40+

SPEAKERS

10

SESSIONS

3

TRACKS

300**

ATTENDEES

EXHIBITION

NETWORKING

DRINKS RECEPTION

The IoT Security Foundation Conference 

The world’s longest-running conference dedicated to IoT cybersecurity.

IET, London  |   23rd October 2024

This year’s one-day event takes place on 23rd October and we return to the modern majesty of the IET, London.

The Annual IoTSF Conference has built a loyal global following from the IoT stakeholder communities and is renowned for delivering high-quality conference programmes and this is the 10th Annual Conference.

Advances in quantum computing and the democratisation of AI/ML in recent years have added more threats, yet have also given us more tools to use in our defences. New approaches such as zero trust and continuous assurance processes continue to evolve. Getting the basics right with training, certifications and audits continue to be trusted staples.

Our theme is therefore…

IoT Security: Past, Present and Future.

Media Partners

Highlights of our 2023 conference

* Typical attendance from previous conference
** FREE for IoTSF Corporate members. IoTSF Professionals members can benefit from a reduced price ticket and non-members pay full price.

If you are not an IoTSF Member, why not find out about joining and receiving free tickets for this event.

Register for the 10th Annual IoT Security Foundation Conference

We’re pleased you’ve decided to join us

Here are a few details about your registration for this event…

Frequently asked questions

What’s included with the ticket?

Ticket price includes a full conference day pass, refreshments, buffet lunch and drinks reception.

Member ticket: What if I’m unable to attend?

We know that plans can change! If you cant make it to an event – to help manage our costs – please let us know as soon as possible, no less than 7 days in advance. If you fail to attend the event without prior notice, we reserve the right to invoice your company for the full cost of a non-member ticket. Thank you for understanding.

Non-Member / Professional Member ticket: Refund Policy

Refunds will be given for cancelled tickets up until 7 days before the event. Refund amount will be the original ticket price minus administration fees. Tickets purchased within 7 days of the event are non-refundable.

If I cant attend, can someone go in my place?

Yes, just email us the details to [email protected].

Terms and Conditions / Privacy Policy

By signing up to this event you are agreeing to our Privacy Policy and our Terms and Conditions.

Present at the IoT Security Foundation Conference

If you’ve got something important to say on a whole range of subjects related to improving the status of IoT, now or in the future, we’d like to hear it and invite you to submit a talk proposal.

If you would like to guarantee a speaking slot, we would encourage you to take one of our limited sponsorship packages – they’re very cost-effective (see our sponsorship guide).

Talk Themes

Our attendees will be interested in business, technical, operational, standards, regulatory, educational and policy-related themes. Some of those themes may include (but are not limited to):

  • New or emerging themes in IoT security
  • All themes related to the defence against AI/automated attacks
  • Using AI/ML to improve IoT security
  • Zero trust environments
  • Cryptography
  • Standards and certification
    • We are keen to hear practical examples of effective (cost and efficacy) third-party certification schemes
  • The economics of IoT security
  • Automation and continuous assurance
  • Updates on the latest threat landscape, attacks and how to avoid them.
  • Best practice for building/engineering ‘secure by design’ and/or ‘secure by default’ products and/or systems
  • Testing IoT products (hardware and software) – against common and emerging attacks
  • How to’ specify fit for purpose security when purchasing
  • Securing the supply chain
  • Software bill of materials and open source
  • Maintaining security and/or achieving resilience throughout the lifecycle
  • Emerging research or intelligence
  • Ethical hacking of IoT systems
  • Ethical design for security and privacy
  • Use cases: application specific examples of cyber security best practice in context e.g.:
    • Automotive
    • Critical Infrastructure
    •  Healthcare
    •  Industrial/Industry 4.0/Manufacturing
    • Smart Buildings / Smart Cities / Connected Places
  • Practical “How To’s” (or how not to…) – e.g.
    • How to manage secure updates
    • How to build a secure and agile development culture
    • Respond to a security breach
    • Build an effective vulnerability and/or bug-bounty program
    • Assess your liability and risk
    • Threat modelling
  • Real life experiences/war stories/lessons learned

Submitting a Talk Proposal

To submit a paper presentation to be considered for the IoTSF Conference, please complete the submission form  with the following details:

  • Presentation Theme
  • Presentation Title
  • Presentation Abstract
  • Speaker Biography & Photo
  • Key audience takeaways

Presentations are to be made in English.

