercial and public sector organisations, no matter how large or small to defend their information systems, networks, web sites and other internet connected assets from cyber attack and poor cyber security controls. [Stand A2]

@AssuriaLtd

AuraQ is an experienced professional services provider, specialising in the development of process solutions, the management of content and enterprise-wide systems integration. Their team of highly skilled architects and developers provide expertise in Business Process Management (BPM), Business Rules Management (BRMS), Enterprise Content Management (ECM), Customer Relationship Management (CRM) and application Platform as a Service (aPaas) web and mobile applications. [Stand A3]

@AuraQUK

CNS Group is a government accredited company that helps UK organisations of all sizes build cybersecurity capabilities and maintain compliance through practical consulting and managed services. Their services provide protection across an organisation's estate, critical assets, corporate data, remote users, customers and partners alike. They also provide insight and remedy to events impacting your business whilst also maintaining compliance to key standards. [Stand A4]

@CNS_Security

CORVID deliver advanced and innovative IT security, discretely. They provide best-in-class monitoring, intelligence, protection and remediation services. They offer the peace of mind that effective IT security brings to those that do not have the staffing and specialist infrastructure to deliver it themselves. [Stand A5]

CSP consultants have extensive experience in delivering cyber security advice to customers. Whether it be to Government, NHS or commercial clients they have the experience and knowledge to provide value added service that can enable your business for the digital age. CSP consultants are skilled in providing practical risk advice, security architecture definition and review, auditing, compliance and accreditation services in all elements of ICT, including cloud, off shore, near shore and locally hosted infrastructure. [Stand B6]

D-RisQ has built an expert team of consultants, analysts and implementers to “change the way the world develops software” by bringing advanced automated software development tools to safety critical, security critical and business critical systems developers. [Stand B2]

Data2Vault provide a range of data protection solutions all delivered as secure, managed services that are automated, optimised and simplify core IT operations to help drive efficiency and reduce risk. [Stand B1]

@Data2Vault

GardPass Cyber primarily provides cyber security recruitment. It also offers complementary services such as virtual security advisors, security assessment, vetting, speaking at events and coaching/education. [Stand B5]

@Gardpasscyber

GeoLang is a cyber security innovation enterprise based in the heart of Cardiff, South Wales. GeoLang has developed award winning software such as Ascema, helping secure business assets stored within the cloud. The business is going through a rapid expansion to become internationally recognised as the leading cyber security innovators for cloud based technologies. [Stand B7]

@GeoLangLtd

Heart of Worcestershire College is a further and higher education college that offers full time and part time courses in a diverse range of specialist subject areas. They are currently working with Cyber Security Challenge UK and Worcestershire Business Central to create online cyber security qualifications and information for students and SMEs. [Stand A14]

@HOW_College

IASME is one of the four Cyber Essentials accreditation bodies appointed by the UK Government. Together with their Certification Body companies, they can certify you to the Cyber Essentials scheme required for many government tenders. They also offer the IASME Governance standard which, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. [Stand B10]

@IASME1

Institution of Mechanical Engineers works with leading companies, universities, and think tanks to create and share knowledge, fresh thinking and authoritative guidance on all aspects of mechanical engineering. They are active in numerous economically important sectors including aerospace, automotive, railway, biomedical, construction, and energy. [Stand B4]

@IMechE, @IMechE_Worcs

IntaPeople is a specialist recruitment company with genuine and long-standing experience in the IT, technical and cyber security sectors. Established in 1994, they are experts in sourcing high quality candidates for a wide range of permanent, contract and temporary positions across Wales, the UK and Europe. IntaPeople serve companies of all sizes from SME’s to large corporates, providing cyber security professionals to meet their requirements. [Stand B9]

@intapeople

Intelligent Privacy Solutions assists businesses in evaluating their current security solutions. In particular they specialise in Unified Endpoint Management (UEM) so as to better manage an organisation's IT estate and retain control during the relentless and rapid change of devices and their operating systems. [Stand B12]

iOra provide globally trusted solutions: they have built their reputation as the industry standard for the replication and compression of information across challenged and unreliable networks. They are entrusted to move terabytes of data to and from Navy fleets, globally dispersed Armies, Mission Headquarters, Commercial Maritime Operations, Oil & Gas companies and other global operating companies 24/7, 365. [Stand A8]

@iOraLtd

The Malvern Cyber Security Cluster is a group of small / medium cyber security companies centred around Malvern in Worcestershire, cooperating on a range of initiatives to grow their businesses. [Stand C2]

MathEmbedded is a privately owned, independent embedded software cyber security and specialist software development service provider. In particular, they consult on embedded software and security specification,design, architecture and implementation and can systematically review products and systems to identify and fix security problems. [Stand B8]

