ISfL Annual Conference 2023

SocitmDate: Thursday 2nd March 2023
Time: 10:00am – 3:30pm
Venue: Queen Elizabeth II Centre, Broad Sanctuary, London

Managing your Security Operations: doing more with less

SOCTimes are tough. Budgets are being squeezed and resources are scarce. The threat landscape is becoming ever more challenging and new ways of working are needed to help combat that threat. This conference aims to address these challenges as we hear from suppliers and public sector speakers.

This conference includes a supplier exhibition giving attendees the chance to talk about the various solutions on offer from the private sector.

This conference is open to all public sector WARP members and attendance is free. If you are a supplier and are potentially interested in being involved in the conference, please contact ISfL using the contact form.

About the venue:

The Queen Elizabeth II Centre is conveniently located in Westminster on Broad Sanctuary just opposite Westminster Abbey. It is the largest dedicated conference space in central London. See for more information.


09:30 Registration
10:00 Welcome – Colin Williams, Chair
10:05 Chair’s Keynote – Colin Williams
10:25 Logging Made Easier with Swarm-SecOps – Duncan Ross, IP Performance
10:45 Attack Surface Mapping – LOTI/JUMPSEC
11:05 Break & networking
11:25 Security as an enabler for the delivery of Business Objectives – Stuart Frost, DWP
11:55 CTAG update – Cliff Dean, CTAG Deputy Chair
12:10 ISfL update – Peter Douglas, ISfL Chair
12:25 Lunch & networking
13:25 Welcome back – Colin Williams
13:30 The dark art of interconnected cyber warfare – Bruce Thomson, ISfL
13:50 Partner Keynote – Rubrik
14:10 An holistic approach to building a SOC capability – Mark Brett, NLAWARP
14:30 Commodity Usage Principles and Assurance Scheme – Ian Bryant, MOD
14:40 Break & networking
14:55 Partner Keynote – Stripe OLT
15:15 Panel session
~ Ben Cheetham – Head of Local Cyber, DLUHC
~ Dave Sifleet – Senior Technical Advisor, LGA
~ Mark Brett – Programme Director, NLAWARP
~ Stuart Frost – Head of ESRM, DWP (tbc)
15:50 Closing remarks – Colin Williams
16:00 End

Security as an enabler for the delivery of Business Objectives – Stuart Frost, DWP

Does security really enable the delivery of objectives or is the industry failing? Do we learn from our mistakes, in this cyber world do all elements of security converge to provide a holistic approach? This session will explore all this and more.

Logging Made Easier with Swarm-SecOps – Duncan Ross, IP Performance

IP Performance have built a number of security monitoring systems for their customers. One was a large customer who needed visibility over a sprawling MPLS network and another was a large Further Education college that had suffered a security breach. They had some similarities with what they required, gaining full visibility of what was happening on their network and systems with traditional tools would have been prohibitively expensive considering the first had over 100 sites and the second 20K students with 10 Gbps internet connectivity.

The dark art of interconnected cyber warfare – Bruce Thomson, ISfL

What was it all for? Bruce looks at the interconnectedness of his many adventures within the WARP-verse. He will then look further at how cyber attacks are evolving and what ransomware groups are doing as “target research”. We are only pattern-forming humans after all…

An holistic approach to building a SOC capability – Mark Brett, NLAWARP

Building on his experience across central and local government, Mark Will discuss his recent research pulling together an holistic approach to Cyber Security, supporting the Cyber Assessment Framework and integrating it with a conceptual approach to delivering a Regional or Country level SOC.

Commodity Usage Principles and Assurance Scheme – Ian Bryant, MoD

CUPAS is a “meta-scheme” planned to be jointly delivered between the public and private sectors, to allow the Normalisation of disparate sources of assurance for Commodity (Off The Shelf) Products and Services, to allow them to be placed on a spectrum of trust, and thus used in a Risk-based manner.

Attack Surface Mapping – LOTI & Jumpsec

JUMPSEC has worked in partnership with LOTI and a number of London Boroughs to take a broad look at the most prevalent breach vectors available to external threat actors targeting the London Borough networks. By conducting this project collaboratively and at scale, the project has produced a balanced view of local authority external security posture with implications for London as a whole, identifying key areas to strengthen and respond to common challenges.


CWColin Williams – Chair
After 25 years (almost successfully) pretending to have a clue about anything technical, Colin has (mostly) departed from the commercial realm for a short sojourn in full time academia and embarked on a temporary new existence as a PhD student researching the history of British Cybernetics at the University of Oxford. He continues to be an Honorary Fellow at the University of Warwick and a Visiting Professor at De Montfort University.

