​SESSION 1

The morning session will contextualise key factors shaping the threat landscape. We will look at the national cybersecurity posture, the opportunities and risks posed by AI, and consider the importance of strong identity controls and adaptive strategies for protecting critical systems.

​

09:15    Welcome and Introduction

​​

Mark Stephen, Journalist & Broadcaster, BBC

​​

09:25    Threat Level Cymru: A Data Driven View of the Current Cyber Posture in Wales

​

​•    Mapping the Threat Landscape in Wales: What the data shows about breaches of Welsh assets.
•    Sectoral Hotspots & Trends: Which industries are most at risk and how attack focus is shifting
•    Common Misconfigurations & Exposures: Recurring weaknesses leaving Welsh organisations vulnerable
•    Actionable Insights: What leaders can do today to strengthen resilience and reduce Wales’ cyber risk
​​​

Darren Kingsnorth, Head of Threat Intelligence and Analytics, Admiral Group 

​

09:50    Understanding the Security Implications of AI​​

​

​•    Ever been asked “What are we doing about AI?” – implying both adoption and risk? The Explosion of interest in LLMs has led to keen interest in security and ethical considerations
•    AI opportunities: Where AI shines in security applications, where it’s limited and what might be next  
•    Working across teams on AI cyber risks: risk frameworks, balancing innovation and secure-by-design and getting ahead of the technology roadmap by marrying up strategy with governance 
•    What can all the responsible AI advice do for you? Managing stakeholders and supply chains across regulation, governance and standards.

​

Matilda Rhode, Head of Security Operations, Dŵr Cymru Welsh Water

​

10:15    The Future of Defence: Managed Security Leadership in an Era of Unprecedented Cyber Threats

​​​​​

•    Traditional cyber security tools cannot keep up with today’s threats.
•    We will explore why layered products fail – and how a unified platform, built on zero trust, least privilege and AI-powered automation, redefines modern defence
•    Learn how seamless access control, real-time threat response and machine-level protection come together to secure every user, device and session. 
 

Martin Sawczyn, Security Engineer, Keeper Security Inc

​

10:35   Combined Q&A​

11:00    Refreshments & Networking

SESSION 2

Session 2 will explore a series of key topics in a longer presentation format. The session will be run in a breakout format across three parallel streams, providing delegates the opportunity to attend two options.

​

11:35    First Breakout (Choose from A-C)​​

​

A.   Hacking Hard Disks: Problems with Computer Forensics

​

•    The limitations of the current best practice in the area of computer forensics 
•    Examining international standards and how they define best practice
•    limitations and assumptions and how these can be broken in relation to data smuggling and data hiding
•    Proposing amendments to the forensic process that can help address these shortcomings
​​​

Dr Andrew Blyth, Senior Penetration Tester, Tandem

​

B.   Using an Attack Mindset as a Key Defence Mechanism

​

•    The value of learning from attackers
•    An overview of our strategy for hardening our environment
•    How we detect early kill chain stages and validate effectiveness of defences / toolsets
•    Successful strategies to identify & stop third-party red teams during blind engagements 
•    Native configurations to create 'quick wins' that improve security posture

​

Peter Clayton, Sr Vulnerability Management Engineer, Next​

​

C.   Route to Compromise: OT & Third-Party Vulnerabilities​​

​

•    An overview of current attackers and offensive strategies
•    Exploring these against last and recent incidents
•    Ending with a reflection on key observations over the years

​

Dr Nia Evans, Senior Manager: Ethical Hacking, PwC 

​​

12:10    Transition

​12:15    Second Breakout (Choose from D or E)

​

D.   The Overlooked Threat: Why Mobile Devices Are Your Weakest Link​​​

​

•    A day in the life of your mobile device and where to spot the attacks
•    How mobile device activity serves as early warning signs for broader, organisation-wide attacks
•    Where modern mobile ecosystems fall short, and how adversaries are exploiting those vulnerabilities
•    What real-world data reveals about mobile phishing, malware, misconfigurations, and emerging threats

​

Michael Simpson, Senior Solution Engineer, Lookout

​​

E.   Threat Briefing: Inside the Crowdstrike 2025 Threat Hunt Report​​​

 

•    Why most traditional tools miss today's attacks
•    How AI is fuelling a wave of social engineering attacks
•    Why cross-domain visibility is now essential
•    How adversaries are conducting intrusions at machine speed
 

Céleste Manenc, Sales Engineer, Crowdstrike​

​

12:45    Lunch & Networking

​

​

SESSION 3

Against a backdrop of constant change and increasing sophistication of threats, the afternoon session will look at proactive ways to improve the effectiveness of the security function. We will consider the role that AI can play in real-world defence; discuss how leaders can help their organisations navigate change, and explore how to support upskilling and security awareness.

​

13:35     Beyond the Feed: AI-Powered Threat Intelligence for Real-World Defence​​

​​

•    Threat intelligence often suffers from being reactive, siloed, or disconnected from strategy
•    Intelligence feeds don’t stop attacks - what matters is how they are translated into action
•    Going beyond the endless stream of indicators to see how to operationalise threat intelligence 
•    How to align intelligence workflows with IR, vulnerability management, and SOC playbooks
•    How artificial intelligence and machine learning are accelerating this process
•    Real-world use cases - how AI-powered threat intelligence moves from theory to practice 
 

Sophia McCall, Senior Threat Intelligence Analyst & Co-Founder Security Queens​

​

​14:00    The Squid that Lost its Shell: The Evolution of Security

​

• De-perimiterisation: the removal of boundaries between our organisation and the outside world

• The implications: every app and service now needs to defend itself

• Evolve of die: zero trust can reinstate access but doesn’t fix evolutionary forces

• Todays challenge: misaligned incentives, disordered response, information asymmetry

• Exposure: the goals is secure by demand, design, and default

• Intelligent sense making: act on the context to stabilise, react, and respond

 

Simon Goldsmith, CISO, OVO

​

14:25    Combined Q&A

​

14:40    Panel Discussion: The Human Factor - Improving Skills, Performance & Awareness

​

Clare Johnson, Head of Capability, ITSUS Consulting & Founder, Women in Cyber Unlimited
Neil Cordell, CISO, Swansea University
Kate Lloyd, Cyber Protect Lead for Wales, Tarian Regional Cyber Crime Team 
Natasha Armstrong-Godwin, Security Engineer, Electronic Arts

Sophia McCall, Senior Threat Intelligence Analyst & Co-Founder Security Queens

​

15:15    Closing Remarks

15:20   Close of Session

 

​
Networking Drinks Reception

​

15:20    Networking & Drinks Reception

16:30    Close of Conference​

 

*The conference agenda is provisional and subject to change.