Category: Events

Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?

The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats.

That’s why Take Command 2025 is built to deliver the most relevant, actionable insights security leaders need to navigate these challenges. This full-day virtual event brings together top security minds—from Rapid7’s experts to industry analysts and frontline defenders—covering the strategies, tools, and intelligence to help you take command of your attack surface.

A pre-recorded message from Rapid7 CEO Corey Thomas is already live on our event site, providing an inside look at what you can expect from Take Command 2025, and how our global summit will help security teams stay ahead of emerging threats.See the full list of speakers and watch Corey Thomas’s message on the Take Command 2025 registration page.

A Glimpse Into This Year’s Key Themes

This year’s agenda is packed with deep-dive discussions, real-world case studies, and expert insights on the most pressing security topics today. Here are just a few of the key focus areas you can expect at Take Command 2025:

Understanding the Evolving Threat Landscape

Cybercriminals are always one step ahead—until you learn to think like they do. This panel discussion, led by Raj Samani, Rapid7’s Chief Scientist, will explore the latest attack methodologies, emerging ransomware tactics, and evolving adversary behaviors.

Raj will be joined by Trent Teyema, Founder and President of CSG Strategies, a former FBI Special Agent (SES retired), as they analyze real-world attacker techniques and share how security teams can leverage threat intelligence to anticipate and disrupt threats before they escalate.

Session: Inside the Mind of an Attacker: Navigating the Threat Horizon

AI & Cloud Security: Opportunities and Challenges

AI is transforming cybersecurity, but how can organizations implement it responsibly and effectively? Take Command 2025 will examine:

  • The future of AI-powered security operations—what’s hype vs. reality?
  • How SOC and MDR teams are leveraging AI to improve detection and response
  • Cloud security challenges and why cloud detection & response (CDR) is becoming a critical SOC capability

Thom Langford, Regional CTO at Rapid7, will host this discussion, featuring Ted Harrington, Executive Partner at ISE (the Company of Ethical Hackers). Together, they will explore how AI-powered, Zero Trust-based security models are changing how organizations approach risk and resilience, and what the next era of cybersecurity defense will look like in our ‘From Zero to Hero: Building the Perfect Defense’ session.

Exposure Management & Red Teaming: Proactive Security in Action

Security teams can’t afford to wait for attacks to happen. Implementing proactive security strategies are critical. Take Command 2025 will explore:

  • How red teaming is evolving to match today’s complex threat landscape
  • Real-world lessons from leading vulnerability management programs
  • Why organizations are shifting from traditional vulnerability scanning to proactive exposure management

Industry analyst Tyler Shields (ESG) and offensive security consultant Will Hunt (In.Security) will lead key discussions, sharing practical insights on prioritizing risk, testing defenses, and staying ahead of attackers.

With NIS2, DORA, SEC regulations, and other global mandates becoming more prescriptive, CISOs need to stay ahead of compliance changes—but these evolving policies also present an opportunity to strengthen security programs.

Sessions will focus on:

  • How regulatory frameworks are reshaping security practices across industries
  • Key compliance challenges for global organizations and strategies for staying ahead
  • The intersection of security, policy, and business risk—how to turn compliance into a competitive advantage

Sabeen Malik, Rapid7’s VP of Global Government Affairs & Public Policy, will help demystify cyber regulations, compliance challenges, and evolving data residency concerns in ‘From Chaos to Compliant: Demystifying Cyber Regulations’.

More to Come: A Full Day of Cybersecurity Insights

This is just a preview of the cutting-edge discussions, expert panels, and strategic deep-dives planned for Take Command 2025. Across the day, you’ll also hear from Rapid7’s own SOC experts, product leaders, and security researchers, who will provide real-world insights into:

  • What’s next for AI-driven security operations
  • How real-world attack simulations are changing security strategy
  • Inside the SOC: Expert stories from frontline threat hunters

Whether you’re a practitioner, security leader, or researcher, this event is designed to give you the insights and strategies needed to strengthen your security posture in 2025 and beyond.

Register Now to Take Command

Take Command 2025 is a free, global, virtual event happening on April 9. Don’t miss your chance to hear from security leaders and experts on the biggest challenges shaping the industry.

Register Now!

Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup

Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable strategies, real-world case studies, and expert discussions designed to help security teams take command of their defenses.

While we’ll be revealing the full agenda soon, we’re excited to share a first look at some of the key voices joining us this year to explore proactive risk management and offensive security strategies. These industry leaders will be part of a speaker lineup that includes Rapid7’s own security researchers, SOC experts, and product leaders, all focused on equipping security teams with the knowledge they need to outpace today’s adversaries.

