AGENDA
Click on a speakers name for more details
PLENARY SESSION
09:00-11:00 Followed by break till 11:30am
KELVIN LECTURE THEATRE
IoT Security: Past, Present & Future
Host: John Moor, Managing Director, IoT Security Foundation / COO, TechWorks
Automotive: Innovation and The Future of Cybersecurity – Alex Mouzakitis, Programme Director, Cyber Security, Jaguar Land Rover
AI Risks and Rewards: Calculus for the Future – Apostol Vassilev, Research Manager, Computer Security Division, NIST
PANEL
Moderator: Stephen Pattison, Chairman, IoT Security Foundation –
Peter Davies, Technical Director, Thales –
Anna Maria Mandalari, Assistant Professor, Dept. Electrical and Electronic Engineering, University College London –
Richard Marshall, Founder and Director, Xitex –
Haydn Povey, Founder and CEO, SCI Semiconductor
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks
CLICK HERE for details on this session
11:30-13:00 Followed by break till 14:00
KELVIN LECTURE THEATRE
Host: John Moor, Managing Director, IoT Security Foundation / COO, TechWorks
Securing the Future: Harnessing the Power of Ecosystems in IoT Security – Darron Antill, CEO, Device Authority
Foundational Changes Are Coming to IoT Security – Assurance Framework Evolution – Ian Pearson, Principle Embedded Solutions Engineer Microchip Technology Inc
Establishing a Language of Trust: SBOM, AIBOM, MUD, DevID,Vulnerability Surfaces… – Nick Allott, CEO, NquiringMinds
What Things Are Really on Your Network? Trusted IoT Onboarding and Lifecyle Management – Paul Watrobski, IT Security Specialist, NIST
The Practice of IoT Security: From Breach Response to Threat Anticipation
CLICK HERE for details on this session
11:30-13:00 Followed by break till 14:00
TURING LECTURE THEATRE
Host: Chris Bennison, Membership Engagement Manager, IoT Security Foundation / TechWorks
Reading the R-IoT act – responding to an IoT incident – Jennifer Williams, Managing Director, Secarma
Evolving Threats and Evolving Defences for XIoT in Critical Infrastructure – Toby Wilmington, CEO, qomodo
Implementing Cross Domain Security Patterns for IoT – Phil Day, Director of Engineering, Configured Things
Building Secure IoT Products from the Ground Up – Zahra Khani, Principal Product Manager for IoT Security Assessment, Keysight Technologies
The CISO Journey: From Coax to Resilience
CLICK HERE for details on this session
11:30-13:00 Followed by break till 14:00
WATSON-WATT THEATRE
Host: Sarb Sembhi, CTO, Virtually Informed
What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats – David Ihrie, Chief Technology Officer, Virginia Innovation Partnership Corporation (VIPC)
From Risk to Return: Measuring Security Return on Investment – Kay Ng, Founder and CEO, CyberAnalytics
PANEL
Moderator: Mo Ahddoud, Chief Information Security Officer, Chameleon Cyber
Consultants –Antoinette Hodes, Global Solution Architect & Evangelist, Check Point Software
Technologies –Alan Jenkins, vCISO Leader, Saepio Solutions Ltd –Nick Morgan, Information Security Manager, Derwent London plc.
IoT Foundations of Trust: Secure by Design
CLICK HERE for details on this session
14:00-15:30 Followed by break till 16:00
KELVIN THEATRE
Host: Paul Kearney, Cybersecurity Consultant
CROSSCON: A Cross-platform Open Security Stack for Connected Devices – Bruno Crispo, Professor, University of Trento
Open and Auditable Hardware Security for IoT & Web3 Ecosystems – John Sirianni, CEO, Tropic Square
Hardware based Cyber Security for Connected Vehicles – Rasadhi Attale, Siemens
The Critical Role of Randomness in IoT Security: From the Past to the Present and into a Post-Quantum Future – Ramy Shelbaya, Quantum Dice Ltd.
The Business of IoT Security: Mastering the Economics
CLICK HERE for details on this session
14:00-15:30 Followed by break till 16:00
TURING THEATRE
Host: Peter Davies, Technical Director, Thales
Presentation – Ged Lancaster , CTO, TAE Power Solutions
For a Few Dollars More – Paul Hingley, Product Security and Solution Officer, Siemens Digital Industries GB&I
PANEL
Moderator: Peter Davies, Technical Director, Thales –
Michael Dimelow. CCO, Bloc Ventures –
Paul Hingley, Product Security and Solution Officer, Siemens Digital Industries GB&I
Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
CLICK HERE for details on this session
14:00-15:30 Followed by break till 16:00
WATSON-WATT THEATRE
Host: Carsten Maple, Professor of Cyber Systems Engineering, University of Warwick
Securing IoT – From Market Incentives to Future Priorities – Paul Waller, NCSC
10 rules to build unsecure embedded systems – Stephan Janouch, Technical Marketing Director, EMEA, Green Hills Software GmbH
How secure is your IoT device? – Indispensable ingredients for a secure IoT product – Andrew Bott, Principal Security Architect, IAR Systems AB
Where is your weakest link? Observations from teaching Embedded System Security – Des Howlett, Senior Member Technical Staff, Doulos Ltd
IoT Security Compliance: Navigating the Regulatory Landscape
CLICK HERE for details on this session
16:00-17:25 Followed by closing remarks and drinks reception at the Kelvin Lecture Theatre from 17:25
KELVIN THEATRE
Host: Richard Marshall, Founder and Director, Xitex
Red Cyber Update – Simon Dunkley, Global Spectrum Lead, Itron Metering Solutions UK Limited
Security Compliance: Regulatory Watch Working Group – Florian Lukavsky, CTO, ONEKEY
Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS) – Matt Tett, Subject Matter Expert (SME), IoT Security Mark P/L
What have we learned? Why does my TV think it’s a fridge? –Jonathan Marshall, Founder, SafeShark
PANEL
Moderator: Richard Marshall, Founder and Director, Xitex –
Florian Lukavsky, CTO, ONEKEY –
Simon Dunkley, Global Spectrum Lead, Itron –
Matt Tett, Subject Matter Expert (SME), IoT Security Mark P/L –
Jonathan Marshall, Founder, SafeShark
Memory Safety: The Pernicious Challenge
CLICK HERE for details on this session
16:00-17:25 Followed by closing remarks and drinks reception at the Kelvin Lecture Theatre from 17:25
TURING THEATRE
Host: Haydn Povey, Founder and CEO, SCI Semiconductor
CHERI: Architectural Support for Memory Protection and Software Compartmentalization – Prof. Robert Watson, Professor in Systems, Security, and Architecture, University of Cambridge
CHERIoT: Fearlessly reuse untrusted C code in embedded systems – David Chisnall, Co-Founder & Director of Systems Architecture, SCI Semiconductor
PANEL
Moderator: Haydn Povey, Founder and CEO, SCI Semiconductor –
Mike Eftimakis Founding Director, CHERI Alliance –
Nuala Kilmartin, Innovation Lead for Digital Security, UK Research and Innovation (UKRI) –
Robert Norton, Senior Researcher, Microsoft –
Ash Setter, Head of Engineering, NquiringMinds
The Human Side of IoT Security: Protecting People, Spaces and Systems
CLICK HERE for details on this session
16:00-17:25 Followed by closing remarks and drinks reception at the Kelvin Lecture Theatre from 17:25
WATSON-WATT THEATRE
Host: James Willison, Project and Engagement Manager, IoTSF / TechWorks
IoT Tech Abuse – Protecting At-Risk Communities – Leonie Tanczer, University College London (UCL)
How We Talk About IoT Matters: The Case of Technologies in Public Spaces – Rebecca Hartley, PhD Researcher, Royal Holloway, University of London
Mental Health and IoT Security – Sarb Sembhi, CTO, Virtually Informed
PANEL
Moderator: James Willison, Project and Engagement Manager, IoTSF / TechWorks –
Leonie Tanczer, University College London (UCL) –
Rebecca Hartley, PhD Researcher, Royal Holloway, University of London –
Sarb Sembhi, CTO, Virtually Informed
Nick Morgan
Information Security Manager, Derwent London plc
Nick Morgan CISSP, CISM, Assoc. C|CISO, leads the Information Security function at Derwent London plc, a commercial Real Estate Investment Trust (REIT). He has 22+ years of experience in IT Governance, Risk and Compliance, Data Protection, Business Continuity, networks, and Infrastructure.