Regular speaking slots are nominally 20 minutes in duration (inclusive of Q&A) however if you prefer a ‘lightening talk’ slot, these are nominally allocated as 10 minutes. Slot duration will be confirmed as part of the acceptance process.

  • Once received, we will acknowledge receipt.
  • Submissions will be reviewed by representatives of IoTSF at regular intervals and assessed on the content’s merit and relevance to the conference.
  • Once reviewed and concluded, applicants will be notified.
  • Successful applicants should confirm their availability for the day.

Guidance for Speakers

It’s great that you have something to say, however be clear about your message to the audience – your talk may be good but if the audience is left with a feeling of “so what?” then we’ve collectively failed. When submitting make sure you spell out the key takeaways that you intend to leave with the audience and what will make it worth their while listening to you. This also helps our talk assessors when selecting talks for the conference hence we encourage you to consider this carefully.

  • Abstracts must clearly detail the nature, scope, content, key points and significance of the proposed presentation to aid the assessment process.
  • The audience has come to hear a talk about a subject that is of interest to them. Direct or overt sales presentations are unwelcome at this event and will not be accepted. It is acceptable to position where the talk is coming from – i.e. the company / individual and the area of interest you have, generally one slide at the beginning usually suffices.
  • It is standard practice to record talks at the IoTSF conference and, at our discretion, publish after the event. Should you prefer not to have your talk published you must inform us with written instruction (email) before or on the conference day. We will confirm your preference.

If you have any queries regarding the submission process, please contact us – [email protected]

Sponsor the IoT Security Foundation Conference

As a not-for-profit organisation, we welcome your interest and support for the conference. We have a number of sponsorship opportunities on offer which help us to cover our costs.

Sponsoring IoTSF’s 2024 Conference will deliver a number of promotional benefits for your organisation whilst contributing to our shared mission to build secure, buy secure and be secure.

Why Sponsor?

The IoTSF Annual Conference attracts a wide range of stakeholder groups and decision-makers throughout the event lifecycle – in the build-up, during the event itself, and once the event has taken place and provides the perfect environment to not only promote your brand, but to build lasting relationships with customers and get to know other businesses:

  • Build reputation & increase brand visibility
  • Unique access to our IoT Security community and stakeholders
  • Lead generation & sales
  • New business partnerships
  • Strengthen relationships with existing customers – most of our packages include guest passes and can be added to other sponsorship options on request
  • Post-conference networking – a drinks reception accompanies the conference.

Conference Agenda

08:30-09:30

Registration / Exhibition

09:30-11:00

Opening ‘Plenary’ Session:
IoT Security: Past, Present, Future

11:00-11:30

Break

Kelvin Lecture Theatre

11:30

Track 1

Turing Lecture Theatre

11:30

Track 1

13:00-14:00

Lunch / Exhibition / Networking

Kelvin Lecture Theatre

14:00

Track 2

Turing Lecture Theatre

14:00

Track 2

15:30-16:00

Break

Kelvin Lecture Theatre

16:00

Track 3

Turing Lecture Theatre

16:00

Track 3

17:15-17:30

Closing Remarks

17:30-19:00

Drinks Reception

Agenda

We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.  Note that details are subject to change.

08:30 Registration / Exhibition
09:30 Opening Plenary Session: IoT Security: Past, Present, Future

The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future.

This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security.

11:00 Break
Kelvin Lecture Theatre Turing Lecture Theatre Watson-Watt Room
11:30 Track 1 11:30 Track 2 11:30 Track 3
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks The Practice of IoT Security: From Breach Response to Threat Anticipation The CISO Journey: From Coax to Resilience
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.

New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications.

This illuminating session equips IoT security practitioners with actionable strategies to tackle current and emerging challenges. Attendees will learn effective breach response protocols for when things go wrong, techniques for anticipating threats in newly connected OT domains like critical infrastructure and healthcare, and methods for applying cross-domain architectural principles to enhance security in the industrial Internet of Things (IIoT).

The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture.

In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc.

This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise.

13:00 Lunch / Exhibition / Networking
14:00 Track 4 14:00 Track 5 14:00 Track 6
IoT Foundations of Trust: Secure by Design The Business of IoT Security: Mastering the Economics Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications.