Building a Modern Approach to Risk and Exposure Management

Tyler Shields, Industry Analyst at ESG, brings more than 25 years of experience in cybersecurity research, threat intelligence, and market strategy. As attack surfaces grow—spanning cloud, identity, data, and applications—security teams must shift from reactive to proactive risk management.

At Take Command 2025, he’ll explore how organizations can prioritize risk signals across diverse attack surfaces to build smarter, more proactive defense strategies. His session will provide a roadmap for understanding evolving threats and ensuring security teams focus on the most critical risks before they escalate.

Staying Ahead of Attackers with Continuous Red Teaming

Will Hunt, IT Consultant at In.Security, is a recognized expert in red teaming, penetration testing, and security training, having delivered workshops at Black Hat USA, Asia, and EU. As cyber threats evolve, static defenses and annual penetration tests are no longer enough—security teams need continuous testing strategies to stay ahead of adversaries.

At Take Command 2025, Hunt will join a panel of security experts to discuss how red teaming is evolving in response to expanding and increasingly complex attack surfaces and helping organisations stay ahead of adversaries. This session will explore how proactive testing is helping organizations identify and eliminate weaknesses before attackers can exploit them.

More to Come: A Full Day of Cybersecurity Insights

Take Command 2025 is more than just individual sessions—it’s a full day of expert discussions, deep technical insights, and strategic guidance from some of the best minds in cybersecurity. In addition to these featured speakers, Rapid7’s own security leaders, researchers, and SOC practitioners will provide critical perspectives on:

  • The evolving threat landscape and attacker mindset
  • How AI is redefining security operations and automation
  • Managing risk exposure across complex environments
  • Threat detection, response, and red teaming strategies

…and this is just the beginning! More speakers and sessions will be announced soon, covering the most pressing challenges facing security teams today.

Save Your Spot

Take Command Summit 2025 takes place on April 9, 2025, as a fully virtual, one-day event. Don’t miss the opportunity to hear from industry leaders, engage with Rapid7 experts, and walk away with actionable security strategies.

Register Now

Take Command | Rapid7’s 2025 Cybersecurity Summit: Own Your Attack Surface on April 9

Save the date: April 9, 2025

Take Command is back. After a hugely successful event last year, Rapid7’s cybersecurity summit returns with another stellar lineup to equip security teams with the latest threat intelligence, expert insights, and real-world strategies to take control of an evolving attack landscape.

At Take Command 2025, leading security experts, practitioners, and Rapid7’s own research teams will break down the latest attacker tactics, showcase cutting-edge defensive strategies, and explore how AI, MDR, and exposure management are reshaping cybersecurity. Taking command means shutting down threats before they can disrupt your business, staying ahead of adversaries, and constantly refining your defences—and that’s exactly what this year’s event is all about.

Why Attend?

Expert Research and Intelligence

Gain insights from Rapid7 Labs, the curators of Metasploit and our renowned open-source community. Learn how to safeguard against emerging ransomware threats, state-sponsored tactics, and critical vulnerabilities with cutting-edge research you can act on immediately.

Inside the SOC & Real-World Security Insights

Go inside Rapid7’s always-on SOC and hear how security leaders are tackling attack detection, response, and board-level expectations. Learn from peers and industry experts about managing today’s cybersecurity challenges.

Take Command of Your Attack Surface

Discover how MDR, AI, and exposure management can help you proactively reduce risk and outpace attackers. Eliminate silos, enhance visibility, and take decisive action to secure your organization.

What’s on the Agenda?

Building on last year’s high-impact sessions—including “Ready and Resilient: Before, During, & After Ransomware Attacks” and “Control the Chaos: Building Resilient Cyber Defenses Through AI”—Take Command 2025 will deliver even more insights into today’s most urgent cybersecurity challenges.

This year’s event will focus on:

  • The evolving threat landscape – Understanding adversaries’ latest techniques and how to stay ahead
  • AI and security automation – How AI is transforming detection, response, and cyber resilience
  • Cloud security and MDR – Strengthening defences in modern, hybrid environments
  • Proactive risk and exposure management – Strategies to continuously assess and reduce attack surface risk
  • Security operations in action – Expert insights on threat hunting, red teaming, and real-world SOC strategies

Mark Your Calendar & Save Your Spot

Take Command Summit 2025 takes place on April 9, 2025. This one-day virtual event is completely free and designed to give security professionals the insights they need to stay ahead of attackers.