In 2021, Nick contributed to an article in the Times Raconteur titled ‘How cybersecure is the smart office?’ and has been a key contributor to the IoT Security Foundation’s Smart Buildings working group and associated best practice guidance publications.
James Willison
Project and Engagement Manager, TechWorks
James is a distinguished international leader in Security Convergence and Enterprise Security Risk Management, currently serving as the Project and Engagement Manager at the Internet of Things (IoT) Security Foundation. His extensive career, marked by a blend of, advisory, academic and practical roles, showcases his contributions to the security industry. He has a practical application to convergence, and streamlining delivery within a sound business framework.
Christopher Bennison
Member Engagement Manager
Chris joined TechWorks in September of 2022. An 8-year tenure with BT gave Chris a good technical grounding.
He also brings key experience in marketing and engagement from roles with the ScotRail communications team, a delivery app, a restaurant chain and a bicycle retailer.
IoTSF Chapters are a major part of his remit as the IoTSF looks to further its global presence, increase member numbers and attract even more thought leadership and progressive ideas. He’s also heavily involved with the IoTSF’s working groups, engagement with NMI and AESIN members as well as presenting webinars for the TechWorks communities.
Away from work, Chris is a keen runner, music lover, cinemagoer, foodie and Dundee United fan.
Dr Leonie Maria Tanczer
Associate Professor, University College London (UCL)
Dr Leonie Maria Tanczer is an Associate Professor in International Security and Emerging Technologies at University College London’s (UCL) Department of Computer Science (CS) and grant holder of the prestigious UKRI Future Leaders Fellowship (FLF).
She is part of UCL’s Information Security Research Group (ISec) and initiated and heads the “Gender and Tech” research efforts at UCL. Tanczer is also member of the Advisory Council of the Open Rights Group (ORG), a Steering Committee member for the Offensive Cyber Working Group, and a voting member of the IEEE Working Group P2987 “Recommended Practice for Principles for Design and Operation Addressing Technology-Facilitated Inter-personal Control”.
She was formerly an Association of British Science Writers (ABSW) Media Fellow at The Economist and a Fellow at the Alexander von Humboldt Institute for Internet and Society (HIIG) in Berlin. Her research focuses on questions related to Internet security and she is specifically interested in the intersection points of technology, security and gender.
Presentation: IoT Tech Abuse – Protecting At-Risk Communities
The proliferation of smart, Internet-connected devices in homes has introduced new avenues for intimate partner violence.
Drawing on research conducted at UCL’s Gender and Tech Lab, this presentation will explore the growing problem of technology-facilitated domestic violence and stalking, focusing on the ways perpetrators exploit Internet of Things (IoT) technologies to monitor, control, and terrorise victims and survivors. The talk will examine the unique challenges affected parties face when trying to document abuse, seek help, and regain control of their digitally-enabled environment. The session will also highlight emerging approaches to combat this form of abuse, including technological safeguards, legislative reforms, and victim/survivor support. The goal is to raise awareness of this critical issue and equip the tech sector with the knowledge to address the intimate partner violence threat model proactively and to effectively respond to instances where their systems are being misused in domestic abuse and stalking cases.
Apostol Vassilev
Research Manager, Computer Security Division, NIST
Apostol Vassilev is a research manager in the Computer Security Division at NIST. His group’s research agenda covers topics in Trustworthy and Responsible AI, with a focus on Adversarial Machine Learning and Robust AI for Autonomous Vehicles. Vassilev works closely with academia, industry and government agencies on the development and adoption of standards in AI. He holds a Ph.D. in mathematics. Vassilev has been awarded a bronze medal by the U.S. Commerce Department and his work has been profiled in the Wall Street Journal, Politico, VentureBeat, Fortune, Forbes, the Register, podcasts, and webinars. Apostol frequently speaks at conferences.
Presentation: AI Risks and Rewards: Calculus for the Future
Artificial intelligence (AI) systems have been on a global expansion trajectory for several years. The pace of development and adoption of AI systems has been accelerating worldwide.
These systems are being widely deployed into the economies of numerous countries, leading to the emergence of AI-based services for people to use in many spheres of their lives, both real and virtual. There are two broad classes of AI systems, based on their capabilities: Predictive AI (PredAI) and Generative AI (GenAI). Although the majority of industrial applications of AI systems are still dominated by PredAI systems, we are starting to see adoption of GenAI systems in business. When adopted responsibly, GenAI systems can also improve the productivity of workers and quality of service.
As these systems permeate the digital economy and become inextricably essential parts of daily life, the need for their secure, robust, and resilient operation grows.
However, despite the significant progress that AI has made, these technologies are also vulnerable to attacks that can cause spectacular failures with dire consequence. In this talk we will provide an overview of the main sources of risk and categories of attacks on AI systems and propose directions for increasing their robustness.
Toby Wilmington
CEO, Quomodo
Toby Wilmington has spent the last decade building and managing some of the world’s most sophisticated cyber security defences. With a career that spans institutes like BAE Systems, Recorded Future, and NATO, Toby has been a go-to advisor for government departments, critical infrastructure, and military forces, crafting robust strategies and resilient security controls for the world’s most targeted networks.
Now leading qomodo, Toby is tackling one of the pressing cyber challenges of our time: safeguarding the rapidly expanding Internet of Things. As IoT devices infiltrate sensitive networks and bring previously isolated areas online, they become prime targets for cyber attackers. The inadequate security and control measures in these newly connected spaces present a golden opportunity for nation-states and cybercriminals alike.
Presentation: Evolving Threats and Evolving Defences for XIoT in Critical Infrastructure
The convergence of information technology (IT) and operational technology (OT) within the Extended Internet of Things (XIoT) is transforming the landscape of connectivity.
Devices and systems that were once isolated, such as industrial control systems, vehicles, energy grids and medical equipment, are now internet-connected, vastly expanding the attack surface and presenting new cybersecurity challenges.
In this presentation, Toby Wilmington, CEO of qomodo, will explore the evolving threat landscape facing XIoT environments. We will examine how cybercriminals and nation-state actors exploit vulnerabilities in connected devices to target critical infrastructure. From weak authentication mechanisms to legacy system vulnerabilities, this session will provide a comprehensive overview of the current risks that organisations face.
Looking forward, we will discuss emerging threat trends, such as the increasing use of artificial intelligence by attackers to conduct more sophisticated and automated attacks. As threat actors continue to innovate, organisations must evolve their security strategies to stay ahead of these challenges.
To help executives and managers navigate this complex landscape, the presentation hopes to offer actionable insights and defensive measures for enhancing XIoT security.
By understanding the current threat landscape and anticipating future challenges, organisations can develop robust security frameworks that protect their critical XIoT assets, challenge the expectations of security for IoT and ensure operational resilience in an increasingly connected world.
Darron Antill
CEO, Device Authority
Darron has extensive experience in leading and growing companies that specialise in IoT, Cybersecurity, Enterprise Software and SaaS. Prior to his role as CEO at Device Authority, Darron was CEO of AppSense, a global software company where is guided the company to a 270% revenue increase, expansion into new markets, strategic acquisitions, successful investment and through significant product innovation. Darron is also a member of IoTSF’s Executive Steering Board.
Presentation: Securing the Future: Harnessing the Power of Ecosystems in IoT Security
In the rapidly expanding world of IoT, securing connected devices has never been more critical—or more complex. Gone are the days when a single solution could adequately protect the intricate networks of connected devices that define today’s IoT landscape. In this talk, “Stronger Together: The Power of Collaboration in Securing the IoT Ecosystem,” we delve into the transformative shift towards a collaborative approach to IoT security.
As the industry evolves, so too must our strategies for protection. This presentation will explore how the integration of best-in-class vendors, each bringing unique strengths to the table, forms a more resilient and adaptable defence system. We will discuss the significant benefits of this ecosystem approach, including enhanced security for both new and legacy devices, and how it enables more effective responses to the ever-evolving threat landscape. We will also hear about some examples of a successful ecosystem in action as well as the role that open-source communities can play in advancing security solutions.
