Beyond the Breach: Proactive Defense in the Age of Advanced Threats

This talk will cover some of the most advanced attacks that are in the public domain, mostly attributed in public by commercial organizations.  This talk will give a whirlwind tour of some of the high end of threat activity to set out a context of changing cybersecurity landscape.

The second part will talk about what controls we apply in Government that help defend against the most advanced attacks.  The spoiler warning here is that most of these are not actually really fancy advanced and complex stuff, it's the things that people already know they should do, but are hard to do.

I'll cover a few different things, such as requiring MFA for everyone, reducing your administrative accounts, securing your endpoints effectively, along with a bonus tip around defending your CI systems.

You'll walk away from this talk with a better appreciation of why security matters, and some of the simple but hard things that you should be doing in your enterprise and application system stacks to ensure that you are a hard target.


Michael Brunton-Spall

Deputy Director Cyber Policy and Solutions @Cabinet Office

Michael is Deputy Director of Cyber Policy and Capabilities in the Government Security Group within the Cabinet Office.  Michael has been working in Government for over a decade now, having joined the Government Digital Service shortly after the launch of GOV.UK, and worked on securing government transformation during adoption of cloud, agile and devops movements.

Michael has built software in a variety of industries, from embedded systems to real time trading systems, games consoles to large content management systems.  He has been a regular speaker at international conferences on the topics of Agile, DevOps, Security and Technical Architecture for nearly 10 years now.  Michael is a published author and recognised expert in cybersecurity, and he still writes code when someone lets him.

Read more


Wednesday Apr 10 / 01:35PM BST ( 50 minutes )


Mountbatten (6th Fl.)


Video is not available


From the same track

Session Ethical AI

Trends in InfoSec: Data Minimisation, Autoclassification, and Ethical AI

Wednesday Apr 10 / 11:45AM BST

Laws are changing around the world to require frequent disposal of high-risk information, to reduce the impact of (inevitable) breaches. As such, ‘records management’ is now cyber discipline, but one that has not previously been well enabled by technology.

Speaker image - Rachael Greaves
Rachael Greaves

CEO & Co-Founder @Castlepoint Systems, Australia's Most Outstanding Woman in IT Security, RegTech Female Entrepreneur of the Year, Women in Fintech Powerlist, Top 100 Innovator, CISM, CISA, CDPSE, & CIP

Session zero trust

A Zero Trust Future for Applications: Practical Implementation and Pitfalls

Wednesday Apr 10 / 10:35AM BST

If you are building applications which are critical for your organization's revenue than you would be looking at a zero trust future for most of the applications.

Speaker image - Ashish Rajan
Ashish Rajan

CISO @Kaizenteq Ltd, Host of "Cloud Security Podcast", and SANS Trainer for Cloud Security, 13+ Years Experience in the CyberSecurity Industry


Poetry4Shellz – Avoiding Limerick Based Exploitation and Safely Using AI in Your Apps

Wednesday Apr 10 / 02:45PM BST

LLM based AI has introduced huge shifts in the technology landscape in a very short amount of time, a consequence of which has been the immense pressure on organizations of all types to adopt and/or develop any and all things AI.

Speaker image - Rich Smith
Rich Smith


From Anti-Patterns to Best Practices: A Practical Guide to DevSecOps Automation and Security

Wednesday Apr 10 / 03:55PM BST

In the modern DevSecOps landscape, teams often struggle to achieve more with fewer resources, leading to the development of counterproductive habits. These habits can significantly hinder the ability to establish effective security programs.

Speaker image - Spyros Gasteratos
Spyros Gasteratos

Founder @Ocurity, Principal Security Engineer, Maintainer of &, 15+ Years Experience in Security