[Save your spot now]

To see what you missed last year, watch 2024’s sessions here.

NXLog, a leading technology provider of log management solutions, announced the appointment of Harald Reisinger as its new Chief Executive Officer. Co-founder and former CEO Botond Botyánszki will transition to the Chief Technology Officer (CTO) role. Together, they will focus on driving innovation to extend the company’s product portfolio towards the rapidly growing observability and telemetry pipeline management market, fostering  what it calls an integrated, data-centric approach to IT operations and improving cybersecurity.

The company also seeks to position itself at the forefront of an expanding market, where workloads generate increasing volumes of operational data (telemetry) originating from diverse sources, directly impacting the availability, performance, and security of IT operations. To address these growing complexities, organisations are increasingly adopting observability and telemetry pipeline management solutions to gain critical insights into the health and performance of applications, services and infrastructures.

As the demand for efficient data management grows, the ability to channel, manage, and analyse telemetry data — including logs, metrics, and traces — has become essential. A key focus for organisations is enhancing data quality while reducing data volume for further analytics, enabling faster troubleshooting, and gaining
actionable insights that drive value.

NXLog points out that even the most conservative estimates of telemetry pipeline data management market growth point to it more than doubling in the next few years. This makes the company uniquely positioned to capitalise on these trends by combining Log Management, Observability & Telemetry Pipeline Management, and data warehouse functionalities into a single, unified solution, empowering organizations to meet the demands of the evolving digital ecosystem.

“I am thrilled to lead the expansion of NXLog during such an exciting time. The rapid growth of the cybersecurity and observability markets underscores the critical need for robust log management and effective telemetry optimisation. We see the highest demand across the US and Canada, Europe, and APAC regions, where we already have an established customer base and trusted channel partner network we can rely on,” said incoming CEO Harald Reisinger.

“Together with our talented team, with whom I’ve had the privilege of working for the past seven years, we are dedicated to helping organizations worldwide unlock the full potential of their data, ensuring they remain agile, secure, and competitive.”

In his new role as CTO, Botond Botyánszki will focus on advancing NXLog’s technology roadmap, with a particular emphasis on addressing emerging market demands. The company’s mission to provide complete security observability and its vision of democratizing secure and efficient data access are aligned with the evolving needs of global enterprises.

“Stepping into the role of CTO allows me to channel my passion for innovation,” said Botond Botyánszki. “Our solutions are at the heart of helping businesses manage the explosion of data from IT, OT, and cloud environments. In our upcoming NXLog Platform SaaS release we will already deliver seamless cloud deployment, telemetry pipeline management and API integrations, storage and data analysis — all from the cloud — for cost efficient security and operations observability. By optimising telemetry pipelines and supporting observability initiatives, we are enabling our customers to act confidently in the face of any threat.”

With its mission to help organisations achieve clarity and control over their digital environments — independent of vendor boundaries— NXLog remains committed to developing technology solutions to further improve security and observability data quality and management. Together with its growing channel and continuously improving Partner Program, NXLog continues to empower enterprises to reduce costs, increase security, and drive efficiency.

Join NXLog’s live webinar on February 20, 2025 to learn how to unify data and lower the volume for transmission. Learn best practices on how ingesting structured, valuable operational data (telemetry) from various sources is critical to maximize the value of your security investments.

The post NXLog undergoes strategic leadership change appeared first on IT Security Guru.

This year’s Global Cyber Summit at the International Cyber Expo boasted an impressive array of speakers from across the public and private sectors, curated by the team at SASIG. The overarching theme of this year’s Global Cyber Summit was ‘resilience’. One notable talk that called for greater industry resilience was Digital Secure By Design on day two. 

The session, chaired by Ciaran Martin CB, Oxford University Professor and Former CEO of the National Cyber Security Centre (NCSC), explored the Security by Design initiative, which is supported by the UK government and seeks to transform digital technology and create a more resilient and secure foundation for future tech.  

The discussion centred around the question: How do we design a more robust ecosystem that is not susceptible to the vagaries of patching and zero-day vulnerabilities? With speed to market a priority for most organisations, and a lack of regulation to control the security of this process, software and hardware are often sent to market as insecure. Security by design should be the base standard for software and hardware development. 

Speakers on the panel included Agata Samojlowicz, Deputy Challenge Director at DsBD, Michelle Kradolfer, National SBD Manager, Police CPI, and Jake Verma, CTO of Quantaco. 

