The programme
08:30
Registration & Networking
Registration - Open from 8:30 am - Closes at 11:00 am
All delegates must complete their registration process before the 11:00 AM cut-off time. Please arrive in a timely manner to allow for registration and to avoid any inconvenience. Delegates who arrive after the registration deadline will be refused entry to the event.
We appreciate your cooperation in helping us maintain the event's schedule and ensuring that everyone can fully participate in the Conference. If you have any questions or require assistance, our event staff will be available to assist you with the registration process.
Thank you for your understanding, and we look forward to an insightful and productive event together!
09:30
Chair Opening Address (Confirmed)
Bharat Thakrar
CISO
CyberBTX
Chair Opening Address (Confirmed)
09:40
Keynote Presentation - Mark Dimock, Cyber Security Lead for the East of England and Chair of the NHS England Armed Forces Staff Network, NHS England (Invited)
Cybersecurity in the NHS: A People-First Approach to Building Resilience
Session Overview:
Cybersecurity isn’t just about tools and technology—it’s about people. In this session, Mark Dimock, Cyber Security Lead for the East of England, will explore how focusing on people and culture can strengthen cyber resilience across the NHS.
With extensive experience in building cyber teams, reducing friction between security and operations, and shaping the NHS Cyber Profession Framework, Mark will discuss:
- Getting the Right People into Cyber – Insights into career pathways, skills development, and how to make cyber more accessible across the NHS.
- Security vs. Operations: Finding the Balance – How NHS organisations can reduce friction between security requirements and operational needs without compromising efficiency.
- Real-World Cyber Challenges – A look at practical issues faced by NHS teams in the East of England and how local organisations are tackling them.
- Collaboration & Knowledge Sharing – Why working together across regional teams is key to strengthening security at every level.
- Beyond Textbooks: A Practical Approach to Cyber – Moving away from rigid frameworks and focusing on real-world solutions that work in practice.
This interactive session will provide a practical, people-focused perspective on NHS cybersecurity, with plenty of opportunity for discussion and real-world insights.
10:00
Navigating the Cyber Threat Landscape: Challenges and Best Practices in NHS Cyber Security Panel Discussion
Lee Rickles
Director and Chief Information Officer
Yorkshire & Humber
Steven Furnell
Professor of Cyber Security
University of Nottingham
Overview:
This opening session addresses the increasing complexities and challenges facing the NHS in its cyber defence efforts. Panellists, including experts in healthcare IT and cybersecurity, will explore vulnerabilities within legacy systems, emerging technologies, and the recent surge in sophisticated attacks like ransomware-as-a-service (RaaS) and supply chain intrusions.
Key discussions will focus on lessons learned from recent incidents, approaches to predictive threat modelling, and best practices to enhance NHS cybersecurity resilience. Attendees will gain insights into developing a proactive approach to cyber threats that is responsive to both immediate and long-term risks.
Panellists:
- Tej Gudka Head of Cybersecurity, NHS Arden & GEM Commissioning Support Unit (Invited)
- Lee Rickles, Director and Chief Information Officer, Yorkshire & Humber (Confirmed)
- Mark Dimock, Cyber Security Lead for the East of England and Chair of the NHS England Armed Forces Staff Network, NHS England (Invited)
- Steven Furnell, Professor of Cyber Security at the University of Nottingham (Confirmed)
- ManageEngine Panellist Speaker TBC
10:30
Main Sponsor - Know Your Adversary - The Value in Threat Intelligence and Posture Management in the NHS
Kostandino Kustas
Sales Engineer
CrowdStrike
Main Sponsor - Crowdstrike
In an era of escalating cyber threats to healthcare, how can the NHS stay ahead in protecting patient data and critical services? With recent cyber incidents targeting UK healthcare organisations and growing concerns about AI-powered attacks, it's crucial to deeply understand your adversaries and their evolving tactics.