We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats.

Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems.

In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives?

IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture.

This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations.
Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions.
15:30 Break
16:00 Track 7 16:00 Track 8 16:00 Track 9
IoT Security Compliance: Navigating the Regulatory Landscape Memory Safety: The Pernicious Challenge The Human Side of IoT Security: Protecting People, Spaces, and Systems

As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist.

We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties.

Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future.

What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems.

Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions.

We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances

This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems.

This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats.

We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them.

17:30 Closing Remarks followed by Drinks Reception

Agenda

We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.  Note that details are subject to change.

08:30 Registration / Exhibition
09:30    Opening Plenary Session: IoT Security: Past, Present, Future

The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future.

This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security.

11:00 Break
Kelvin Lecture Theatre Turing Lecture Theatre Watson-Watt Room
11:30 Track 1 11:30 Track 2 11:30 Track 3
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks IoT Foundations of Trust: Secure by Design The CISO Journey: From Coax to Resilience
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.

New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications.

This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications.

We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats.

Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems.

In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc.

This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise.

13:00 Lunch / Exhibition / Networking
14:00 Track 4 14:00 Track 5 14:00 Track 6
The Practice of IoT Security: From Breach Response to Threat Anticipation The Business of IoT Security: Mastering the Economics Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
This illuminating session equips IoT security practitioners with actionable strategies to tackle current and emerging challenges. Attendees will learn effective breach response protocols for when things go wrong, techniques for anticipating threats in newly connected OT domains like critical infrastructure and healthcare, and methods for applying cross-domain architectural principles to enhance security in the industrial Internet of Things (IIoT).
The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture.

In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives?

IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture.

This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations.
Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions.
15:30 Break
16:00 Track 7 16:00 Track 8 16:00 Track 9
IoT Security Compliance: Navigating the Regulatory Landscape Memory Safety: The Pernicious Challenge The Human Side of IoT Security: Protecting People, Spaces, and Systems

As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist.

We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties.

Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future.

What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems.

Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions.

We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances

This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems.

This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats.

We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them.

17:30 Closing Remarks followed by Drinks Reception

Agenda

We are currently building our agenda but, for the moment, click on a title to find out more.  Note that details are subject to change.

09:30

Kelvin Lecture Theatre

11:00-11:30  Break

Kelvin Lecture Theatre

Turing Lecture Theatre

Watson-Watt Room

13:00-14:00  Lunch / Exhibition / Networking

Kelvin Lecture Theatre

Turing Lecture Theatre

Watson-Watt Room

15:30-16:00  Break

Kelvin Lecture Theatre

Turing Lecture Theatre

Watson-Watt Room

17:30-19:00  Closing remarks followed by drinks reception

Agenda

We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.  Note that details are subject to change.

08:30 Registration / Exhibition
09:30

Opening Plenary Session: IoT Security: Past, Present, Future

John Moor
Managing Director, IoT Security Foundation / COO, TechWorks
Welcome and Introduction
Prof. Alex Mouzakitis
Programme Director, Cyber Security, Jaguar Land Rover
Automotive: Innovation and The Future of Cybersecurity
Apostol Vassilev
Research Manager, Computer Security Division, NIST
AI Risks and Rewards: Calculus for the Future
Panel Session Dr Stephen Pattison (Chairman, IoT Security Foundation), Peter Davies (Technical Director, Thales), Dr. Anna Maria Mandalari (Assistant Professor, Dept. Electrical and Electronic Engineering, University College London), Richard Marshall (Founder and Director, Xitex) and Haydn Povey (Founder & CEO, SCI Semiconductor)
11:00 Break
Kelvin Lecture Theatre Turing Lecture Theatre Watson-Watt Room
11:30 Track 1 11:30 Track 2 11:30 Track 3