Attendees will gain practical insights into building and maintaining a secure IoT ecosystem, with real-world examples of successful implementations. Whether you’re securing new deployments or retrofitting brownfield devices, this talk will provide the knowledge and tools to make informed decisions and strengthen your IoT security posture through collaboration. Join us to learn why the future of IoT security is not about going it alone, but about building stronger defences together.
Matt Tett
Advisor / Subject Matter Expert (SME), Cyber Trust Mark
Matt Tett is an Advisor and Subject Matter Expert (SME) for IoT Security Mark P/L who operate the global IoT Security Trust Mark™ (STM) Certification and voluntary Cybersecurity Labelling Scheme (CLS). (www.iotsecuritytrustmark.org).
Matt is the Managing Director of Enex TestLab (Enex Pty Ltd). He is well known globally across industry and government as a very well connected, highly technical straight shooter. Effectively applying science to translating complex technology for the lay person, ensuring customers receive what they are paying for.
Enex TestLab’ objective is to use science to keep tech vendors honest and the leaders leading by rigorously testing their product claims and ensuring consumer requirements are met factually.
(www.testlab.com.au), Enex TestLab is an independent ISO17025 accredited testing laboratory with a 35+ year history, university heritage (RMIT), and ISO 9001 QMS Quality, ISO 27001 ISMS Security and ISO 45001 OH&S certifications.
Matt is a current board director and Co-Chair of the Australian Women in Security Network (AWSN) (www.awsn.org.au)
He also serves on the Communications Alliance Cyber Security Reference Panel (CSRP), the CSRP Fraud subgroup and the Communications Resilience Administration Industry Group (CRAIG) and is a member of the research advisory committee for the Internet Commerce Security Laboratory (ICSL) at Federation University.
Matt has a deep technical background in network and security systems and he holds the following security certifications in good standing for 17+ years: CISSP, CISM, CSEPS and CISA. He is a certified Government security advisor and retains State and Federal Government security clearances.
He is also a judge for a number of industries, including the Commsday “Edison” Awards, IT Journo “Lizzies” Awards, InnovationAus Awards for Excellence, IoT Impact Awards and the Australian Women in Security Awards.
He has served on the Online Safety Consultative Working Group (OSCWG) for the Office of the eSafety Commissioner, as a committee member participating in the development of Standards related to IT-042-00-01 – IoT and Related Technologies and participated in the Internet Australia Cyber Security SIG. He is former chair of IoT Alliance Australia (IoTAA) enabler Work Stream 3 (eWS-3) – Cyber Security and Network Resilience and sits on the IoTAA Executive Council.
https://www.linkedin.com/in/mtett/
Presentation: International: Key lessons and takeaways from Internet of Things Cybersecurity Standards, Legislation, Product Certifications and Cybersecurity Labelling Schemes (CLS)
The presentation theme is around connected product security conformance assessment, certification and labelling around the world.
Including:
• The current landscape of IoT product cybersecurity standards internationally
• The current landscape of IoT/Smart/Connected product legislation in each country
• The current landscape of the global vs domestic IoT security certifications and CLS including pros and cons from various stakeholders perspectives
• Lessons learned over the past seven years; developing, applying for, and obtaining international Certification Trade Marks for a Global connected device certification and labelling scheme
• Effects for device consumers/users – including private sector and critical infrastructure
• Effects for device manufacturers – including distributers and retailers
• Effects for government departments and agencies
• What’s next, what does the future hold?
Rasadhi Attale
Senior Hardware Engineer, Siemens
A Senior hardware engineer working for the Embedded Analytics team at Siemens for 6 years. Previously worked at arm prior to joining Siemens. Is currently studying for a masters in cybersecurity at University of Oxford.
Presentation: Hardware based security for advanced threat detection and mitigation
Today’s modern Software Defined Vehicles are essentially an IoT device or several Iot Devices on wheels and are vulnerable to various different types of security threat. V2X communication attacks are the more common and the most impactful of them. We will be presenting a suit of hardware IP that can help mitigate various V2X communication attacks and help monitor the health of a fleet.
Mike Eftimakis
Founding Director, CHERI Alliance
Mike Eftimakis has an extensive background in the semiconductor and electronics industry with 30 years in senior technical and business roles. He has a rich history of innovation with companies like VLSI Technology, NewLogic, and Arm, and he started-up and led his own company. where he played pivotal roles in advancing technology and business strategies. His expertise ranges from chip design engineering and system architecture to product management, marketing and strategy, making him a key contributor to the growth and success of microelectronics organizations.
Currently, Mike is the VP Strategy and Ecosystem at Codasip, where he drives the long-term vision and its day-to-day implementation. His leadership at Codasip focuses on positioning the company to differentiate in a highly competitive market, while fostering strategic partnerships and enhancing the company’s market position. Mike’s blend of technical acumen and strategic insight are key in this engineering-led environment.
In parallel, he is a Founding Director of the CHERI Alliance, an industry association dedicated to promoting CHERI technology. This technology addresses the root causes of most current cyberattacks, contributing to a safer and more trustworthy World.
John Sirianni
CEO, Tropic Square
John Sirianni has led and grown companies that specialize in semiconductor security, communications security, Post-Quantum Cryptography and Critical Infrastructure Cybersecurity.
In his previous role, John provided strategic advisory services to Blockchain, AI, and Quantum security companies. His involvement in IoT security led him to collaborate with the IoTSF in Silicon Valley from its founding in 2015.
John now leads Tropic Square, a company that develops auditable and open hardware secure semiconductor chips for the next generation of crypto-secure infrastructure systems.
Presentation: Securing the Decentralized Future: Open and Auditable Hardware Security for IoT Ecosystems and Web3
As IoT devices become more decentralized and self-sufficient, they are gaining the ability to operate with increasing levels of autonomy and independence. This shift is enabling new capabilities like instant transactions, negotiations and settlements directly between intelligent devices.
These advancements offer high value targets for attackers – challenging the traditional approaches to physical hardware protection. A new hardware
security paradigm is urgently needed to address the requirements of autonomous IoT devices and Web3.
This session provides insights into protecting increasingly autonomous and decentralized device ecosystems. Attend to learn about:
Emerging Security Challenges
● The new attack vectors arising in autonomous IoT and Web3 devices
The impact on endpoint device security and sovereignty
New Security Approaches
● Transparency over obscurity: Why open, transparent, and auditable
security elements are more effective against advanced attacks than
closed approaches
● “Zero-trust” implemented in silicon to enable a new level of
cryptographic key protection and management
● How Kerckhoffs’ principle, when applied to secure element IC
development, enables novel design approaches for hardware root of
trust
Future Outlook
● How community-driven innovation is shaping hardware security
Phil Day
Director of Engineering, Configured Things
Phil is the Director of Engineering at Configured Things, a startup founded by Alumni from Hewlett Packard Labs to build solutions that can operate across security domains. He has more years that he cares to admit to developing and delivering complex distributed systems.
He spoke at the IOTSF 2022 conference on the subject of Secure by Design Configuration interfaces, and is a member of the CyberASAP review panel for IoT.
Presentation: Implementing Cross Domain Security Patterns for IoT
IoT networks typically consist of low cost sensors over which the operator has little control of the security implementation, deployed in locations that are often difficult to secure. The data from these sensors needs to be passed data into protected high trust networks, which requires that only essential and
verified data is admitted.
One of the key challenges for IIoT is that data is not constrained by the traditional Purdue hierarchies. Data from SCADA systems and PLCs needs to be shared with a wider range of IT systems, which in turn need to send data and configuration information to the control layer.
In both cases the data paths between these two trust domains introduce attack routes that can only be partially mitigated by traditional IT protections such as firewalls and intrusion detection, which do not meet the higher levels of assurance required for safety critical systems such as IIoT.
The NCSC publishes a set of thirteen design principles for implementing high assurance Cross Domain Solutions, along with architectural patterns for the safe import and export of data. These include the use of protocol breaks, and for high levels of assurance flow control elements such as data diodes, to mitigate the threats from classes of attack that are embedded in the payloads.
These architectural patterns are typically perceived as only applying to classification boundaries such as those found in government and military organisations; preventing malicious data from being imported and maintaining a strict control on what data can be exported. However they can also be applied to many other contexts to provide a much reduced attack surface.
In this talk I will describe a solution which applies those patterns to the IoT space, allowing telemetry to be safely imported and equally importantly remote systems securely configured and managed. I will describe the key challenges in designing such a system, illustrated with an example based on a LoRaWAN deployment.
