Thursday 27 March, Edinburgh International Conference Centre (EICC)

​

BREAKFAST BRIEFING

08:20    Securing IT Admin Identities: Balancing Access, Security & Productivity in a Hybrid World

​

• Why IT administrators are a primary target for cyberattacks

• How Privileged Access Management (PAM) strengthens IAM strategies

• The power of least privilege & just-in-time (JIT) access for IT admins

• Automating privilege elevation to enhance security without slowing IT teams down

• Practical strategies to eliminate password sprawl & standing privileges

​​

Scott Shields, Enterprise Sales Engineer, Northern Europe, Delinea

​

08:50   End of Breakfast Briefing

​

SESSION 1

The opening session will contextualise the threat landscape in 2025, and consider proactive steps that security leaders can take. We will look at building internal resilience, enhancing incident response methodology, and improving risk management.

​

​09:15    Welcome from the Conference Chair

​

Mark Stephen, Journalist & Broadcaster, BBC Scotland

09:25    Facing the Threat Landscape and Building Resilience in 2025

​

• Understanding the threat landscape in Scotland

• Proactive strategic measures for organisations

• Building cyber resilience  

• The human factor and cybersecurity culture 

• Leveraging technology    

• Future-proofing cybersecurity strategy  

​

Heather Lowrie, CISO & Security Advisor

09:50   How NOT to Do Incident Response: Notes from the Field 

​

• It's not IF but WHEN a security incident will happen - Yet organisations are still not prepared

• Current threat landscape and what's changed over the years 

• How this has impacted Incident Response

• What you as an organisation can do to prepare for those worst-case scenarios

• Recommendations and suggested immediate actions

​

Lesley Kipling, Chief Security Advisor, Microsoft

10:15    Improving the Way We Evaluate and Manage Risk

​

• Understanding risk

• Increasing our visibility of risk across the organisation

• Improving the way security teams communicate risk

• Increasing engagement with senior stakeholders

​

Nick Palmer, European SME, Censys

​

10:35    Combined Q&A​​

​

11:00    Networking & Refreshments

SESSION 2

Session 2 will explore a series of key topics with a longer presentation format. The session will be run in a breakout format across four parallel streams, providing delegates the opportunity to attend two options live.

#

11:35    First Breakout Option (A-D)

12:10    Transition

12:20    Second Breakout Option (E-H)

Breakout options include

​

A. The Human Factor in Cyber Risk: Rethinking Control Effectiveness​

​

• Rethinking the human factor, including the human in our risk equations. 

• Background on purpose of the research. Measuring the human factor in control effectiveness. How we can integrate human factors into risk assessments. 

• The human factor in control effectiveness:  exploring the interplay between cognitive load, behavioural economics and security compliance and how we can measure the friction. 

• Security as a socio technical system: exploring  how user friction impacts security efficacy and why a purely technical approach is insufficient. ​

 

Eleanor Sim, Chief Security Architect, Bupa

B. Responding to Cybercrime: Improving Insight and Intelligence through Reporting 

​

• What we do within the Cybercrime Investigations team

• Reasons for reporting: the value of improving shared intelligence

• Current cybercrime trends and insights

• Police Cyber Alarm: A new toolset to help with monitoring and detection

​

DC Kelly Thorburn, Specialist Crime Division: Cybercrime Investigations, Police Scotland

C. Cyber Strategies to Help Navigate the Security Landscape in 2025
 ​

• The role threat intelligence can play in helping to safeguard your organisation

• Exploring the leading cyber threats and the evolving security landscape

• Priority areas to improve organisational resilience and hygiene

• Combatting leadership fatigue through better awareness

• Supporting strategies: Investment, OSINT tooling, upskilling / certification

​

Alexandra Forsyth, Threat Intelligence Analyst & Researcher

​

D. Droplet NeverTrust™ - Security Beyond Identity

​

• Preventing Identity Theft with Droplet NeverTrust™ Containers

• NeverTrust™ Application Delivery - When Zero-Trust isn’t enough

• Mitigating The Security and Compliance Risks around Legacy Software

• Secure and Futureproof Your Operational Technology Software

​

Barry Daniels, COO, Droplet NeverTrust™

​​

​12:10    Transition

​

12:20    Second Breakout Option (E-H)

​

E. Rise of the Machines – The Hidden Risk in Your Identity Strategy

​

• Machine Identity Threats – Machine IDs now far outnumber human accounts, yet they remain overlooked, unmanaged, and vulnerable.

• Exploited in Attacks – Major supply chain breaches have used non-human identities to bypass security undetected.