Why is the Secure by Design initiative important? According to Kradolfer, it’s important that “ecosystems of devices” (across home and work) are secure for people, organisations and countries. This must be done in collaboration with manufacturers too. Samojlowicz noted: “computers are currently insecure by design”. 

The strong case for building securely by design is hard to ignore. Standards are becoming increasingly more important in all sectors, so why not standardise and regulate the building of software and hardware? The industry surely has a responsibility to protect consumers. Kradolfer notes that there are already “too many insecure devices out there”. 

The panellists did think that IoT security is making progress though. Earlier this year, the UK became the first country to legally mandate cybersecurity standards for IoT devices. Under the Product Security and Telecommunications Infrastructure (PSTI) mandate, manufacturers will be legally required to build security protections into any product with internet connectivity. Part of this means banning default passwords, as well as requiring manufacturers to publish vulnerability disclosure policies for reporting security flaws, provide mechanisms for securely updating software, and state minimum periods for providing security updates. 

The panel discussed why organisations want security by design to be taken seriously. For many organisations providing services, cost is a key factor, despite cybersecurity being everyone’s problem. The cost of regular patching is expensive, resource intensive and time consuming. There’s pressure and demand from end users on computer processing unit (CPU)  architecture makers to build securely to reduce costs for end users. There’s also a desire for organisations to know that their entire supply chain is meeting specific requirements, reducing risk. The recent CrowdStrike incident is a good example of this. 

The panel argued in favour of a regulation and a consolidated market, which would in turn boost innovation. Why? Because manufacturers can’t be compelled on an individual basis without regulation pressure and/or standards. It’s easier to cut corners – and cheaper. Without litigation, there’s no drive for change. 

Another example of a good government-led secure by design initiative is CISA’s aptly named Secure by Design. According to their website, secure by design means: 

“Products designed with Secure by Design principles prioritise the security of customers as a core business requirement, rather than merely treating it as a technical feature. During the design phase of a product’s development lifecycle, companies should implement Secure by Design principles to significantly decrease the number of exploitable flaws before introducing them to the market for widespread use or consumption. Out-of-the-box, products should be secure with additional security features such as multi-factor authentication (MFA), logging, and single sign-on (SSO) available at no extra cost.”  

However, the panel stressed that it’s necessary that the markers of what it means to be ‘secure’ are laid out clearly, leaving no room for interpretation. Organisations and manufacturers must understand at which point they can say a product is ‘secure by design’. It must also be laid out clearly where organisations should start. Physical security organisations are less good at this than cyber, despite physical security becoming more digitally connected. This mindset is hard to change. 

Final takeaway? There are standards for everything (food, banking etc.), so why not the security of hardware and software? Secure by design seems like a natural place to start. Regulations that build confidence and are widely accepted will make devices more secure and strengthen the entire supply chain. 

The post Secure by Design: The (Necessary) Future of Hardware and Software appeared first on IT Security Guru.

The cybersecurity industry is often seen as a field dominated by technical experts who’ve spent years honing their skills. However, a panel discussion hosted by Michael Keddie, Training Academy Team Leader at Pentest People at International Cyber Expo, sought to dispel the myth that it’s too late to start a career in this dynamic industry. Alongside him were Ian Nicholson, Head of Incident Response at Pentest People, Catherine Burn, Associate Director at LT Harper, and Greg Cooper, Security Consultant at Pentest People. Together, they shared their personal journeys and valuable insights on how to successfully transition into cybersecurity.

It’s Never Too Late

Michael Keddie opened the discussion by highlighting the many attractive aspects of cybersecurity for career changers, including challenging work, clear career progression, and a thriving job market. “There are strong pull factors that attract career changers to cybersecurity,” Keddie noted, pointing out that the field offers both intellectual stimulation and long-term job security. He also emphasised that while transitioning into cyber requires time, commitment, and financial investment, the payoff is significant.

Keddie’s personal journey into cybersecurity was inspired by reading Ghost in the Wires by Kevin Mitnick, a legendary hacker. “It takes time, perseverance, and a budget,” he explained. “But it’s an enjoyable path to take, and once the transition is made, the future is bright with plenty of opportunities.”

His advice to those considering a career switch? “Believe in yourself, go for it, but have a plan and stick to it.” He also stressed that many of the soft skills from previous careers, like communication, problem-solving, and teamwork—are just as crucial in cybersecurity as technical knowledge. “It’s surprising how many skills acquired in a previous career come in handy in cybersecurity,” Keddie added, noting that the field is far more collaborative and supportive than many people assume.