I will also cover our work within the Digital Security by Design (DSbD) program to create cost effective alternatives to the high end “hardsec” devices used at the classification boundary.
Jennifer Williams
Director of IT and Operations, Secarma
Jen has nearly a decade of experience in helping businesses to defend themselves against cyber attack. With the vast majority of her career spent in the legal sector, she understands the unique challenges faced by this industry.
Presentation: Reading the R-IoT act – responding to an IoT incident
Users of connected devices rely on manufacturers to keep their data secure. But what happens when it all goes wrong? How should a business respond to ensure that damage to their reputation is minimised. During this session we’ll examine
– Real world experience of being in an incident response crisis
– The importance of being prepared
– Why communications can make or break your response to a disaster
– How to recover well.
Jonathan Marshall
Founder, SafeShark
Jonathan is an experienced cybersecurity professional with a proven track record of leading information security initiatives for over 8 years, currently serving as Chief Information Security Officer at ScreenHits. As a partner at The Hawk Media Partnership, Jonathan provides expert cybersecurity consulting and tailored solutions to broadcasters, safeguarding their critical infrastructure and operations.
A serial entrepreneur with a passion for innovation, he has co-founded multiple successful ventures, including SafeShark, a cutting-edge cybersecurity company, and TVA Group, a revolutionary audience measurement platform. Jonathan’s unique blend of technical expertise and business acumen is complemented by his strong academic foundation, holding an M.Eng. in European Management in Engineering from the University of Glasgow. He is deeply committed to protecting businesses from evolving cyber threats and leveraging data intelligence to drive growth and success.
Presentation: Why does my TV still think it is a fridge?
SafeShark has been working with manufacturers (including LG, Panasonic, Arcelik) of consumer electronic equipment since 2020 and as a result we have gained a unique perspective of the trends in cyber security compliance and issues. We use a unique automated testing platform allowing us to test compliance against the standards.
As a result of testing dozens of products we would like to share some of our unique findings across a range of devices from Smart Showers to Televisions that think they are a fridge.
Key insights will be shared allowing our audience to understand how to help manufacturers comply with the best practice for building ‘secure by design’ products and ensure that consumers are given clear information at the point of sale.
Andrew Bott
Principal Security Architect, IAR Systems AB
Andrew Bott is a Chartered Engineer who has been working in security of embedded systems for more than twenty years and previously worked in software development and project management in embedded software and backhaul systems for telecommunications from DECT, GSM, 3G, LTE at Symbionics, Anritsu, and ip.access. He has architected security on multiple hardware platforms and is knowledgeable in PKI, setting up and operating several certificate authorities using HSMs. He currently has 19 patents on secure supply chain though Secure Thingz Ltd where he worked as the Senior Security Architect.
In 2021 he contributed to the peer review of the IoTSF Assurance Framework v3.0 and the Vulnerability Disclosure Best Practice Guidelines v2.0. He is now Principal Security Architect for IAR Systems.
Presentation: How secure is your IoT device? – Indispensable ingredients for a secure IoT product!
What is needed in an IoT device and its supply chain to assure its security? This presentation addresses key aspects of security and how they can be addressed at every stage in the product development process.
It explores how to establish and authenticate a device’s identity, wherever it is, protecting it from cloning or counterfeiting, from its inception during the manufacturing process throughout the lifetime of the product, thereby establishing a secure Root of Trust in the device.
It goes on to explain core features such as secure booting so that sensitive data is securely locked down and cannot be modified when the software is running. Also, the importance of using a device that is capable of lock down.
From device conception, each device needs to be provisioned with a unique identity that cannot be cloned and a device certificate from within the company’s own public key infrastructure. Information will be given on how to achieve this, enabling authentication, confidentiality and non-repudiation.
The speaker will address how to overcome common challenges around debugging and vulnerability patches with anti-rollback, permitting software updates without compromising security.
No device is guaranteed to be 100% secure, but implementing best practice to minimize risks is both desirable and achievable.
Kay Ng
Founder and CEO, CyberAnalytics
Global Cybersecurity Strategist | Bridging East & West | Securing the Connected Future
Kay Ng is a force to be reckoned with in the world of cybersecurity. Her expertise? Transforming complex threats into strategic opportunities. Her advantage? A truly global perspective.
As a dual national of Britain and China, Kay bridges Eastern and Western approaches to security, offering unparalleled insights into today’s interconnected risk landscape. She’s advised Fortune 500 giants and government agencies, tackling everything from IoT vulnerabilities to critical infrastructure protection.
Her secret weapon? A rare ability to connect the dots between data, technology, and business impact.
Kay’s credentials speak for themselves: A Master’s degree in Software and Systems Security from the University of Oxford, a track record of leadership roles in multinational corporation and global consulting firms, and a passion for empowering the next generation of cybersecurity leaders.
Presentation: From Risk to Return: A Two-Part Framework for Prioritising and Measuring Security Investment Returns
In today’s hyper-connected world, securing the Internet of Things is no longer optional—it’s a business imperative particularly if you’re supplying to Critical National Infrastructure.
But with limited resources and evolving threats, how can executives prioritise investments and ensure a tangible return on their security spend?
This presentation introduces a two-part to solve the problem of investing with the biggest impact, and how to communicate it so that it resonates at the Boardroom. First, we’ll explore a risk-based approach to prioritising security investments. Second, we’ll delve into practical methods for measuring the effectiveness of your security program, demonstrating how to quantify ROI and communicate the value of your efforts to key stakeholders.
Through real-world case studies and actionable insights, this presentation equips executives with the knowledge and tools they need to move from risk to return, transforming IoT security from a cost center to a strategic driver of business value.
David Ihrie
CTO, Virginia Innovation Partnership Corporation (VIPC)
Mr. Ihrie has over 40 years industry experience as a direct innovator in the fields of satellite and terrestrial communication, computing, and information science, and has been a principal in seven startup companies. In addition to his entrepreneurial activities, Mr. Ihrie has helped build four national scale business accelerators for the Intelligence Community, for DHS, and in the areas of cybersecurity and smart cities.
In addition to the CTO role, Mr. Ihrie is VP, Strategic Initiatives for the Commonwealth, focused on transitioning promising leading-edge technologies into practice for state and local government. The Virginia Strategic Initiatives portfolio includes Smart Communities, the Virginia Unmanned Systems Center at VIPC, the VIPC Public Safety Innovation Center, and the SCITI Labs program with DHS Science & Technology focused on public safety capabilities. Active areas of technology focus and experimental pilot projects in the Virginia network of Living Laboratories, centered at the Virginia Smart Community Testbed, include:
– IoT devices and sensors
– Advanced Air Mobility and the supporting ground-based infrastructure for Airspace Awareness
– Cybersecurity
– Smart Buildings
– Quantum computing
– Immersive Environments (AR/VR)
Mr. Ihrie has a Master of Science degree in Business from MIT, specializing in the Management of Technological Innovation, and a B.S. from MIT in Electrical Engineering/Computer Science.
Presentation: What’s the Emergency? Public Safety in a world of IoT and cybersecurity, digital critical infrastructure, climate change, quantum computing, AI, drones, and high-end threats
As a CIO/CISO, the world has changed dramatically over the last decade, from worrying about script kiddies in their mothers’ basement attacking our firewall, to now a fully distributed network of devices which we may no longer physically control. Data is king in a world where everything is connected, and our entire economy is online. Both the natural world and human threats present ever-increasing challenges, and the pace of technology change continues to increase.
As a public sector CISO supporting adoption of emerging technologies for the Commonwealth of Virginia in areas such as emergency management, incorporation of drones into the national airspace, and protection of critical infrastructure, real-time situational awareness from a large network of distributed IoT sensors, users, and applications is essential. Security by design, incorporating the principles of zero trust is a critical element to ensure the secure, reliable flow of information necessary for our modern world.
Stephan Janouch
Technical Marketing Director, EMEA, Green Hills Software GmbH
Stephan Janouch is the Director of Technical Marketing EMEA for Green Hills Software, based in Munich. He holds a German diploma in Electronic/Electrical engineering from the University of Applied Sciences in Landshut, Germany and has been working in the automotive and semiconductor industries for more than 25 years. During this time, he helped solving problems in applications engineering, business development as well as marketing, and along the way also served as the editor-in-chief for professional magazine on automotive electronics.