• Hidden Access Risks – Users unknowingly create privilege pathways that grant unintended third-party access.

• Take Back Control – Learn why machine identities are your biggest blind spot and how to secure them effectively.​

 

Chris Owen, Managing Director, dotnext Europe

​

F. Managing the Associated Complexities of Executive Targeting, as the Threat Landscape Evolves​

​

• Key facets of executive protection within the evolving cyber threat landscape

• How to strengthen your security posture leveraging cyber intelligence

• Strategies towards mitigating potential exposures

• How combining tactical insights with a strategic approach to understanding the threat landscape can enhance your executive security program

​

Robeson Jennings, Vice President, Services & Analysis in Services, ZeroFox

​

​G. Real-World Threats: Beyond the Headlines​

​

• Large-scale attacks dominate threat intelligence, but everyday organizations face significant threats too.

• This talk explores real incidents managed by the Barrier SOC, detailing their progression and overlooked signs.

• Lessons learned will highlight key takeaways for defenders to improve detection and response.

• Attendees will gain practical insights and a fresh perspective on common security threats.

 

Ryan McConechy, Chief Technology Officer, Barrier Networks

​

H. Bridging the IT-OT Cyber Skills Gap: Upskilling the Workforce

 

• ​Why securing industrial control systems requires a different approach from traditional IT security; identifying key barriers that organisations face in upskilling their workforce.

• Examine the cultural, technical, and training divides that slow progress in OT security

• Discuss practical strategies for building the right skills across different roles using real-world security risks. 

• Why OT is an increasing target for cyber threats, and how companies can better prepare.

• Actionable recommendations for developing sustainable security capabilities. 

​

Sam Maesschalck, Lead OT Cyber Security Engineer, Immersive​​

- Actionable recommendations for developing sustainable security capabilities. 

12:50    Lunch and Networking

​

​

SESSION 3 

The afternoon session will examine how to manage the increasing complexity of business risk against a backdrop of technological evolution and geo-political change. We will look at how to prepare and respond to new advancements in areas like AI and Quantum; how to approach governance considerations and internal guidelines, and how to improve your ability to cope more effectively with constant change.
​

13:40    Breakout Selection I - K

​

Options include

​

I. Emerging Tech: Cyber and Finance

​

• Transformative Technologies that will Dominate the 4th Industrial Revolution

• AI and Financial Services

• Case Studies: 1. Quantum Computing, 2. Web3 Blockchain, 3. Data Science & Anomaly Detection, 4. Confidential Computing

• Predictions for 2025

​

Derek Whigham, CPO: Chief Security Office, Lloyds Banking Group

​

J. Security & AI: Do We Really Need New Governance? 

​

• Culture change, awareness, and shadow AI

• Suppliers using AI: What you need to ask your vendors and why

• Developing AI: Considerations to maximise the benefits while minimising the harm

• We already have some good tools and process: we just need to know how to apply it to AI

​

Rachel Close, Senior Responsible AI Manager: Data Governance, BBC

​

K. Enter the Dragon: A look at Geopolitical Challenge and the Future of Cyber

 

• China's Cyber Landscape: Cultural context, state actor organizations, why culture is critical to geopolitics and cyber

• Space technology: Why space technology is important, future opportunities, the role of Scotland

• Emerging Threats: Satellite security, supply chain vulnerabilities, the evolving nature of phishing campaigns & AI

• Advanced Persistent Threat: Analysis of APTs that are currently operating and how it affects the threat landscape

• How you can evaluate and mature your defence, and an opportunity to participate in threat informed defence research to ensure your cyber resilience

​

James Kwaan, Sr Cyber Manager & Chapter President, ISC2

​

14:15    Transition to Main Hall

14:20    AI and Cybersecurity: A Risk or an Opportunity?

 

• Showcasing the use of LLMs towards text, image, video and sound generation

• Defining how LLM (Large Language Models) work and how they are applied to cybersecurity

• Outline the current threat landscape of the application of AI into cybersecurity

• Defining the key issues related to AI that affect performance and accuracy

• Defining the move towards AGI (Artificial General Intelligence) and The Singularity

• Outlining the rise of agent-based AI and Advanced Persistent Threats with AI

​

Bill Buchanan OBE, Professor of Applied Cryptography, Edinburgh Napier University

14:45   Combined Q&A

​​​​

15:15    Closing Remarks

15:20    End of Session

​

15:20    Networking & Drinks Reception

16:00    End of Summit

*The conference agenda is provisional and subject to change