Real-World Insights 

Ian Nicholson shared his unique experience of moving from firefighting to cybersecurity, a transition that took him a decade. He noted that while the financial rewards in cybersecurity are substantial, career changers must be prepared for the initial financial hit that comes with upskilling and training. “You have to plan long and big if you’re thinking of changing careers,” Nicholson said.

Nicholson highlighted one of the early challenges newcomers face: learning the industry’s terminology and acronyms. “It can feel overwhelming at first,” he admitted, but with perseverance, it becomes second nature. His key message was to keep an eye on the bigger picture, understanding that the rewards, both personal and financial, will come with time.

The Power of Passion and the Importance of Trust

Catherine Burn emphasised the importance of having a growth mindset when entering the cybersecurity field. She advised that newcomers must stay up-to-date with trends and current cyber news, and think like someone on the front lines of defence. “Passion and a commitment to continuous learning are what make people stand out,” Burn noted. She also underscored that trust and honesty are essential in cybersecurity. “A good reputation goes a long way in this industry,” she said, advising that maintaining ethical standards is critical for long-term success.

Soft Skills and Imposter Syndrome

Greg Cooper reinforced the value of soft skills in today’s cybersecurity landscape. “The stereotype of pen testers sitting in dark rooms is outdated,” Cooper remarked. In today’s world, communication and teamwork are vital to success. Cooper also acknowledged the presence of imposter syndrome, especially for those entering the field later in life. “It never fully goes away, but you have to trust in yourself and your abilities,” he said.

Cooper also saw cybersecurity as a future-proof career with endless opportunities for growth. “Because the cyber landscape is constantly changing, you can rapidly develop new skills,” he explained. For him, this dynamic nature of the industry was one of its biggest draws.

Follow Your Passion and Take the Leap

The panel concluded with one clear message for those considering a cybersecurity career: “Follow your passion and just do it.” Whether you’re inspired by the intellectual challenges, the rewarding job market, or the opportunity to make a meaningful impact, the panellists encouraged career changers to embrace the journey with confidence. Their stories prove that, with the right mindset, it’s never too late to break into cybersecurity.

By leveraging your existing skills, continuously learning, and cultivating trust and passion, you can build a successful and rewarding career in this exciting and ever-evolving field.

The post Breaking into Cybersecurity: It’s Never Too Late appeared first on IT Security Guru.

With over 7,500 visitors from 90 countries, Nineteen Groups’ International Cyber Expo at Olympia London gained an impressive 16% growth in visitors in its third edition. 137 exhibitors showcasing pioneering solutions and over 120 talks, demos, presentations, and CISO roundtable discussions once again delivered an unparalleled forum for industry leaders and experts. Central to this year’s discussions was the theme of resilience, a crucial topic influencing every corner of the sector, from geopolitics to emerging technologies.

Backed by strong support from leading government organisations, industry experts, and leading industry vendors, International Cyber Expo has once again firmly established itself as a must-attend event for cybersecurity professionals and thought leaders.

Tarquin Folliss, Vice Chairman of SASIG, said: “International Cyber Expo is unique as a cyber event co-located with the physical domain of the International Security Expo and carrying equal weight. We often talk about the convergence between physical and digital security.  This was convergence in action and it was great to see. This is the future. The theme for our Global Cyber Summit was resilience and our great speakers had a universal message:  we are in this together and we can only make ourselves safer by working together.”

Event highlights include:

Visit from Dan Jarvis, Minister of State at the Home Office – The UK and global security threats are growing more complex, with physical and cyber risks increasingly interconnected. As IoT devices become more common in both work and home settings, and digital features integrated into physical security systems, the line between the two is blurring, driving a clear convergence of physical and cyber security.

Speaking at the co-located International Security Expo on 25 September, Dan Jarvis, the UK Government’s Minister of State, emphasised that “the whole security ecosystem needs to work together” to tackle these evolving challenges.

Driving Resilience: The Global Cyber Summit opened with a keynote address by International Cyber Expo’s Advisory Council Chairman, Ciaran Martin, titled “Navigating the Future: Key Cybersecurity Trends Shaping Our Digital World.” Martin set the tone for the event, diving into six pivotal questions that will define cybersecurity in 2025.