Presentation: 10 Rules to Build Unsecure Embedded Systems
This paper/presentation will outline the basic rules for building secure embedded systems with a focus on the software architecture. However, instead speaking with a moralising undertone, which typically leads to a “we know” or “we do this already” reaction, we will provide a not-to-be-taken-too-seriously approach of educating the audience in building a complete unsecure, easy-to-hack system. The rules we will touch on will be the following:
• Make it work, then make it secure: no need to worry about security when you start the project. You can make any system secure enough by adding a firewall at the end of the development process.
• Use only open-source software (OSS): OSS is typically very well maintained and crowd-tested. Also, the community wouldn’t give everyone source code access to look for potential attack surfaces.
• Hire great engineers, then success will follow automatically. They can do magic even if all you give them are simple tools you just downloaded from the internet for free.
• All operating systems are the same, hence, just go for the cheapest. Differences in architecture, separation options, support are neglectable. After all, it’s just about a few low-level software services, right?
• Certifications are just a rip-off! They were invented to generate additional revenue for suppliers of complex products. Just go with something non-certified and do the certification on your own. Typically, this is just a bunch of documentation.
• AI is a geek’s thing (and a myth): AI probably will never fly, so you don’t have to worry about how a hacker may or may not use AI to find a hole in your firewall or have AI code malware to infiltrate your system.
• Modularization is making things more complicated. While people claim that software components should be small, simple, tested and isolated, this is also adding unnecessary complexity. Just consolidate all components and make sure they work. It is very unlikely anyway that you may have to change something later…
• Consolidation: Some parts of your system may contain critical code (or data). However, as your system is secured by a firewall you can easily consolidate all functions on one processor core (or a multicore entity), this makes best use of the hardware and allows for easy data/information transmission between various software functions/tasks.
• Social engineering: Only stupid people fall for phishing emails or social media scams using fake profiles. You know you have a great team (even the guy that started just recently…), all are digital natives with full understanding the latest trends in social engineering.
• Updates: Updates are in most cases completely unnecessary. You have tested your system before deploying it into the field, so, if something isn’t working it is not your fault. Maybe the system needs a hardware upgrade?
A short summary at the end will be shown to lift the curtain and explain the background of this talk, i.e. that it was derived by issues observed in various development projects over the years.
Paul Watrobski
IT Security Specialist, NIST
Paul Watrobski is an IT Security Specialist at the National Institute of Standards and Technology (NIST) where he helped develop the Profile of the IoT Core Baseline for Consumer IoT Products among other guidance from the NIST Cybersecurity for IoT Program. He has also taken part in several projects at NIST’s National Cybersecurity Center of Excellence (NCCoE). Paul is a principal investigator for the Trusted IoT Device Network-Layer Onboarding and Lifecycle Management project and the upcoming Software Supply Chain and DevOps Security Practices project, and previously developed an open-source tool, MUD-PD, in support of device-intent enforcement for the Mitigating IoT-Based DDoS project.
Prior to NIST, Paul studied electrical and computer engineering at Binghamton University and the University of Maryland – College Park (UMD). Today, he is pursuing a doctorate in reliability engineering at UMD, researching firmware update-vulnerability lifecycles in IoT under the advisement of Dr. Michel Cukier.
Presentation: What Things Are Really on Your Network? Trusted IoT Onboarding and Lifecyle Management
The U.S. National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) recently published practice guide NIST SP 1800–36, addressing challenges with establishing and maintaining trust of IoT devices on home, enterprise, and industrial networks at scale. The NCCoE worked hand-in-hand with industry stakeholders to develop and describe five protocol-specific reference implementations of trusted network-layer onboarding based on Wi-Fi Easy Connect (DPP), Bootstrapping Remote Key Infrastructure (BRSKI), and Thread, as well as one agnostic reference implementation of factory provisioning of credentials. The practice guide progresses deep into the details starting from a high-level Executive Summary (Volume A) of the challenges and proposed solutions; to the Approach, Architecture, and Security Characteristics (Volume B) of the project; to step-by-step How-To Guides (Volume C) for implementing each build; to Functional Demonstrations (Volume D) of each build’s cybersecurity capabilities; and lastly, to mappings to relevant standards related to Risk and Compliance Management (Volume E). No matter where you fit in the process of developing a secure IoT product, at least one of the volumes of this practice guide will benefit you.
Come by to hear from and meet one of the project’s principal investigators and learn how you may be able to implement trusted network-layer onboarding for your devices.
Dr Des Howlett
Senior Member Technical Staff, Doulos Ltd
Doulos Senior Member, Technical Staff, EUR ING Dr Des Howlett joined Doulos in 2017. He has worked in the past as a Senior Field Applications Engineer for Microchip Technology and Silicon Laboratories, all over the EMEA region.
Immediately prior to Doulos, he was Technical Marketing Manager, EMEA, for Software at Avnet Silica and was responsible for liaising between processor manufacturers and customers to ensure that supplied software was suitable for market needs.
Des has previously taught embedded C programming and Verilog logic design at the University of Reading and now is an instructor for Embedded C and C++, Python, Embedded System Security as well as FPGA courses at Doulos.
Presentation: Where is your weakest link? Observations from teaching Embedded System Security
Everybody wants their product to be secure and it is now, rightly, a legal requirement for it to be so. People often think of security as encryption or protecting data, but it extends far beyond that.
There are important questions to ask, that are frequently overlooked, such as: Did you leave a secret test mode open, or did you fail to check statuses and user data? Do your product tests go beyond a pure check for functionality and ensure that bad inputs are also rejected?
It is surprising how many vulnerabilities are left in products in the rush to get something out the door. It is also amazing how engineers focus on securing one part, while leaving glaring holes that can be easily circumvented. Even the most experienced pilots follow checklists, but are you following a logical process or security framework in your designs?
Do you spend time, before starting the design, thinking about the possible problems that could befall your product? Do you write defensive code, looking at areas where bad data could have disastrous consequences? Do you realise that something as simple as an unchecked data string could let somebody execute code and do practically anything they choose?
It is common to look at security as a separate discipline, although many secure design practices will also give you a more reliable and higher-quality end product. Most security flaws are bugs in their own right, so fixing one will often help with the other.
This talk will include examples of some of the points we teach, that have triggered engineers to think twice about how they approach security.
Zahra Khani
Principal Product Manager for IoT Security Assessment, Keysight Technologies
Zahra is a seasoned cybersecurity professional with a passion for innovation in OT/IoT security. Her tech journey began at the age of 15, ultimately leading her to earn a degree in software engineering in 2009. After gaining several years of hands-on experience as a security engineer, Zahra founded Firmalyzer in 2016, a pioneering cybersecurity company specializing in the development of the first automated OT/IoT firmware security analysis platform. During her time at Firmalyzer, she combined her technical expertise with product management and business strategy, driving significant growth in the company’s solutions. This platform was designed to address the growing need for securing connected devices in the rapidly expanding IoT ecosystem. At the end of 2023, Firmalyzer’s technology was acquired by Keysight Technologies, a global leader in electronics and testing equipment. Following the acquisition, Zahra transitioned to the role of Product Manager for the IoT Security Assessment product at Keysight, where she continues to drive innovation in IoT security. In her current role, she combines global customer feedback with her vision to refine and enhance the product. Zahra is passionate about turning complex challenges into opportunities and improving digital security to make the online world safer.
Presentation: Building Secure IoT Products from the Ground Up
Building a secure IoT product typically involves a fairly complex supply chain of hardware and software components, and a flaw in any one level can have allow compromise of the entire device and pose dire consequences for overall system integrity. In this presentation, I’ll provide an overview of security testing techniques starting at the chip level and working up through application level, describing the kinds of issues that can be found at each and how they can interact with each other. Although we’ll touch on technical topics, the goal here is not doing a deep-dive on any particular technique or technology; the point of the discussion is convincing those ultimately responsible for the security and integrity of IoT systems that security flaws are real and should be found proactively before someone else does that for you. The presentation will provide multiple examples of IoT security flaws we’ve discovered in the course of our work and how they were discovered including hardware testing, network protocol fuzzing and firmware analysis. For example, I’ll show how we were able to extract the encryption key from a post-quantum crypto implementation because the CPU itself wasn’t hardened, and our analysis of an industrial-grade PLC device with multiple vulnerabilities, ranging from the design level to the upper application layers, including vulnerable third-party components. And because this forum is interested in certification efforts around the world, I’ll talk briefly about my involvement with the US Cyber Trust Mark and how it’s incorporating multi-level security testing.