The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks

The Practice of IoT Security: From Breach Response to Threat Anticipation

The CISO Journey: From Coax to Resilience

John Moor   Managing Director, IoT Security Foundation / COO, TechWorks Introduction Christopher Bennison Member Engagement Manager, IoT Security Foundation / TechWorks Introduction Sarb Sembhi
CTO, Virtually Informed
Introduction
Darron Antill CEO, Device Authority Securing the Future: Harnessing the Power of Ecosystems in IoT Security Jennifer Williams
Director of IT and Operations, Secarma
Reading the R-IoT act – responding to an IoT incident David Ihrie
Chief Technology Officer, Virginia Innovation Partnership Corporation (VIPC)
What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
Ian Pearson
Principle Embedded Solutions Engineer, Microchip Technology Inc.
Foundational Changes Are Coming to IoT Security Toby Wilmington
CEO, qomodo
Evolving Threats and Evolving Defenses for XIoT in Critical Infrastructure Kay Ng
Founder and CEO, CyberAnalytics
From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns
Nick Allott
CEO, NquiringMinds
Establishing a Language of Trust: SBOM, AIBOM, MUD, DevID, Vulnerability Surfaces… Phil Day
Director of Engineering, Configured Things
Implementing Cross Domain Security Patterns for IoT Panel Moderated by Mo Ahddoud
(Chief Information Security Officer, Chameleon Cyber Consultants) with Antoinette Hodes (Global Solution Architect & Evangelist, Check Point Software Technologies), Alan Jenkins
(vCISO Leader, Saepio Solutions Ltd) and Nick Morgan (information Security Manager, Derwent London plc)
Paul Watrobski
IT Security Specialist, NIST
What Things Are Really on Your Network? Trusted IoT Onboarding and Lifecyle Management Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
Building Secure IoT Products from the Ground Up
13:00 Lunch / Exhibition / Networking
14:00 Track 4 14:00 Track 5 14:00 Track 6

IoT Foundations of Trust: Secure by Design

The Business of IoT Security: Mastering the Economics

Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future

Paul Kearney
Cybersecurity Consultant
Introduction Peter Davies
Technical Director, Thales
Introduction Prof. Carsten Maple
Professor of Cyber Systems Engineering, WMG Principal Investigator NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research, University of Warwick
Introduction
Prof. Bruno Crispo
Professor of computer science, University of Trento
CROSSCON: A Cross-platform Open Security Stack for Connected Speaker
To be confirmed
Presentation to be confirmed Paul Waller
NCSC
Securing IoT – From Market Incentives to Future Priorities
John Sirianni
CEO, Tropic Square
Securing the Decentralized Future: Open and Auditable
Hardware Security for IoT Ecosystems and Web3
Paul Hingley
Product Security and Solution Officer, Siemens Digital Industries GB&I
For a Few Dollars More Stephan Janouch
Technical Marketing Director, EMEA, Green Hills Software GmbH
10 rules to build unsecure embedded systems
Rasadhi Attale
Senior Hardware Engineer, Siemens
Hardware based security for advanced threat detection and mitigation Panel Moderated by Peter Davies (Technical Director, Thales) with Michael Dimelow
(CCO, Bloc Ventures)
Andrew Bott
Principal Security Architect, IAR Systems AB
How secure is your IoT device? – Indispensable ingredients for a secure IoT product!
Dr. Ramy Shelbaya
CEO & Co-Founder, Quantum Dice Ltd
The Critical Role of Randomness in IoT Security: From the Past to the Present and into a Post-Quantum Future Dr Des Howlett
Senior Member Technical Staff , Doulos Ltd
Where is your weakest link? Observations from teaching Embedded System Security
15:30 Break
16:00 Track 7 16:00 Track 8 16:00 Track 9