 @mathembedded

mkryptor is a foolproof secure email system from Fresh Skies Ltd that's simplicity itself to use and it's yours for one single, affordable payment. The solution delivers you peace of mind by ensuring that your confidential information stays that way; it not only lowers your risk of non-compliance to current data protection legislation and upcoming EU data protection changes, but also provides a clear audit trail. [Stand A6]

Modux was founded in 2008, initially delivering research and consultancy services within the UK defence sector. Since then the company has expanded and now employs select security consultants and elite technical experts, each having worked on some of the world’s largest digital security and technology programmes. Modux are a CESG-approved CHECK company and perform penetration testing and security assurance services as part of the government accredited CHECK scheme. [Stand A9]

@moduxlabs

The National Cyber Skills Centre (NCSC) delivers training in direct response to specific identified industry needs, supporting businesses both small and large. In terms of cyber security, the organisation offers a number of courses including training on Cyber Essentials and an introduction to cyber security called Cyber Bytes. [Stand B3]

@CyberSkillsUK

Net Consulting are a leading IT consultancy specialising in Performance Management, Cyber Security and Managed Services. They provide Performance Management that gives actionable insight into network & application performance; Cyber Security that allows for analytics-driven threat detection, proactive monitoring and reflex-like incident response. [Stand B11]

@NetConsulting1

nquiringminds is a British company specialising in Smart Cities, data analytics and Internet of Things. They have two core technology products, the TDX Trusted Data Exchange, a next generation data platform that creates a central view of data and derives intelligence from multiple sources. The second is a sensor hub called InterLiNQ. InterLiNQ securely manages and monitors IOT devices, where devices have low computer power and radios don’t support the IP. Their innovations are award winning and launched in several UK cities. [Stand B16]

@nqminds

Origone has internationally recognized expertise with products and services in Business Intelligence, Telecommunications, Cyber-Security, Cyber Intelligence and High Tech. The company provides governance software tools for businesses as well as solutlions to enhance and organisation's cyber security and cyber intelligence. Origone has a presence in various worldwide locations including London, Paris, Washington, Tel Aviv and New Delhi. [Stand A10]

@origoneltd

Pervade Software is the UK-based creator of OpViewTM and OpAuditTM. The company is a privately funded software vendor with strong roots in the capital of Wales. OpViewTM can collect, correlate and display every data type and OpAuditTM can track both technical and manual compliance evidence, all in a single configurable system. [Stand B13]

@PervadeSoftware

PGI aims to tackle the threats faced by organisations both large and small as well as governments. From cybersecurity services to business intelligence, our team of world-class experts helps reduce the risks to your finances, physical assets and most importantly of all people. [Stand A11]

@ProtectionGIntl

Risk-X is a global provider of practical and effective Governance, Risk, Training, Audit, Advisory and Assurance services and solutions. Their forensic division delivers a full spectrum of incident response services from mobile device and cell-site analysis to full-blown breach investigations, litigation support, crime and fraud investigation capability to private and public sector clients. [Stand A12]

@RiskX_UK

Surevine provide secure, scalable collaboration solutions developed especially for organisations with the most demanding security requirements. One example is Threatvine, a cyber-security information sharing platform designed for secure cross-organisational collaboration and collaborative intelligence analysis. [Stand A13]

@surevine

Sutcliffe & Co provide honest, impartial insurance advice, a personal and professional service and quality insurance at competitive premiums. In addition to business liability, directors, and premises insurance, Sutcliffe & Co can provide Cyber Liability insurance. [Stand B10]

@sutcliffeCo

Titania specialises in developing commercial software packages to enable organisations, auditors and consultants to undertake their own cyber security auditing and testing quickly and at low cost. [Stand A16]

@TitaniaLimited

Tranchulas are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services. The company’s elite team of security experts employs the latest threat intelligence and advanced countermeasures to help build effective security design that protects and enhances business operations. [Stand A15]

@tranchulas

The UK Cyber Security Forum represents small medium enterprises who are actively working in cyber security across the UK, helping to set up informal local "Clusters" for the industry. With over 500 SME members, the forum provides a collaboration portal, industry news and business opportunities both in the UK and overseas. [Stand C2]

@UKcyberforum

The Wyche Innovation Centre is a business accelerator and technology incubator situated in an Area of Outstanding Natural Beauty on the side of the Malvern Hills in the heart of the UK's Cyber Valley. It is home to over 40 businesses & organisations, including companies involved in the cyber security sector, operating from serviced offices, hot desks or as a virtual office. [Stand C3]

@WycheInnovation

X Kommunications is an independent, dynamic and expanding service provider with the aim of providing clients with true excellence in telecommunication products and services, including mobile connectivity, VOIP, broadband services and XDSL. [Stand A1]

 @XKomms