Antoinette Hodes
Global Solution Architect & Evangelist, Check Point Software Technologies
Antoinette Hodes is a global cybersecurity solutions architect and evangelist with Check Point Software Technologies Office of the CTO. A professional with 26+ years in IT, OT and cybersecurity. Antoinette writes cybersecurity articles for Cybertalk.org and speaks at events regarding cybersecurity for IT, IoT and OT environments, AI & ML in cybersecurity, the global threat landscape, shares strategic and tactical aspects such as experience, insight, knowledge, recommendations and best practices.
Prof. Alex Mouzakitis
Programme Director, Cyber Security, Jaguar Land Rover
Prof Alex Mouzakitis is the Programme Director for Cyber Security at Jaguar Land Rover and Industrial Professor of Automotive Systems at WMG, University of Warwick. Prof Mouzakitis has over 20 years of technological and leadership experience especially in the area of automotive systems. In his current role is responsible for the delivery of the Cyber Security Programme across all Jaguar Land Rover functions.
In his previous positions within JLR, Prof Mouzakitis served as the Chief Technical Specialist for Systems Engineering, Head of Vehicle Engineering, Infotainment and Connectivity Research, Head of the Electrical, Electronics and Software Engineering Research and prior to that as the Head of Model-based Product Engineering.
Prof Mouzakitis is a Chartered Engineer and a Fellow of the IET and InstMC engineering institutions. He is a member of the Industrial Advisory Panel of several international conferences, member of the InstMC System and Control Technology Panel, member of the InstMC National Council and a member of the InstMC Accreditation Panel. He has published over 130 scientific papers in international journals, book chapters and international conferences.
Prof Mouzakitis holds a BSc (Hons) in Integrated Manufacturing Technology and a PhD in Machine Learning and Artificial Intelligence for Autonomous Vehicles from the University of Wales, an MSc in Systems and Control from Coventry University and an EngD in Automotive Embedded Software Development from The University of Warwick.
Prof. Anna Marie Mandalari
Assistant Professor, Dept. Electrical and Electronic Engineering, University College London
Anna Maria Mandalari works as Assistant Professor in the Information and Communications Engineering research group, Dept. Electrical and Electronic Engineering, University College London. She is Honorary Research Fellow at the Institute for Security Science and Technology at Imperial College London and expert fellow of the UK SPRITE+ Hub.
Anna Maria Mandalari has been nominated Member of the Italian Technical Secretariat of the Committee for strategies on the use of AI. She obtained her PhD within the framework of the METRICS project, part of the Marie Skłodowska-Curie action, intended for excellent researchers, affiliated with the Carlos III University of Madrid. Her research interests are Internet of Things (IoT), privacy, security, networking and Internet measurement techniques. She studies privacy implications and information exposure from IoT devices. She works on the problem of modelling, designing, and evaluating adaptation strategies based on Internet measurements techniques. In addition to her research, Anna gives invited talks all around the world to promote research and create awareness on security, privacy, and ethical AI. Most of her research experiences have significantly contributed to several EU-funded research projects and have had a significant influence on media and policymaking. Anna Maria Mandalari is also committed to promoting the interest of young women in STEM subjects.
Haydn Povey
Founder and CEO, SCI Semiconductor
Haydn is the Founder & CEO of SCI Semiconductor, a company focused on developing and delivering next generation security IP and devices. The company is a leading advocate of CHERI technology, with its ability to resolve over 70% of critical vulnerabilities through enhance Memory Safe technology, compartmentalisation, and integrated component management. The company works closely with governmental and commercial entities to introduce CHERI technology and to solve many of the biggest issues in critical infrastructure and industry today.
Haydn has been in senior management at leading global technology companies for over 30 years, including as Chief Strategy Officer at IAR, through the successful acquisition of Secure Thingz Ltd. He additionally held senior marketing and business development roles at ARM Holdings, the leading Microprocessor IP (Intellectual Property) company. Haydn headed ARMs strategy and product roadmaps for Security within IoT and M2M marketplaces where he worked with critical groups within the US and UK government responsible for the development and deployment of security frameworks, alongside many leading silicon vendors, OEMs and system integrators and software solutions.
Previously Haydn was Director Security Products & Technologies within the ARM Processor Division where he owned a broad array of products including TrustZone, which delivers security foundations in the majority of global mobiles and tablets, and SecurCore, which is the foundations for the majority of 32-bit SmartCards and SIMS. Prior to owning security at ARM Haydn led the development and introduction of the Cortex-M microprocessor family which has led to the rapid adoption of 32-bit microcontroller technology around the globe and underpins the majority of Internet of Things devices.
Rebecca Hartley
PhD Researcher, Royal Holloway, University of London
Rebecca Hartley is a PhD Researcher at the Centre for Doctoral Training in Cyber Security for the Everyday at Royal Holloway, University of London. Her research is funded by the Engineering and Physical Sciences Research Council and supervised by Dr Andrew Dwyer and Professor Lizzie Coles-Kemp. Taking a socio-technical approach, Rebecca has conducted several years of research in smart cities and technology in public spaces. The goal of her research is to understand the factors shaping security for technologies in public spaces. She is particularly interested in the way in which we communicate about technology and how this impacts cyber security. Rebecca has presented her research to a government department, including providing a policy paper. She has advised the Department for Science, Innovation and Technology on secure connected places through their External Advisory Group. Rebecca was selected as a speaker for Soapbox Science 2024, where she presented her research to the public.
Rebecca has a BA(Hons) in History and Politics from the University of Oxford and previously worked in the Information Technology Sector as a Project Manager. She was a recipient of the FS-ISAC Women in Cyber Scholarship 2023. In April 2022 she received Honorary Mention in the Growing Thought Leadership Award, issued by International Forum of Terrorism Risk (Re) Insurance Pools (IFTRIP) and was an Atlantic Council’s Cyber 9/12 Semi-finalist in 2022.
Presentation: How We Talk About IoT Matters: The Case of Technologies in Public Spaces
The research I will present investigates the factors shaping cyber security in the process of integrating technology into public spaces. Many of these technologies are IoT, such as sensors and smart bins. These devices are increasingly integrated into public spaces for efficiency, savings, and environmental reasons. Research data has been collected via international interviews with the public and private sectors as well as observations from events covering technologies in public spaces. The research contributes significant findings: it shows that how we communicate to each other about these technologies matters for security. Common narratives on technologies in public spaces mix with specific aspects of these IoT technologies to influence security. For example, the small size of IoT devices and common ideas about experimentation both influence procurement processes. Importantly, the influence on security is often negative. I will demonstrate ways in which the IoT industry can contribute to communication on technology which has more successful consequences for security.
John Moor
Managing Director, IoT Security Foundation / COO, TechWorks
John Moor is co-founder and Managing Director of the IoT Security Foundation.
He has more than 30 years experience in electronic systems and microelectronics industries and holds executive leadership and general manager responsibilities for IoTSF. Previously John served as a vice-president at the National Microelectronics Institute (NMI) where he was tasked with formulating strategy and leading the implementation of key innovation initiatives including creating a portfolio of technical engineering networks, establishing the UK Electronics Skills Foundation, running the Future World Symposium and participating in overseas trade missions.
Prior to NMI, John was one of the founders of Bristol-based start-up ClearSpeed Technology (formerly PixelFusion Ltd). During this time he led engineering operations at vice-president level and was responsible for technology acquisitions, establishing international supply chain operations and acquiring capability in the UK, USA and Taiwan.
John holds an MA (Distinction) in Strategic Marketing Management from Kingston University London and a Master of Business Administration from the University of Leicester. John’s formative embedded systems engineering career centred on leading-edge microprocessor based systems (substantially parallel systems) and used in data communications, high performance computing, graphics and virtual reality applications.
Dr. Stephen Pattison
Chairman, IoT Security Foundation
Stephen spent twelve years as Global Head of Public Affairs at Arm, a leading high tech company. He was responsible for contributions to public policy thinking across the world on a wide range of tech issues, including cybersecurity, data protection, AI Ethics, STEM policies and semiconductor growth strategies. He focussed on London, Brussels, Washington and Beijing. He is currently a Senior Adviser at Hanover Communications.
