I mentioned in my blog about CyberUK In Practice 2017 that I personally dislike cyber security conferences that major on the doom and gloom of the threat landscape. You can all too quickly reach the conclusion that the Internet is chock full of APTs and that the only safe computer is one that's turned off, stored in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard'.
That's not an approach we like at the NCSC, and so it took very little persuading for us to convince Harry, one of our lead penetration testers, to put together a track that covers cyber threats - but in the right way - for CyberUK In Practice. Harry's done a great job, and has got some fantastic speakers to join us in Track 1.
The first session with be Chris from the NCSC, who will be discussing cyber threat intelligence, cutting through the myth and misunderstanding, and discussing how structured threat intelligence can help our organisations stay on-top of the latest problems.
After lunch, Harry has put together a double session. Firstly, we're pleased to welcome Katie, CEO of Luta Security, who will be talking about how to manage vulnerability disclosure activities. Then in the second thirty minutes, Dave from MWR will be talking about honeypots, and the latest thinking on them. Dave will discuss how they can help - and hinder - an organisation's defensive posture, and the ways to get the best from them.
The final track session of the day will be Pete from Pavisade, who will be discussing Active Cyber Defence, and some of the challenges organisations can hit when implementing their own defensive programmes. Just how active can you go?
On the second day of In Practice, Track 1 kicks off with another double session. Maddy from our assurance team will be talking about the work she's led on to refresh the Cyber Essentials standard, and what it means for organisations that are considering using this - both in terms of implementing it, as well as using it in your procurement and supply chain. Then Mark from Cabinet Office will be updating everyone on the changes to the Public Services Network (PSN), how assurance for PSN is changing, and what this means for the public sector.
The final session of Track 1 will be Neil talking about how to build an enterprise-scale vulnerability assessment capability, and the challenges that organisations can experience along the way. This should be a great way to wrap up this fascinating track before we close the event with our final plenary keynote session.
I look forward to welcoming you all to CyberUK In Practice!
Technical Director for Assurance