The programme
08:20
Registration & Networking
Registration - Open from 8:20 am - Closes at 11:00 am
All delegates must complete their registration process before the 11:00 AM cut-off time. Please arrive in a timely manner to allow for registration and to avoid any inconvenience. Delegates who arrive after the registration deadline will be refused entry to the event.
We appreciate your cooperation in helping us maintain the event's schedule and ensuring that everyone can fully participate in the conference. If you have any questions or require assistance, our event staff will be available to assist you with the registration process.
Thank you for your understanding, and we look forward to an insightful and productive event together!
09:20
Chair Opening Address (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Opening Address
Setting the tone for a skills-first day on cyber resilience.
09:30
Leadership Lessons from the Frontline - Ransomware in Healthcare: What It Is and How the CAF Helps Us Defend Against It (Confirmed)
Barry Richardson
Head of Cyber Security and Information Security
NHS Blood and Transplant
Session Overview:
The presentation includes three practical takeaways:
- A five‑minute review sheet to assess ransomware readiness against CAF principles.
- A fifteen‑minute light‑touch review of the ten top cyber threats published by the NCSC, mapped to CAF readiness.
- A 90‑day plan to help organisations either strengthen their ransomware‑prevention posture or surface key risks to support investment decisions.
09:50
Morning Skill Clinic - Cyber Resilience in Practice: Lessons from the Past, Realities of Today, and Preparing the Next Generation of NHS Leaders
Barry Richardson
Head of Cyber Security and Information Security
NHS Blood and Transplant
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Panel Overview:
This panel brings together senior NHS and cyber leaders for an open and honest discussion on how the cyber landscape has evolved, what has genuinely changed in practice, and where the most significant challenges now sit.
The discussion will explore:
- How the NHS cyber threat landscape has shifted over recent years
- Key lessons learned from major incidents, policy changes, and operational pressures
- What has moved the needle in practice, and what has not
- How integrated IT security management and system-wide visibility support effective decision-making
- Why operational insight and unified oversight are critical to building a resilient cyber culture
Panel members will reflect on how cyber resilience has evolved beyond technical compliance towards culture, behaviour, and shared accountability across clinical, digital, and operational teams.
10:30
Mike Culshaw
Security Specialist
Zscaler
Main Sponsor - Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so that customers can be more agile and secure. The Zscaler Zero Trust Exchange, a SASE-based platform, is the world’s largest inline cloud security platform, protecting thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications over any network.
10:50
Morning Break & Networking
Morning Break & Networking
11:50
Chair Morning Reflection (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Morning Reflection (Confirmed)
Case Study - Rapid7
About us:
Rapid7 is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class MDR technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers—including organisations like the NHS, where we are a proud supplier—unite cloud risk management and threat detection to reduce attack surfaces and eliminate threats with speed and precision.
12:15
Case Study - Cyber Risk Lives in the Gaps: Organisational Fragmentation and Information Security
Lisa Washer
Head of Cyber
IntaForensics Ltd
Case Study - IntaForensics
As NHS organisations undergo rapid digital and cyber transformation, fragmented organisational structures are creating information security risks that technology alone cannot resolve. This session explores how siloed ownership of information, cyber capability and governance undermines organisational resilience, and why integrated accountability is critical to delivering safer, more secure digital care.
12:35
From Compliance to Culture: Embedding Cyber Resilience into Everyday Clinical Practice (Speaker TBC)
Session Overview:
As cyber threats continue to evolve, the NHS faces a growing challenge, not just in strengthening technology, but in embedding cyber resilience into everyday clinical and operational practice.
This session explores how NHS organisations can move beyond compliance-driven approaches towards a culture where cyber security is understood, owned, and applied across clinical, digital, and workforce teams. Drawing on real-world experience, the session will examine the practical steps leaders can take to align national cyber strategy with frontline delivery, clinical safety, and staff engagement.
Delegates will gain insight into how culture, behaviour, and leadership play a critical role in strengthening cyber resilience, supporting safer care, and protecting critical services in increasingly complex digital environments.
Speaker:
Dr Saritha Arunkumar, Healthcare Chief Technology Officer and Master Inventor (Provisionally Confirmed)
12:55
James Burchell
Sales Engineer Manager
CrowdStrike
Case Study - CrowdStrike
CrowdStrike, a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data.
Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
CrowdStrike: We stop breaches.
14:15
Chair Afternoon Address (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Afternoon Address (Confirmed)
14:20
Case Study - Beyond Users: Strengthening Privileged Access and Identity Security in the NHS
Josh Neame
Chief Technology Officer
BlueFort Security Ltd
Peter Batchelor
Regional Sales Director
Silverfort
Case Study - BlueFort
Join BlueFort Security and Silverfort for an insightful session on how their partnership can and has greatly assisted the NHS in navigating the complexities of MFA and IAM requirements outlined in the NCSC Cyber Assessment Framework (CAF) . The session will also showcase how Silverfort was successfully deployed into a large London based NHS Trust and several other trusts in the north west of England to meet CAF compliance. Finally, we will discuss how BlueFort Security, as Silverfort’s premier partner, ensures expert deployment, configuration, and ongoing optimisation to maximize the technology’s value, thereby strengthening the NHS’s overall security resilience.