Prior to joining ARM, Stephen was CEO, International Chamber of Commerce UK, where he represented the interests of a range of companies and focussed on various policy and international trade issues. Before that he worked for James Dyson (Vacuum cleaners etc) as Head, International Business Development, where he introduced new products into new markets as well as accelerating growth in existing markets. He was once a British Diplomat and worked at the British Embassy in Washington, and on UN issues in London, New York and Geneva.
Stephen has a Master’s Degree from Cambridge University, and a Doctorate from Oxford. In 2003-4 he spent a year at Harvard as Fellow in International Affairs at the Weatherhead Center.
Peter Davies
Technical Director, Thales
I love what I do, approach everything with energy and enthusiasm and can always see an angle. As a Technical Director of Thales in the UK I have been their leading expert on Cryptography in the UK responsible for providing cryptography and information security direction and expertise on a variety of products and projects. Previous work includes the development and certification of flexible and interoperable commercial security solutions that are also widely used by governments; these solutions are available worldwide and support the security of both communications and infomatics in an international, multi grade environment. My specialist knowledge is at the core of the cyber defence and forensics activities that I undertake combatting existential treats against business. I can, and have, interacted on security and products at any level from Prime Minister, through Board to deep technical including Agencies, Certification Labs and partners developing and sustaining business opportunities worldwide. I have generated patents in the area of digital DNA and my research covers aspects of technical security as well as aspects of super-identities and their role in combatting human based cyber-attacks. I have lead EU security research contract and have acted as a n expert on others. As well as contributing to standards I am a frequent speaker at international conferences and deliver lectures to postgraduate information and cyber security programmes in the UK and worldwide.
Richard Marshall
Founder and Director, Xitex
Richard is founder and director at Xitex, a secure product development consultancy, supporting customers developing secure products and the wider standards communityHaving worked for global organisations such as AT&T, Cisco and Sony, to be being part of the founding team for more than one start-up, Richard has been involved with a variety of secured products from Set Top Boxes to Cellular Small Cells over the last 20 years. At the start-up Ubiquisys, he founded the hardware and secure software delivery team, going on to become the Product Manager for the global secure software and PKI delivery system CloudBase. Cloudbase was a key component in Cisco’s acquisition of Ubiquisys in 2013. On IoT security, Richard was the Internet of Things Security Foundation’s founding Plenary Chair for five years and currently sits on its Executive Steering Board. Richard is one of the lead authors for the foundation’s Assurance Framework which has recently been internationally recognized by the EU’s ETSI and US NIST standards bodies, as a point of reference for IoT security. He was also a contributor/reviewer for the UK’s ‘Code of Practice for Consumer IoT Security’, ETSI’s technical standard TS 103 645 and harmonized standard EN 303 645 on IoT Security. He is currently a member of CENELEC’s JTC13 WG8 RED and JTC13/WG9 CRA harmonised standards cyber-security working groups.
Ramy Shelbaya
CEO & Co-Founder, Quantum Dice Ltd
Physicist by background, Ramy co-founded Quantum Dice right after completing his DPhil in Atomic and Laser Physics at the University of Oxford.
Having previously worked on a wide variety of applications in quantum technologies ranging from computing to communications and sensing, Ramy has a passion for the communication and the commercialisation of scientific breakthroughs.
Ramy has been leading the company ever since its original inception focusing on ensuring the alignment between the technology development and the needs of the market while ensuring Quantum Dice’s continued growth.
Presentation: The Critical Role of Randomness in IoT Security: From the Past to the Present and into a Post-Quantum Future
In an increasingly connected world, the security of our digital communications and data has never been more critical. This talk explores the key role high-quality randomness plays in cybersecurity, focusing on the evolution of randomness and its applications in IoT security. Attendees will understand how true randomness is essential for securing the more connected and data-intensive IoT. They will also discover what can happen when there is insufficient randomness and the risks and consequences that arise.
The Past: A Look at Randomness and Its Role in IoT Security
IoT devices and their supporting infrastructure use Random Number Generators (RNGs) for generating their security keys. Traditionally, IoT devices have relied on True Random Number Generators (TRNGs) to produce the randomness necessary for encryption. TRNGs utilise physical processes, such as electronic noise, to generate random numbers. These methods have served the IoT sector well, providing sufficient entropy for past security needs.
The Present: Challenges with Current RNG Solutions
However, there are examples of where current RNG methods have proved inadequate. We highlight what can go wrong when there is insufficient randomness and the necessity of higher quality and verifiable sources for producing robust keys capable of withstanding present and future threats, including those arising from developments in AI and quantum technologies.
The Future: The Threat of Emerging Technologies
While quantum computing poses a significant threat to current encryption methods used in IoT sectors, there are other quantum-enabled technologies that offer solutions to mitigate this threat.
Key IoT sectors such as critical infrastructure, automotive, healthcare, manufacturing, and smart devices will particularly need the security offered by advanced, reliable RNG solutions. Attendees will learn about the strategic importance of high-quality randomness and the role of advanced standards in shaping a secure post-quantum IoT future.
Xander Heemskerk
Director Product Security, Royal Philips
Xander Heemskerk is the Director Product Security – Personal Health, Digital Pathology & Brand Licensing in the Product and Services Security Office (PSSO) at Philips. In this role he drives the Product Security programs and initiatives for Medical Devices, in vitro diagnostics (IVDs) and Wellness solutions worldwide. IOT, Mobile Apps, Cloud IAAS, PAAS , SAAS , Big data and AI are crucial parts of the Products and Services delivered by Personal Health.
Prior to Philips Xander was the Corporate Security Officer (CSO) at TomTom and the Corporate Information Security Officer (CISO) at oldest company in the world Royal Vopak. He has been responsible for Corporate Security, Enterprise Information Security, Information Risk Management and Product Security on strategical, tactical and operational level.
Xander has over 30 years of experience in all aspects of Information Technology ranging from Consulting, Security, Architecture, Performance tuning, Design, Development, Coding, Testing and Operations in different roles and positions at Oracle, Orient Overseas Container Lines (OOCL) Ltd, Hong Kong Government, Everett, Ricoh and at 50+ companies in consulting roles. For Oracle University he has taught training classes on Architecture, Security, Performance design and tuning, High Availability and Identity Management for both internal and external audiences.
Xander holds a bachelor’s degree in Higher Informatics from The Hague University of applied sciences, is a Certified Information System Security Professional (CISSP) since 2002, is a PECB Certified ISO/IEC 27001 Lead Implementer and has Certified Cloud Security Knowledge (CCSK) since 2013.
Presentation: The Security Problem of Past, Present and probably also the future
- Philips the medical company
- Introduction to Philips solutions that uses AI
- Different type of AI solutions
- The threats to AI
- Processes used to assess the risks of solutions
- AI specific processes to assess the risks
- Security governance
- Conclusions
- Open points
Ian Pearson
Principle Embedded Solutions Engineer, Microchip Technology Inc.
Ian is a Principle Embedded Solutions Engineer at Microchip Technology Inc. He has held roles in MCU and MPU applications and also led the EU Wireless team for many years introducing Wi-Fi and Bluetooth into the embedded product lines. He has been involved with IoT since it’s inception and is an advocate of enhancing security in Connected Embedded Systems. To aid this he is active on several working groups in the IoT Security Foundation and has presented on security topics at several conferences. More recently he has returned to the FPGA space and supports Microchip clients on FPGA, SoC and Security needs across multiple market segments.
Nick Allott
CEO, NquiringMinds
Nick is CEO of NquiringMinds, an AI analytics company developing state of the art cyber security infrastructure. He has been developing and deploying AI technologies for almost 30 years.
Nick was formally, CTO of OMTP, a security focussed, international mobile standards organisation responsible for many technologies now widely deployed. Significant among OMTP deliveries, is the Trusted Execution Environment, (TEE) the security core of most CPUs and SIM technology. Nick is also a Director of the Webinos Open Source Foundation: a collaborative initiative for secure IOT interaction based on PKI.