As an Oxford University professor and former CEO of the National Cyber Security Centre, Martin captivated the audience with sharp insights on the failures of current cyber deterrence, the urgent need for safer software, industry’s role in supporting government security efforts, securing hardware in supply chains, and the looming threat of legacy technology.

Curated by experts from SASIG, the Global Cyber Summit gathered top minds from the public and private sectors to explore cybersecurity’s past, present, and future. Centred on resilience, discussions spanned crucial topics like the Secure by Design initiative, national readiness, and the timely issue of election cybersecurity amidst a year of global elections.

Talking Diversity and Skills: The brand-new Diversity and Skills Stage launched with an InClusive InCyber-led panel, hosted by LT Harper, exploring the value of risk-taking. Over two days of dynamic discussions, the stage became a hub for forward-thinking leaders eager to future-proof their organisations by championing their people. With a focus on tackling burnout and the skills gap, this year’s agenda featured some of the most innovative minds in the industry, driving the conversation towards a healthier, more inclusive future. The stage also saw the return of Assured’s “Grab The Mic” session, chaired by renowned cyber journalist and Assured Co-Founder Eleanor Dallaway, tackling the bold question: Can (cyber) women really have it all?

Connecting International Audiences: International Cyber Expo delivered a tailored experience for security and cyber professionals from 85 countries worldwide. The International Delegations Program, supported by UK Defence & Security Exports, offered personalised tours and meetings, ensuring visitors quickly accessed the latest solutions. The Connect+ Live service further streamlined networking by facilitating targeted one-on-one introductions with pre-selected buyers and suppliers, helping attendees connect with leading vendors and address their specific needs across both days of the event.

Community Village: With the community at its core, International Cyber Expo hosted the dedicated Community Village, showcasing a range of not-for-profit and charity organisations committed to transforming the industry. With diverse missions, from promoting greater diversity through initiatives like WiTCH, SheCanCode, and WiCyS UK&I to empowering children with accessible technology via Every Child Online, these organisations are leading the charge towards a more inclusive and resilient future for all.

Cyber Wellbeing Corner – The award winning: Cyber Wellbeing Corner returned for 2024, this year with a nature theme. Visitors flocked to the stand for moments of relaxation, amidst the trees, nature sounds and woodland scents. Informed by scientific research, the team at The Zensory partnered with International Cyber Expo to bring the space to life, alongside a doodle wall and colouring in space. The Cyber Wellbeing Corner proved a welcome break for visitors and a refreshing sight amidst the fast-paced, forward-thinking nature of the cybersecurity industry and the buzzing show floor.

Tech Hub Stage: Visitors had the opportunity to engage with cutting-edge innovations on the Tech Hub Stage, interacting directly with the creators behind the technology. This unique platform allowed attendees to explore the real-world applications of today’s and tomorrow’s leading tech. Highlight sessions featured insights such as Elliott Wilkes, CTO at Advanced Cyber Defence Systems (ACDS), who discussed strategies for thinking like a hacker to strengthen cybersecurity posture. Daniel Kendall, Principal Systems Engineer at the show’s founding partner Fortinet, presented on combating AI-driven advanced persistent threats, while Melissa Chambers, CEO and Co-Founder of Sitehop, delved into the future of encryption.

Pavilions of Plenty: A diverse range of pavilions showcased esteemed organisations such as IASME, CREST, TechUK, ADS, and the Department for Science, Innovation & Technology. These dedicated spaces provided members the opportunity to convene and spotlight the dynamic cybersecurity communities they actively support and contribute to.

“With a record number of cybersecurity leaders in attendance, this year’s International Cyber Expo was remarkable. We proudly introduced highlights like the inaugural Diversity and Skills Stage, the Global Cyber Summit with SASIG, and immersive live demonstrations. There was a wealth of insightful sessions and engaging discussions at every turn, where visitors could discover groundbreaking technology and gain valuable knowledge about the latest trends shaping the future of the industry. The brilliant DJ sets from Cyber House Party added to the networking and relaxation, making it an unforgettable experience for all,” comments Rachael Shattock, Event Director – International Cyber Expo.

Dates for next year’s event will be 30 September 2025 – 1 October 2025. To register your interest in attending, visit: https://www.internationalcyberexpo.com/visit/register-interest 

The post International Cyber Expo 2024 A Success, Sees 16% Growth in Visitors appeared first on IT Security Guru.

The question of how we can stop great hackers from turning to the dark side is an age old one. Resources are tight, budgets tighter. This question was reimagined by the team at The Hacking Games for a panel session at this year’s International Cyber Expo on the brand new Diversity & Skills Stage, led by Fergus Hay, Co-Founder and CEO of The Hacking Games, and Daan Dia, Co-Founder of The Hacking Games.