This session focuses on proactive cybersecurity strategies, emphasising the identification of emerging cyber threats specific to healthcare. We'll explore how to recognise and anticipate new attack vectors that target the unique vulnerabilities of medical systems and patient data. Additionally, we'll delve into leveraging advanced posture management tools to fortify cloud and on-prem defences, demonstrating how these technologies can provide a comprehensive view of your organisation’s security landscape and help prioritise remediation efforts.
Join us to learn how the value of knowing your adversary can transform your approach to cybersecurity with stakeholders, ensuring the continued protection of vital NHS services and patient trust in an increasingly complex threat landscape.
10:50
Morning Break & Networking
Morning Break & Networking
11:50
Chair Morning Reflection (Confirmed)
Bharat Thakrar
CISO
CyberBTX
Chair Morning Reflection (Confirmed)
11:55
Case Study - A consolidated ecosystem approach to compliancy
Jason Cohen
Account Director
boxxe
Daniel Kendall
Principal System Engineer
Fortinet
Case Study - boxxe
In September 2024 the DSPT changed to adopt the National Cyber Security Centre’s Cyber Assessment Framework (CAF) as its basis for cyber security and IG assurance. During this session, boxxe and Fortinet will describe how a consolidated approach to a cyber-ecosystem helps organisations to achieve, maintain and improve their cyber posture. Enabling better outcomes through simplification, integration, and the resulting operational efficiencies.
12:15
Case Study - Stratodesk NoTouch: Secure, Sustainable OS & Management for VDI Endpoints in Healthcare
Paul Craddock
Global Solution Architect -
Stratodesk
Case Study - StratoDesk Software
Learn how Stratodesk can help secure vulnerable Windows endpoints by repurposing them with Stratodesk NoTouch, a fully managed secure Linux based operating system.
12:35
Interview session - The Next generation of CISO – What should the Executive Board look for in this crucial appointment? (Confirmed)
Azeem Bashir
Group Chief Information & Security Officer - CIO\CISO - President - Chair - Cyber Committee Member for EMEA & Asia-PAC -
Hamilton Group
The lasting effects of the global economic downturn have also forced many organisations to introduce significant efficiencies in their operations. This means businesses are now far more likely to adopt new technologies or approaches that reduce costs, irrespective of the risks they might introduce. And too often, businesses still lack a dedicated, board-level owner of cyber security and risk management who is engaged in the overall strategy of the business.
Organisations must move quickly to understand and manage fast-changing cyber and other social media threats, or risk being caught out. Equally, managing these new cyber opportunities and risks can bring benefits in innovation, productivity, competitiveness and customer engagement.
One answer to this is to implement a next-generation chief information security officer (CISO). Building on the traditional skills of information security officers, next-generation CISOs have a wide skillset that includes an understanding of cyber security and risk management, as well as an ability to communicate at C-suite level.
Traditional Chief Information Security Officer skills are no longer enough!
Of course, the basics remain the same: information security (IS), information risk management (IRM), data protection and classification, and oversight of audits, governance and compliance, as well as technical, operational, legal and regulatory risks. But the basics are no longer enough.
Too many businesses are leaving themselves vulnerable to today’s cyber security threats by relying on an outdated structure that includes a traditional information security risk manager typically reporting to the chief information officer. With cyber threats growing daily, a dedicated owner of cyber security and information risk management at board level is now vital.
The business and threat landscape is changing rapidly, and organisations that don’t keep up are at serious financial, reputational, legal and regulatory risk.
Ultimately, the boards will be held accountable.
12:55
Case Study - Why Legacy Architecture is No Longer Fit for Purpose in a Modern Digital NHS
Mike Culshaw
Security Specialist
Zscaler
Case Study - Zscaler
Reliance on outdated legacy systems is increasingly untenable in today’s digital age. This session will explore why legacy architecture is no longer sufficient and how it can heighten security risks. Using lessons from real world examples including ransomware attacks such as WannaCry, we’ll highlight the limits of patching, and why VPNs and their daily CVEs continue to expose NHS networks to threats. Additionally, we’ll examine the dangers of lateral movement between interconnected NHS trusts and why this sharing of data might increase vulnerability. Attendees will leave with actionable insights on modernizing IT infrastructure to reduce these risks and better secure the future of digital healthcare using zero trust principles.