14:40
Interactive Workshop - What Would a Hacker Do? Practical Cyber Habits for Everyday NHS Life (Confirmed)
Nasser Arif
Award Winning Cyber Security Manager
London Northwest Healthcare NHS Trust and The Hillingdon Hospitals NHS Foundation Trust
Session Overview:
This hands-on cyber workshop will take delegates inside the mindset of a cybercriminal, exploring the simple, everyday vulnerabilities that can lead to major incidents and how you can protect against them.
Focusing on social media awareness, personal device security, and internal skill-building, attendees will leave with tangible actions they can apply immediately to their own digital lives and teams.
Rather than discussing past incidents, this interactive session will empower staff to recognise risk patterns, identify internal cyber champions, and embed a culture of proactive security across their organisations and homes.
15:00
Case Study - Proving Cyber Readiness: Turning NHS Security Expectations into Operational Control
Adam Pilton
Cyber Security Advisor
Heimdal Security
Case Study - Heimdal
NHS cyber expectations continue to evolve, but the challenge remains consistent: how do organisations move from policy compliance to defensible, measurable assurance that supports clinical safety and operational continuity? This session explores how cyber assurance can be translated into clear accountability, actionable governance, and evidence that stands up to board scrutiny. It will outline pragmatic approaches to improving visibility across endpoints, identity, and security awareness, while supporting teams to reduce risk without adding unnecessary operational burden.
Using real world case studies and lessons learned, the talk will highlight what “good” looks like in practice, where programmes commonly stall, and how teams can demonstrate progress in ways that are meaningful to both technical stakeholders and senior leaders. Rather than prescribing a single model, the session will focus on practical principles that support DSPT aligned improvement while enabling measurable progress within constrained capacity. It will also consider how integrated security platforms, such as Heimdal Security, can help reduce complexity by consolidating visibility, automation, and reporting, supporting both technical execution and leadership assurance.
15:20
Afternoon Skill Clinic - Board-Level Cyber Governance: Turning Risk Appetite into Real Resilience (Confirmed)
Jessica Figueras
Director & Co-Founder
CxB - Cyber Governance for Boards
Session Overview:
Cyber risk is no longer just a technical issue — it is a strategic, operational and governance challenge that shapes the resilience of every NHS organisation. In this practical Skill Clinic, cyber governance specialists Jessica Figueras and Olu Odeniyi unpack what board-level cyber oversight should really look like in 2026.
Moving beyond “zero risk” slogans, this session will help NHS digital, cyber and executive leaders interpret cyber risk appetite, understand the trade-offs that influence decision-making, and build governance frameworks that turn policy into day-to-day organisational behaviour.
Using real-world NHS and wider public-sector examples, delegates will explore:
- How to define and communicate a meaningful cyber risk appetite.
- The difference between governance reality and governance theatre.
- How AI, automation and discovery tooling are changing board expectations.
- Practical approaches to reporting, escalation and cyber risk assurance.
- How to strengthen relations between CISOs, Boards, NEDs and clinical leaders.
Outcome:
Attendees leave with templates, discussion prompts and governance models that can be used immediately to strengthen board engagement, improve decision-making, and embed accountability across digital, clinical and corporate teams.
15:40
Panel Discussion - Shared Care, Shared Risk: Strengthening Cyber Resilience Across Health and Social Care (Speakers TBC)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Michelle Corrigan
Chief Executive Officer
Digital Care Hub
Dr Trudie Fell
CEO and Founder
BelleVie Care Home
Session Overview:
As health and social care services continue to integrate, the security of shared systems and data has become increasingly critical. This session brings together leaders working across the care ecosystem to explore practical approaches to strengthening cyber resilience.
We will discuss lessons learned from recent cyber incidents, the shared impact of system outages, and the importance of consistent standards, clear communication, and collaboration between NHS organisations, local authorities and social care providers.
The panel will highlight what good looks like in real-world settings and how to build a culture of security that supports safe, joined-up care.
Pannelists:
- Michelle Corrigan, CEO, Digital Care Hub (Confirmed)
- Dr Trudi Fell, CEO and Founder at BelleVie Care Home (Confirmed)
- NHS representative (TBC) (Invited)
- Industry representative (TBC) (Invited)
15:40
Afternoon Breakout Clinic - The Future of NHS Identity: Cryptography, Zero Trust & Secure Access by Design (Speaker Provisionally Confirmed)
Bill Buchanan OBE FRSE
Professor
Edinburgh Napier University
Facilitator:
- Prof Bill Buchanan OBE FRSE – Professor of Applied Cryptography, Edinburgh Napier University (Confirmed)
Session Overview:
Identity and Access Management (IAM) is rapidly becoming the backbone of NHS cyber resilience — yet most organisations are still operating with fragmented credential models, inconsistent access policies, and legacy authentication systems.
In this hands-on Skill Clinic, Professor Bill Buchanan OBE, one of the world’s most cited experts in applied cryptography and digital identity, will demystify the building blocks of modern IAM and outline what secure-by-design identity needs to look like across a connected NHS.
Using real-world demonstrations and practical frameworks, Bill will explore:
- What zero-trust really means in NHS settings.
- Cryptography foundations for strong identity (in plain English).
- Lessons from decentralised identity models and where they fit.
- How to redesign access governance for shared care, FDP, virtual wards and cloud-first estates.
- Common NHS vulnerabilities linked to identity — and how to mitigate them.
- What IAM readiness looks like for 2030 cyber maturity.
Outcome:
Delegates will leave with simple, actionable IAM principles, sample access control models, and a clearer understanding of how to uplift identity assurance without creating friction for clinicians.
16:10
Food, Drinks & Networking
Food, Drinks & Networking