The panel also featured Chris Kubecka, Senior Cyber Security Advisor at Elemental Concept, and Tim Grieveson, Senior Vice President and Global Cyber Risk Advisor at Bitsight, who shared their thoughts on the future of ethical hacking, rooted in lived experiences. Kubecka, for example, was arrested at the age of 10 at her school library for hacking the US Department of Justice. 

A key theme of the panel was the importance of embracing talent. However, it’s crucial to make sure that talent doesn’t start or end up on the wrong path. The Hacking Games team see “hacking as a creative thinking mindset” that needs to be tapped early. The industry needs to find, embrace and nurture talent earlier. However, it’s imperative to educate kids on the full breadth of opportunities available, which can be hard. Fortunately, children are inquisitive naturally, the panel noted, but we need to channel the right enthusiasm in the right places.  

The panel also noted the success of existing school initiatives like Cyber Warriors, educational resources that teach cyber concepts to students developed by the Cyber Security Research Group at the University of Southampton in association with the NSCS. 

The panel speakers also noted that ethical hacking is a hard sell. It can’t compete with the glamorised Hollywood images of the hooded hackers in dark basements plotting world demise. Black hat hacking is still a crime – and a significant one at that. Ethical hacking has an image problem; it’s not ‘sexy’, but it is, undeniably, cool. Social engineering is a real job and you only have to read Jenny Radcliffe’s People Hacker book to see how cool it really is!

So why do young people turn to cybercrime? White hat hacking doesn’t pay well (necessarily). This needs to change, according to Grieveson, who thinks that attitudes to cyber budgets should change in line with increased responsibility, litigation and the changing threat landscape.   

What can the industry do to make sure kids don’t fall down the wrong path? Mentorship, for one. Having positive mentors can open doors to (legitimate) employment and opportunity for talented people. The panel noted that the industry needs to do more in this space, else we risk missing out on the next Steve Jobs who, after all, earned the seed capital to start Apple through hacking. 

The Hacking Games also announced during the session that they’re working to ‘gamify’ cyber for kids, striving to meet them where they’re at (notably TikTok, Minecraft and Roblox). The organisation has set out to reinvent cyber education for a new generation, acknowledging that traditional programmes are a turn off for kids. They’re doing this through integrations with popular online gaming platforms and by creating engaging video content (like documentaries and reality shows). 

The final takeaway? Hackers are not underground. They’re in suburban homes. Kids are an asset and should be seen as such. 

The post Start ‘Em Young: Setting Would Be Black Hat Hackers on a More Ethical Path appeared first on IT Security Guru.

Cybersecurity has a burnout problem. This is not new (or surprising) news per se, but we, as an industry, are certainly getting better at talking about it. The first step, they say, is admitting that there’s a problem. The next? Examine the scope and impact of the problem before thinking about how to solve it. Such were the key themes of a panel discussion, Combatting Burnout to Protect Both Your Data & Your Ethics, led by Andrew Rose, CISO of SoSafe, at this year’s International Cyber Expo.

At this year’s Expo, panel discussions and keynotes on the brand new Diversity & Skills Stage focused on topics affecting the people within the cybersecurity industry. Burnout is, undeniably, a pertinent topic in this area. With threats getting more frequent and more sophisticated, a perfect storm for unhealthy work cultures has emerged – and burnout is an unfortunate, but almost inevitable, by-product. Cybersecurity is already a thankless career and now professionals are having to work overtime to stop threats. It’s tiring keeping the status quo.   

During the talk, Andrew Rose was joined by Chris Denbigh-White, CISO of Next dlp, and Jasmine Eskenzi, Founder and CEO of The Zensory, a popular wellbeing, productivity and habit management app. What was particularly moving about this panel discussion was hearing from real-world practitioners on their experiences, as well as the experiences of their peers, of burnout first hand. The advice given by the speakers came from a place of true empathy, a crucial element of building a healthier workforce. The panel session strived to destigmatise burnout and it did just that. 

The session began with a short guided breathing exercise led by Eskenzi. The audience was invited to hack their senses and enter a state of focus. It is thought that there are many powerful benefits of an act as simple as taking a deep breath, one of those even includes significantly reducing phishing risk. The science behind why is a whole other article. 