The session will include a memorable interactive segment!
14:00
Chair Afternoon Address (Confirmed)
Bharat Thakrar
CISO
CyberBTX
Chair Afternoon Address (Confirmed)
14:05
Case Study - Enhancing NHS Identity Access Management: Extending MFA & IAM to Legacy Systems and non-human identities for CAF Compliance
Josh Neame
Chief Technology Officer
BlueFort Security Ltd
Peter Batchelor
Regional Sales Director
Silverfort
Case Study - BlueFort Security
Join BlueFort Security and Silverfort for an insightful session on how their partnership can and has greatly assisted the NHS in navigating the complexities of MFA and IAM requirements outlined in the NCSC Cyber Assessment Framework (CAF) . The session will also showcase how Silverfort was successfully deployed into a large London based NHS Trust in January 2025 to meet CAF compliance. Finally, we will discuss how BlueFort Security, as Silverfort’s premier partner, ensures expert deployment, configuration, and ongoing optimisation to maximize the technology’s value, thereby strengthening the NHS’s overall security resilience.
14:25
Keynote Presentation - Securing a Cloud-Based Internet-Facing Shared Care Record to Keep 8 Million Patient Records Safe (Confirmed)
Lee Rickles
Director and Chief Information Officer
Yorkshire & Humber
Ian Clucas
Deputy CIO
Interweave
With healthcare systems increasingly relying on cloud-based shared care records, ensuring robust security is critical. This session explores the challenges and solutions for protecting an internet-facing platform holding 8 million patient records. Topics include Zero Trust Architecture, encryption, identity and access management, real-time threat detection, and compliance with NHS DSPT and GDPR. Learn how multi-layered security strategies can mitigate cyber threats, prevent breaches, and ensure safe, compliant data sharing. Join us to gain insights from industry experts on building a resilient, secure system that safeguards patient confidentiality while enabling seamless care coordination across healthcare providers.
14:45
Case Study - Building Cyber Resilience in the NHS: Compliance, Risk, and Security with Heimdal
Morten Kjaersgaard
Chairman and Founder
Heimdal®
Case Study - Heimdal
The NHS faces an ever-growing cyber threat landscape, where compliance, risk management, and security must work together to ensure operational resilience. In this session, we explore how NHS organizations can move beyond reactive cybersecurity strategies and embrace a proactive, unified approach with Heimdal.
We will delve into real-world case studies, including insights from Heimdal’s founder, Morten Kjaersgaard, to showcase how healthcare institutions have successfully defended against ransomware, mitigated security risks, and strengthened compliance with frameworks like Cyber Essentials, CAF and NIS2.
Join us to discover how Heimdal empowers NHS IT and security teams to enhance cyber resilience, reduce alert fatigue, and take decisive action against evolving threats—without disrupting critical patient care.
15:05
Closing Panel Debate: Building Resilience: Incident Response and Resilience Planning in the NHS
Steven Furnell
Professor of Cyber Security
University of Nottingham
Overview:
This final session brings together a panel of cybersecurity leaders to discuss the crucial topic of incident response and resilience planning within the NHS. As cyber threats continue to evolve, the NHS must be prepared with robust frameworks for rapid detection, containment, and recovery.
This debate will cover the essential elements of an effective incident response plan, including prioritising patient safety, minimising operational disruptions, and collaborating with third-party vendors to enhance resilience. Attendees will gain a deeper understanding of the strategies and tools that can help the NHS remain resilient against future cyber threats.
Panellists:
- Dr. Shahrzad Zargari, Principal Lecturer and Cyber Security & Forensics Subject Group Lead at Sheffield Hallam University. (Invited)
- Dr Saif Abed, Medical Doctor | Cybersecurity Expert | AI Risk Management | Expert Witness | The AbedGraham Group | European Commission | World Health Organisation (Invited)
- Steven Furnell, Professor of Cyber Security at the University of Nottingham (Confirmed)