IoT Security Compliance: Navigating the Regulatory Landscape

Memory Safety: The Pernicious Challenge

The Human Side of IoT Security: Protecting People, Spaces, and Systems

Richard Marshall
Founder and Director, Xitex
Introduction Haydn Povey
Founder & CEO, SCI Semiconductor
Introduction James Willison
Project and Engagement Manager, TechWorks
Introduction
Matt Tett
Subject Matter Expert (SME), IoT Security Mark P/L
International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS) Prof. Robert Watson
Professor in Systems, Security, and Architecture, University of Cambridge
Presentation to be confirmed Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
IoT Tech Abuse – Protecting At-Risk Communities
Jonathan Marshall
Founder, SafeShark
Why does my TV still think it is a fridge? David Chisnall
Co-Founder & Director of Systems Architecture
SCI Semiconductor
CHERIoT: Fearlessly reuse untrusted C code in embedded systems Rebecca Hartley
PhD Researcher, Royal Holloway, University of London
How We Talk About IoT Matters: The Case of Technologies in Public Spaces
Panel Moderated by Richard Marshall (Founder and Director, Xitex) with Florian Lukavsky
(CTO, ONEKEY) and Simon Dunkley
(Global Spectrum Lead, Itron)
Panel Moderated by Haydn Povey (Founder & CEO, SCI Semiconductor) with Mike Eftimakis
(Founding Director, CHERI Alliance), Nuala Kilmartin (Innovation Lead for Digital Security, UK Research and Innovation (UKRI)), Robert Norton
(Senior Researcher, Microsoft) and Dr Ash Setter (Head of Engineering, NquiringMinds)
Sarb Sembhi
CTO, Virtually Informed
Mental Health and IoT Security
Panel Moderated by James Willison (Project and Engagement Manager
TechWorks) with Dr Leonie Maria Tanczer
(Associate Professor, University College London (UCL)), Rebecca Hartley (PhD Researcher, Royal Holloway, University of London) and Sarb Sembhi (CTO, Virtually Informed)
17:30 Closing Remarks followed by Drinks Reception

Agenda

We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.  Note that details are subject to change.

08:30 Registration / Exhibition
09:30    Opening Plenary Session: IoT Security: Past, Present, Future

The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future.

This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security.

11:00 Break
Kelvin Lecture Theatre Turing Lecture Theatre Watson-Watt Room
11:30 Track 1 11:30 Track 2 11:30 Track 3
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks IoT Foundations of Trust: Secure by Design The CISO Journey: From Coax to Resilience
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.

New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications.

This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications.

We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats.

Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems.

In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc.

This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise.

13:00 Lunch / Exhibition / Networking
14:00 Track 4 14:00 Track 5 14:00 Track 6
The Practice of IoT Security: From Breach Response to Threat Anticipation The Business of IoT Security: Mastering the Economics Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
This illuminating session equips IoT security practitioners with actionable strategies to tackle current and emerging challenges. Attendees will learn effective breach response protocols for when things go wrong, techniques for anticipating threats in newly connected OT domains like critical infrastructure and healthcare, and methods for applying cross-domain architectural principles to enhance security in the industrial Internet of Things (IIoT).
The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture.

In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives?

IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture.

This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations.
Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions.
15:30 Break
16:00 Track 7 16:00 Track 8 16:00 Track 9
IoT Security Compliance: Navigating the Regulatory Landscape Memory Safety: The Pernicious Challenge The Human Side of IoT Security: Protecting People, Spaces, and Systems

As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist.

We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties.

Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future.

What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems.

Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions.

We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances

This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems.

This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while addressing technical challenges in embedded systems. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats.

We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement. The session will also delve into common vulnerabilities in embedded systems, sharing insights from hands-on security education. A guest speaker will highlight the crucial role of cross-sector collaboration in building a more secure IoT landscape. Attendees will gain a wider view of IoT security challenges and practical approaches to address them.

17:30 Closing Remarks followed by Drinks Reception

Agenda

We are currently building our agenda but, for the moment, click on an image to find out more about our speakers.