Firstly, the discussion focused on how leaders can recognise the signs of stress and burnout within themselves and their teams. For CISOs, they noted that the signs of burnout may manifest as partaking in ‘self-protecting decisions’ to reduce overwhelm and burden. This could look like non-disclosure, avoidance or taking shortcuts. These acts undermine trust, a fundamental cornerstone of cyber. They noted the ethical challenges and choices that are thrown up by environments of high stress. Cutting corners is not only risky, but reckless. Yet, there’s only so much time to get work done. 

CISO Denbigh-White noted that stress and burnout don’t happen in a vacuum. Rather, it affects the whole team and presents a larger issue. He noted that real change must happen within and that, as a CISO, you have to look after yourself to be able to look after an organisation. You can’t lead a team if you don’t look after yourself properly. But what does he advise that business leaders do to reduce burnout and, in turn, cyber risk within their organisation? 

  • Listen to staff – create a workplace where staff feel able to talk about their feelings, emotions and struggles, as well as any security concerns. This must be a safe space, free of judgement.
  • Embrace automation – where possible, embrace automation to reduce burden on wider security team. 
  • Delegate – Empower staff to take on tasks with full trust. There’s a reluctance to take executive decisions with a fear of litigation and blame looming large. 
  • Recognise staff efforts – Celebrate the achievements of the whole security team. Celebrate when things go well.
  • Create a positive security culture – create a safe space for people to voice their concerns about security, without blame. 

Ultimately, the speakers noted that organisations must create safe environments where employees are able to learn and grow, with guardrails that allow them to thrive safely. A strong security stack inevitably takes some of the stress away from security teams and relieves pressure. They noted that security must be done alongside the wider industry, with clear lines of communication open. A collaborative mindset is key.

The takeaway? Strong security postures that support security teams build organisational resilience. Denbigh-White says: “Resilience is a team sport” – resiliency is best achieved when we have a support network. We need other humans; stress leads to isolation. 

 

The post Banishing Burnout: Data Security Hangs in Balance in Cyber Wellbeing Crisis appeared first on IT Security Guru.

A recent survey conducted by OnePoll on behalf of International Cyber Expo has revealed that a significant majority of Britons believe that cyber warfare is the next frontier in modern combat. The research was conducted amongst 2,000 nationally representative UK respondents.

Despite the UK government’s substantial investment in traditional military forces, the public’s perception is that the next battlefield will be in cyberspace. Over 70% of respondents believe that cyber warfare is likely to be the next step in modern combat, with more than half seeing it as a combination of physical and cyber tactics. Only 5% of the public believe that cyber warfare will never replace physical warfare.

The research also found that 1 in 20 Britons believe that we’re already in the midst of a ‘cyber war’. Amid escalating geopolitical tensions worldwide, nearly a third (31%) of the British public admitted to feeling “scared” about the prospect of cyber warfare. 

The survey also delved into the public’s fears surrounding cybercrime. Cyberattacks targeting critical infrastructure emerged as the most significant concern, followed by nation-state activities, the use of AI in online scams, and disinformation. The recent cyberattack on Synnovis, which disrupted NHS services across the UK, highlighted the real-world consequences of such attacks.

The full list of fears that keep the UK public up at night include:

  • Cyberattacks targeting critical infrastructure (54%) 
  • Nation state activities (43%) 
  • The use of AI in online scams (33%) 
  • Disinformation swaying global politics (31%) 
  • Cyber warfare (31%) 
  • Deepfake (21%) 
  • Phishing emails (15%) 
  • Social engineering (12%) 
  • Fake ads/giveaways (12%) 
  • Criminal activity doesn’t scare me (6%)

Tarquin Folliss, Vice Chairman of SASIG, emphasised the growing threat posed by cyber warfare: “Cyberspace is the perfect grey zone between war and peace. State and non-state actors can operate in this ambiguous and frequently anonymised domain more aggressively and with greater risk appetite than they would in the physical world. The danger of miscalculation is consequently far more heightened.”

Folliss continues: “So, the public is right to worry about conflict in cyberspace and where it could lead.  Cyberwarfare, however, is unlikely to develop as an independent capability or effect. The weaponisation of cyberspace will continue to evolve as one component of the armoury that governments can call on to prosecute war.”

As geopolitical tensions escalate, the threat of cyber warfare becomes increasingly real. The survey findings underscore the need for increased awareness, preparedness, and investment in cybersecurity to protect critical infrastructure and national security.

The post Cyber Warfare: A Growing Concern for the British Public appeared first on IT Security Guru.