SFStuart Frost, BEM – DWP
Stuart is head of the DWP Enterprise Security and Risk Management organisation. A vastly experienced Security and Governance, Risk & Compliance (GRC) professional with extensive sector knowledge and significant experience of delivering successful risk-based security programmes, across large scale, geographically dispersed organisations.

Stuart has won three global industry awards for his work in the GRC space and is adept at integrating security to enable successful delivery of business objectives. He was awarded the British Empire Medal (BEM) in 2017 for his services to the local community.

DRDuncan Ross, IP Performance
Duncan has been in networking and security for 15 years. He started his career as a first line support analyst for a large managed services corporation where he became interested in Networking. He then moved to IP Performance and became a specialist in networking, application delivery and more recently security. He is currently the leading the Swarm-SecOps team, a security service developed by IP Performance, to help protect their customers.

BTBruce Thomson – ISfL
Over the last three years, Bruce has delivered presentations, workshops and lectures on various cyber security topics to the UK public sector through the Cyber Technical Advisory Group (CTAG), and is a sought-after speaker at regional cyber security groups (WARPs). He developed the zED application in 2019 which has been helping the broader UK public sector improve its email standards, allowing organisations to understand their risk to inbound email, and the broader community to level up and achieve the Epic email standard.

Recently he has turned his attention to the dark web and ransomware groups, debunking some of the myths as well as providing just-in-time information on when data and attacks are published, this data is already in use by the UK WARPs and indeed consumed by some private sectors SOCs and other organisations. This work makes use of evolving AI techniques and machine learning as well as some good old-fashioned bash scripts!

IBIan Bryant – MoD
Ian wears a number of hats, including being the Branch Chief for Info-Cyber Protection Policy for the Ministry of Defence (MOD), being the UK Info-Cyber Designated Security Authority (iDSA) for Defence Supply Base (DSB), being a Principal Expert for the British Standards Institution (BSI), and being an Adjunct Professor in Academia. Particularly relevant for today is his role as Project Manager CUPAS.

MBMark Brett – NLAWARP
Having worked in the local and central government space for over 30 years, Marks work in the Cyber and Resilience world involves developing Cyber Resilience Exercises and response capability training.

Mark is currently leading the Local Authority Cyber Resilience Programme in Wales for the Welsh Government, including the provision of the Cyber Fusion Cell as an extension to the WARP services in Wales. This work includes being a member of the Cymru SOC technical advisory board and acting as Co-Chair of the North Wales Resilience Forum Cyber Technical Group. Mark is part of the Gold Group for the Welsh Government Cyber Technical Advisory Cell (CTAC).

PDPeter Douglas – Chair, ISfL
As Peter became more and more involved with security at the London Borough of Haringey, he started attending ISfL and gradually ended up doing most of the security role. He is now the Security and Compliance Manager at the London Borough of Haringey and is responsible for Information Security and ISO27001:13 certification. He was elected as Chair of Information Security for London and has been in this role for the past three years.

Keen Allotment Holder, volunteer-barman and Vice President (honorary title) at my local National 1 Rugby Club, owner of two dogs who drag me around local footpaths on occasion up to fifteen miles from home.

CDCliff Dean – CTAG
Cliff brings knowledge and in-depth experience of Transformation delivery within Local Government and NHS, Governance, Digital Delivery and Stakeholder Engagement. Innovative leadership of business goal-focused transformational change. His work on National IT initiatives has seen in being active within SOCITM in both Futures Group and the Local CIO Council, working with the LGA, Local Government Digital Committee and on the Cyber Security Focus he Chair’s Cybershare East (WARP) and is the Cyber Technical Advisory Group Deputy Chair. In the day job he looks after North Kesteven an West Lindsey District Council, operating a shared service partnership.

Dan is Head of Solutions at JUMPSEC and plays a key role in developing their innovative and tailored approaches to tackling cyber security challenges. Dan believes that the best security solutions take account of each organisation’s unique threat profile and place in their security journey, rather than a one-size-fits-all approach.

TETom Ellson – JUMPSEC
As Head of Offensive Security, Tom is experienced in enabling JUMPSEC clients to achieve their security objectives and improve their resilience to cyber attack. Tom understands where technical weakness and business risk intersect, positioning JUMPSEC offensive services to maximise return on investment.

RPRyan Pullen – Stripe OLT
Ryan has gained extensive experience over his 10 years in cyber security and is currently holding the position of Director of Cyber Security, for the multi-award-winning IT & Cyber Security provider, Stripe OLT. He leads a team of over 20 security engineers, across a range of security disciplines – from incident response and offensive security, to open-source intelligence and managed security operations.

Ryan was recently a nominee for Entrepreneur of the Year at the 2022 Go:Tech Awards, he’s been highlighted as an influential speaker by TEDx for this recent talk ‘How clicking a link can cost millions’ and is a regular speaker at security events across the UK.

Headline Sponsors


Exhibiting Sponsors