08:30 Registration / Exhibition
Kelvin Lecture Theatre
09:30    Opening Plenary Session: IoT Security: Past, Present, Future
Alex Mouzakitis – JLR Title TBC
Apostol Vassilev – Research Manager, NIST AI Risks and Rewards: Calculus for the Future
11:00 – 11:30 Break
   Sessions 1-3 / 11:30 – 13:00
   Kelvin Lecture Theatre Turing Lecture Theatre Another Theatre
Advancing Security Practice
Session Host TBC
Security by Design
Session Host TBC
The CISO Journey
Session Host TBC
Darron Antill, CEO, Device Authority Securing the Future: Harnessing the Power of Ecosystems in IoT Security Andrew Bott, Principal Security Architect, IAR Systems AB How secure is your IoT device? – Indispensable ingredients for a secure IoT product! David Ihrie, CTO, Virginia Innovation Partnership Corporation (VIPC) What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
Ian Pearson, IoTSF AFWG Assuring IoT Security Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Nick Allott, CEO, Nquiring Minds SBoM, TAIBoM etc. Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Paul Watrobski, NIST CCCoE On-boarding High Level Architecture Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
13:00-14:00 Lunch / Exhibition / Networking
   Sessions 4-6 / 14:00 – 15:30
   Kelvin Lecture Theatre Turing Lecture Theatre Another Theatre
Advancing Security Practice
Session Host TBC
Security by Design
Session Host TBC
The CISO Journey
Session Host TBC
Ian Pearson, IoTSF AFWG Assuring IoT Security Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Nick Allott, CEO, Nquiring Minds SBoM, TAIBoM etc. Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
put name here Securing the Future: Harnessing the Power of Ecosystems in IoT Security Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Paul Watrobski, NIST CCCoE On-boarding High Level Architecture Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
15:00 – 15:30 Break
   Sessions 7-9 / 16:00 – 17:15
   Kelvin Lecture Theatre Turing Lecture Theatre Another Theatre
Advancing Security Practice
Session Host TBC
Security by Design
Session Host TBC
The CISO Journey
Session Host TBC
Ian Pearson, IoTSF AFWG Assuring IoT Security Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Nick Allott, CEO, Nquiring Minds SBoM, TAIBoM etc. Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Darron Antill, CEO, Device Authority Securing the Future: Harnessing the Power of Ecosystems in IoT Security Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
Paul Watrobski, NIST CCCoE On-boarding High Level Architecture Turing Lecture Theatre Turing Lecture Theatre TBCTheatre TBCTheatre
17:15 – 17:30 Closing Remarks
17:30 – 19:00 Drinks Reception
19:00 Close

Speakers

The IoT Security Foundation 2024 Conference features an impressive line-up of accomplished speakers who bring their knowledge and experience to the event. Our carefully curated talks from practitioners, industry leaders, academic researchers, and technical visionaries make the IoTSF Annual Conference both high-quality and insightful.

Apostol Vassilev

Research Manager, Computer Security Division, NIST

Apostol Vassilev is a research manager in the Computer Security Division at NIST. His group’s research agenda covers topics in Trustworthy and Responsible AI, with a focus on Adversarial Machine Learning and Robust AI for Autonomous Vehicles. Vassilev works closely with academia, industry and government agencies on the development and adoption of standards in AI. He holds a Ph.D. in mathematics. Vassilev has been awarded a bronze medal by the U.S. Commerce Department and his work has been profiled in the Wall Street Journal, Politico, VentureBeat, Fortune, Forbes, the Register, podcasts, and webinars. Apostol frequently speaks at conferences.

Dr Leonie Maria Tanczer

Associate Professor, University College London (UCL)

Dr Leonie Maria Tanczer is an Associate Professor in International Security and Emerging Technologies at University College London’s (UCL) Department of Computer Science (CS) and grant holder of the prestigious UKRI Future Leaders Fellowship (FLF).

She is part of UCL’s Information Security Research Group (ISec) and initiated and heads the “Gender and Tech” research efforts at UCL. Tanczer is also member of the Advisory Council of the Open Rights Group (ORG), a Steering Committee member for the Offensive Cyber Working Group, and a voting member of the IEEE Working Group P2987 “Recommended Practice for Principles for Design and Operation Addressing Technology-Facilitated Inter-personal Control”.

She was formerly an Association of British Science Writers (ABSW) Media Fellow at The Economist and a Fellow at the Alexander von Humboldt Institute for Internet and Society (HIIG) in Berlin. Her research focuses on questions related to Internet security and she is specifically interested in the intersection points of technology, security and gender.

Matt Tett

Subject Matter Expert (SME), IoT Security Mark P/L

Matt Tett is an Advisor and Subject Matter Expert (SME) for IoT Security Mark P/L who operate the global IoT Security Trust Mark™ (STM) Certification and voluntary Cybersecurity Labelling Scheme (CLS). (www.iotsecuritytrustmark.org).

Matt is the Managing Director of Enex TestLab (Enex Pty Ltd). He is well known globally across industry and government as a very well connected, highly technical straight shooter. Effectively applying science to translating complex technology for the lay person, ensuring customers receive what they are paying for.

Matt has a deep technical background in network and security systems and he holds the following security certifications in good standing for 17+ years: CISSP, CISM, CSEPS and CISA. He is a certified Government security advisor and retains State and Federal Government security clearances.

He is also a judge for a number of industries, including the Commsday “Edison” Awards, IT Journo “Lizzies” Awards, InnovationAus Awards for Excellence, IoT Impact Awards and the Australian Women in Security Awards.

