Why do so many cybersecurity and technology transformation programmes fail? Not because of the tools. Not because of the people. But because change isn’t managed properly. Cyber transformation is rarely a technology problem. It’s a change management challenge.

In this high-energy keynote, Gurps Khaira draws a powerful and unexpected parallel between fitness modelling and implementing cyber technologies and large-scale transformation programmes through disciplined, structured change. Just as real physical results aren’t built through crash diets, sustainable cyber change isn’t delivered through one-off training sessions, policies, or awareness campaigns. Lasting transformation comes from clear direction, consistent leadership, structured frameworks, and repeatable routines.

Blending lessons from the gym, global banking, and complex enterprise change programmes, this keynote introduces Gurps’ 4D Delivery Discipline: Decide, Define, Do, Done, a practical approach that helps leaders move from intent to execution, embed new ways of working, and sustain momentum across cyber and technology initiatives. Packed with humour, real-world stories, and practical takeaways, this keynote treats cyber transformation like a training programme, building stronger habits, disciplined execution, and measurable results one rep at a time. Gurps will also surprise attendees with a ready-to-use toolkit of proven tools and templates to help them stay on track, measure progress, and deliver results long after the session ends.

Tell people not to click a link, pat each other on the back, and ride off into the sunset. If only security awareness training was that simple.

In this session, Javvad Malik, Lead CISO Advisor for KnowBe4, will explain how to take your security awareness to the next level and prevent it from going stale. Changing behaviours and creating a culture of security can only be achieved by adopting the right mindset and techniques.

In this session you will learn:

- Why you need to brand the security department the right way

- The psychological approach to getting your message across

- Practical advice on building a strong security culture

Geopolitical volatility, increased digital interconnectivity, more frequent technology related disruptions, and subsequent regulatory focus has now become a boardroom imperative. Declan Burke draws on lived experience to explore how leaders can move beyond traditional technical defence and ‘cyber security’ thinking and reimagine themselves as ‘enterprise resilience’ business leaders; embedding trust, preparedness, and strategic value into their organisations. A must-attend for anyone seeking to elevate their role, emerge stronger after a crisis and help their organisations achieve competitive advantage.

Identity threats now span humans, AI agents, and service accounts. This blueprint covers the four pillars protecting human identities (ISPM, ITDR, IGA, PAM) and how the same principles apply to non-human identities. Discover how unified governance reduces MTTR, improves audit readiness, and transforms identity from compliance checkbox to active defense.

Click here to see the full schedule of streams on offer

Traditional backup is no longer enough; in an era of aggressive ransomware, organisations need rapid recovery and absolute confidence. In this session, Druva explores the critical shift from legacy backup to true cyber resilience. We can demonstrate why on-premise tools struggle to protect modern hybrid environments and how a 100% SaaS, cloud-native approach eliminates hardware complexity while ensuring immutable, air-gapped security. Discover how to unify protection across cloud workloads, SaaS applications like Microsoft 365, endpoints, and data centres- empowering your team to focus less on managing infrastructure and more on delivering clean, rapid recovery when it matters most.

Modern Managed Detection and Response (MDR) is no longer just about alerting and reacting — it’s about staying ahead of the adversary. To achieve that, leading MDR programs now embed Continuous Threat Exposure Management (CTEM) as a strategic capability.

CTEM transforms MDR into a living, adaptive system that continuously aligns detection and response to the organization’s real exposures. It does so through three foundational pillars:

1. Threats – Focus on What Matters Most Continuous correlation between threat intelligence and the organization’s environment ensures teams prioritize realistic adversary behaviors, not hypothetical risks.

2. Defenses – Proactive & Offensive Validation By embedding attack simulations and control validation, CTEM verifies whether defenses truly work against current TTPs, exposing gaps before attackers exploit them.

3. Attack Surface – Visibility & Context Continuous asset discovery and contextual tagging deliver full environmental awareness — showing what is exposed, why it matters, and how it connects to business processes. When these three streams converge, MDR evolves from a reactive detection service into a proactive exposure-management partner — continuously validating both the threat landscape and defensive readiness.

Key Takeaway of this Session: “CTEM turns MDR from a 24/7 monitoring service into a continuous readiness program.”

Jake will delve into the darker, more controversial aspects of facial recognition technology, exposing its unsettling potential. He'll unveil cutting-edge glasses capable of real-time identification, allowing you to discover someone's identity with nothing more than a glance. But it doesn't stop there - Jake will also demonstrate how AI can be used to outsmart these systems, revealing how he successfully bypassed a bank’s supposedly secure facial recognition system using nothing but freely available software. For the grand finale, Jake will prove Mission Impossible is now possible by pushing the boundaries even further. He’ll add himself to a high-security watchlist of known suspects - only to walk straight past the system undetected with the use of AI, proving just how vulnerable and exploitable this technology truly is.

Overview coming soon

Cyber risk is often assessed with confidence but little clarity. This session examines how unconscious bias, qualitative scoring, and traditional risk matrices distort decision-making and obscure what truly matters to the business. Through practical examples, Jonathan challenges “High/Medium/Low” thinking and introduces pragmatic ways to frame cyber risk in probabilistic and financial terms, enabling clearer prioritisation, more meaningful comparisons, and more effective executive communication.

Overview coming soon

Join cyber security leader Purvi Kay in an engaging fireside chat with Jason Manford.

This promises to be a session not to be missed