The ISC2 SECURE conference series returned to London last week, kicking off a busy final quarter of the year and some milestone events where members and other industry experts will come together to meet, discuss and debate the key issues facing cybersecurity professionals today. A truly international audience joined us at Kings Place in Central London for the second SECURE London event , highlighting the value of these events and the insights of the speakers.

The day began with a keynote from Dr Saritha Arunkumar, IBM Public Cloud WorldWide Technical Leader who took the audience on a deep dive into the importance of governance, risk, and compliance (GRC) in the cloud and beyond. Dr Arunkumar’s keynote focused on the need to have a good security culture and apply appropriate best practices, not just to deal with the day-to-day, but to ensure the organization has the best possible chance of responding to and coping with the unknown and the unaccounted for. To illustrate how the unknown can destabilize things without robust processes in place, Dr Arunkumar even pulled in a member of the audience for a live scenario roleplay looking at how to deal with outside queries, namely from the media, about a data breach.

Tracks leading to outcomes

Breaking into dual tracks in the morning and early afternoon allowed attendees to explore a variety of themes. Nagaswaran Kumaresan, CISSP, Vice President of the London Metal Exchange picked up from the themes of Dr Arunkumar’s keynote with a look at the management and accountability risks posed by our increasing reliance on outsourced solutions and providers as part of the overall cybersecurity and IT mix. With so many organizations now majority sat on top of on public, shared and/or private cloud services, Kumaresan argued that without taking time to assess, understand and plan for the risks presented by third-party providers, it could lead to significant organizational impacts and jeopardize cyber resilience. Meanwhile, in the secondary hall, Filip Chyla, CCSP from Xebia gave the audience a look at the challenges posed by cloud-native applications and how we go about effectively securing the, by that as standalone elements or as part of an all-encompassing strategy.

The afternoon track sessions saw the attendees again split into two, with one group electing for a highly-debated session on employee-adopted SaaS by Adam Bateman, co-founder and CEO of Push Security. Bateman’s session looked in detail at the growth in not only the volume of shadow IT software solutions that have found their way into organizations, but also the wide array of different platforms in play. While not always happy about it, many organizations have made peace with bring your own device (BYOD) culture, despite it being the gateway mechanism that often leads to many unapproved, untested and unmonitored SaaS solutions finding their way in. As Bateman explained, it requires new and updated approaches to security in the age of self-service.

Is network monitoring still relevant in a modern SecOps environment? Ashley Nurcombe, Senior Cyber Security Consultant at Corelight discussed whether traditional network monitoring is still necessary or indeed viable, given the growth of tools that prevent effective monitoring such as encryption, the digital transformation from non-IP to IP networks, the widespread of Zero Trust architectures, and Secure Access Service Edge (SASE) environments.

AI and Security

ISC2 members Stephen Cobb, CISSP and Brent Dawson, CISSP sat down with ISC2 CISO Jon France, CISSP to debate and share member perspectives on the growth of AI within cybersecurity, as well as its impact on cybersecurity. Cobb, a security researcher and Dawson, an Enterprise Architect at Digital Ducttape, discussed a range of issues as well as taking audience questions on everything from the ability of AI to process and detect threats faster than humans, whether AI is even AI at this point and is still rooted in limited parameter machine learning, to the immaturity of today’s systems and the need for very carefully scripted and developed queries – which still rely on human intervention – to extract usable intelligence from AI-drive systems.

A panel approach

The panel discussions continued as a group of security leaders assembled for a lively discussion across topics such as leadership, educating the board, GRC, cloud security and the professionalization of the cybersecurity profession. Joining Ed Parsons, CISSP, UK & Europe Director of ISC2 was Chris Ensor, Deputy Director of the National Technical Authority at the National Cyber Security Centre (NCSC), Alister Shepherd, CISO of the Financial Conduct Authority (FCA), Bridget Kenyon, CISSP, CISO of Shared Services Connected and Dave Cartwright, CISSP, Head of Technology Operations & Risk/CISO at Santander International.

In a very intensive session that promoted multiple periods of Q&A with the audience, the panel shared technical, operational and management experiences from their career histories, shared perspectives on the growth of the cybersecurity workforce and cybersecurity skills, as well as the importance of the role of professional bodies such as the UK Cyber Security Council in the future shaping of the profession.

The day concluded with an interactive ISC2 Insights session. This was a chance for attendees to hear from and pose questions to a panel comprised of ISC2 CEO Clar Rosso, CISO Jon France, CISSP and board of directors secretary Laurie-Anne Bourdain, CISSP. Attendees quizzed the panel on subjects including the growth of the Certified in Cybersecurity certification, plans for future qualifications, the state of the global skills gap, the potential for new regulation of cybersecurity around the world and the geopolitical situation as it applies to cybersecurity readiness and resilience.

SECURE London kickstarts our global SECURE conference program and this year’s London event saw attendance grow significantly year-on-year, reflecting the critical role cybersecurity is playing in business strategy today. Moreover, it has started the conversations that will continue at our forthcoming conferences, including ISC2 Security Congress, which takes place for the first time in Nashville, Tennessee.