Toby Wilmington

CEO, qomodo

Toby Wilmington has spent the last decade building and managing some of the world’s most sophisticated cyber security defences. With a career that spans institutes like BAE Systems, Recorded Future, and NATO, Toby has been a go-to advisor for government departments,
critical infrastructure, and military forces, crafting robust strategies and resilient security controls for the world’s most targeted networks.

Now leading qomodo, Toby is tackling one of the pressing cyber challenges of our time: safeguarding the rapidly expanding Internet of Things. As IoT devices infiltrate sensitive networks and bring previously isolated areas online, they become prime targets for cyber attackers. The inadequate security and control measures in these newly connected spaces present a golden opportunity for nation-states and cybercriminals alike.

SPEAKER

AI Risks and Rewards: Calculus for the Future

Apostol Vassilev

Research Manager, Computer Security Division, NIST

SPEAKER

Reading the R-IoT act – responding to an IoT incident

Jennifer Williams

Director of IT and Operations, Secarma

SPEAKER

Securing the Decentralized Future: Open and Auditable Hardware
Security for IoT Ecosystems and Web3

John Sirianni

CEO, Tropic Square

SPEAKER

Hardware based security for advanced threat detection and mitigation

Rasadhi Attale

Senior Hardware Engineer, Siemens

SPEAKER

What Things Are Really on Your Network?
Trusted IoT Onboarding and Lifecyle Management

Paul Watrobski

IT Security Specialist, NIST

SPEAKER

IoT Tech Abuse – Protecting At-Risk Communities

Dr Leonie Maria Tanczer

Associate Professor, University College London (UCL)

SPEAKER

Securing the Future: Harnessing the Power of Ecosystems in IoT Security

Darron Antill

CEO, Device Authority

SPEAKER

Evolving Threats and Evolving Defenses for XIoT in Critical Infrastructure

Toby Wilmington

CEO, qomodo

SPEAKER

Prof. Alex Mouzakitis

Programme Director, Cyber Security, Jaguar Land Rover

SPEAKER

From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns

Kay Ng

Founder and CEO, CyberAnalytics

SPEAKER

International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS)

Matt Tett

Subject Matter Expert (SME), IoT Security Mark P/L

SPEAKER

How We Talk About IoT Matters: The Case of Technologies in Public Spaces

Rebecca Hartley

PhD Researcher, Royal Holloway, University of London

SPEAKER

What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats

David Ihrie

Chief Technology Officer, Virginia Innovation Partnership Corporation (VIPC)

SPEAKER

Building Secure IoT Products from the Ground Up

Zahra Khani

Principal Product Manager for IoT Security Assessment, Keysight Technologies

SPEAKER

Why does my TV still think it is a fridge?

Jonathan Marshall

Founder, SafeShark

SPEAKER

Implementing Cross Domain Security Patterns for IoT

Phil Day

Director of Engineering, Configured Things

SPEAKER

How secure is your IoT device? – Indispensable ingredients for a secure IoT product!

Andrew Bott

Principal Security Architect, IAR Systems AB

SPEAKER

10 Rules to Build Unsecure Embedded Systems

Stephan Janouch

Technical Marketing Director, EMEA, Green Hills Software GmbH

SPEAKER

The Critical Role of Randomness in IoT Security: From the Past to the Present and into a Post-Quantum Future

Dr. Ramy Shelbaya

CEO & Co-Founder, Quantum Dice Ltd

PANELLIST

Dr. Anna Maria Mandalari

Assistant Professor, Dept. Electrical and Electronic Engineering, University College London

SPEAKER

Ian Pearson

Principle Embedded Solutions Engineer, Microchip Technology Inc.

SPEAKER

 Securing IoT – From Market Incentives to Future Priorities

Paul W

Cryptography and hardware security expert, NIST

SPEAKER

Florian Lukavsky

CTO, ONEKEY

SPEAKER

Mo Ahddoud

Chief Information Security Officer, Chameleon Cyber Consultants

SPEAKER

Establishing a Language of Trust: SBOM, AIBOM, MUD, DevID, Vulnerability Surfaces…

Nick Allott

CEO, NquiringMinds

PANELLIST

Antoinette Hodes

Global Solution Architect & Evangelist, Check Point Software Technologies