For Shell, Nick helped develop their data mining products (later acquired by Accenture). And as Technology Director for Motorola, Nick had responsibility for their speech recognition and voice Personal Assistant products. Nick Joined start-up Fastmobile (multimodal speech recognition) as their CTO in 2000 until their acquisition by RIM. His first full time job was developing neural networks for Neural Computer Sciences, followed by a stint at the part Microsoft owned Dorling Kindersley Multimedia, where he worked on search technology and 3D graphics platforms.
Nick advised the UK Government on the Secure by Default Program, sits on the Executive Board of IOT Security Foundation and was among a handful of technology CEOs selected by the then Prime Minister, Theresa May, to accompany on her first trade mission to India. Nick is a Fellow of the British Computer Society, the Institute of Analysts and Programmers and the Royal Society of Arts, has a degree in Cognitive Science, a PhD in Artificial Intelligence and is a Visiting Professor at the University of Southampton.
Presentation: Establishing a Language of Trust: SBOM, AIBOM, MUD, DevID, Vulnerability Surfaces…
Mo Ahddoud
Chief Information Security Officer, Chameleon Cyber Consultants
Mo Ahddoud CISM. Chief Information Security Officer at Chameleon Cyber Consultants.
Mo is an active contributor to the cybersecurity industry. He writes regularly in the international security journal. He is an ISACA EU Advisory Taskforce member contributing to the European Commission amendment to the Cyber Security Act.
Mo was recognised in 2017 by the British Computer Society for Security programme of the year. In 2018, he was recognised as a cyber security innovator at the CA awards in Las Vegas. His recent interests include AI and Smart Cities.
Paul Waller
NCSC
Paul has worked in cryptography and hardware security since graduating with a degree in mathematics in 2001. He has represented the NCSC and its predecessor organisation in various standards bodies, including the Trusted Computing Group, Global Platform and FIDO. His current role in NCSC allows him to spend time with academic and industry partners learning what the future holds for security technology, and also to help user communities take advantage of new features. Outside of work Paul likes to cycle up small hills in summer, and ski down bigger ones in winter.
Presentation: Securing IoT – From Market Incentives to Future Priorities
Florian Lukavsky
CTO, ONEKEY
Florian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of connected devices as a CREST certified, ethical hacker. After building offensive cyber-security teams in Singapore, Malaysia, Thailand, and Switzerland, he founded ONEKEY.
Today, Florian Lukavsky aids organizations with SBOM, security & compliance automation for connected devices as CTO of ONEKEY, the leading European product security platform.
Sarb Sembhi
CTO, Virtually Informed
Sarb Sembhi CISM, is the CTO for Virtually Informed and a CISO for AirEye, a technology company providing visibility, control and protection to enterprise Airspace. He started his career as a projects manager in the public sector then became a management consultant, where he enjoyed working with technology and software development. It was during this time where he first came across the importance of security in developing new products. This interest further led him into more security projects.
In 2005, Sarb explored the vulnerabilities of networked CCTV systems and he became interested in devices which sit on the network but were unattended and unmanaged – long before we used the term IoT. These security devices were the responsibility of the physical security teams where there was very little oversight or interaction with the cyber security teams – leading Sarb to work with others to provide security leaders with a converged approach to managing security from a single risk perspective.
In 2020 Sarb was recognised by IFSEC Global and shortlisted 5th in the IFSecGlobal 2020 20 Most Influential People in Cyber Security.
Sarb has written many articles, white papers and spoken at many events on most aspects of security. He was the Workstream lead for the Cyber Security Council Formation Project’s Thought Leadership Workstream. He also sits as an adviser on several startups. Most recently, Sarb has been a vice-chair on IoTSF’s Smart Built Environment Group where he has led the sub-groups to produce a series of best practice guides. His work continues on Smart Cities and privacy, and Smart Building Security.
Michael Dimelow
CCO, Bloc Ventures Ltd
Michael is an accomplished Deep Science and Technology investor, with a proven commercial track record at a FTSE 50 technology PLC. Career highlights include leading strategic investment and M&A at two of Europe’s most progressive PLCs – ARM and TTP Communications; co-founder and Chief Investment Officer of Accelerated Digital Ventures, raised £150m from three tier 1 financial institutions, acquired by Legal and General Capital in 2020; successfully led the sale, restructuring and growth of several UK, EU and US based technology companies. Currently operating as the Chief Commercial Officer at the growth stage Deep Science and Technology investor Bloc Ventures Ltd.
Paul Hingley
Product Security and Solution Officer, Siemens Digital Industries GB&I
Paul began his engineering career in the Automotive Industry as a Project Manager following an Electrical Technical Apprenticeship with the Rover Group. He then moved to an OEM for process equipment primarily focused on the metals industry working as an Project Engineering interface with all overseas projects. This led to numerous project management projects around the world delivering full turnkey solutions.
After working overseas for some years he returned to the UK and worked in developing industrial control solutions from the enterprise layer to the shop floor. This utilized new industrial control technologies such as Industrial communication networks and developing leading edge control concepts within the ICS environment.
Paul joined Siemens in 1997 as a Network Applications Engineer before becoming a Product Manager for industrial control systems and products. Paul became the Business Unit Manager for Digital Communication Products, Industrial Safety and Security Services. This new business unit provides Network products, security and safety consultancy.
Paul also has qualifications in Safety and Security. Paul is also the Principal Product Solution and Security Officer for the Siemens DI division. In this capacity Paul also represents Siemens Plc and provides an interface to UK Government departments and authorities.
Presentation: For a Few Dollars More
The presentation will look at how to apply the IEC62443 standard. What elements of the standard are important and how we should consider the applicable Framework and map this to the application of the standard in the OT environment. This will become the norm for the engineering design of the network architecture NOT an additional cost.
Simon Dunkley
Global Spectrum Lead, Itron
Simon chaired the UK BSI mirror committee IST33/-/8 tracking the drafting of the RED Cyber standards EN 18031-x within CEN/Cenelec. As a radio specialist, Simon works for Itron, a proven global leader in energy, water, smart city, IIoT and intelligent infrastructure services, building innovative systems for utilities, cities and society, to create new efficiencies, connect communities, encourage conservation and increase resourcefulness. Simon was educated with degrees in Physics from London’s Imperial College and the Cavendish Laboratory in Cambridge and has enjoyed a career in radio design, consultancy and management over a 35-year period.
Prof. Robert Watson
Professor in Systems, Security, and Architecture, University of Cambridge
I am Professor in Systems, Security, and Architecture at the University of Cambridge Computer Laboratory. I am involved in several research groups at the lab, including Security, Networks and Operating Systems, and Computer Architecture. I lead a number of cross-layer research projects spanning computer architecture, compilers, program analysis, program transformation, operating systems, networking, and security.
I have strong interests in open-source software, am on the board of directors of the FreeBSD Foundation, and have contributed extensively to the FreeBSD Project. I am a coauthor on the Design and Implementation of the FreeBSD Operating System (second edition) published by Pearson.
“I completed two and a half years of post-doctoral research at the Computer Laboratory, and a Research Fellowship at St John’s College, Cambridge, in May, 2013 to take up a lectureship in the department. I finished my PhD in Computer Science at the Computer Laboratory in 2010 (awarded in 2011), supervised by Professor Ross Anderson. Prior to that, I worked for six years in a series of industry research labs (SPARTA ISSO, McAfee Research, NAI Labs, and Trusted Information Systems) investigating operating systems, networking, and security; my contributions included widely used work in operating-system security extensibility, the topic of my later PhD dissertation.
My undergraduate degree is in Logic and Computation, with a double major in Computer Science at Carnegie Mellon University. While at CMU, I worked on research projects with Professor M. Satyanarayanan and Professor Jeremy Avigad.”
Nuala Kilmartin
Innovation Lead for Digital Security, UK Research and Innovation (UKRI)
As Innovation Lead for the Digital Security by Design Programme within InnovateUK, UKRI, Nuala is accountable for driving the market development of the challenge and working in partnership with Government, Industry and Academia to gather the real industry benefits to create demand and onboard advocates for this transformational technology. Nuala presently manages the DSbD Technology Access Programme and is delivering the UK and International Engagement Strategy. Nuala has spent over 25 years promoting education/industry integration across the private, public and 3rd sector and has demonstrated expertise in Innovation Consultancy, Funding, Programme Management, Enterprise Development and Strategic Partnership Engagement. Nuala is a STEM and EDI ambassador and is an avid supporter of Women in Tech.
David Chisnall
Co-Founder & Director of Systems Architecture, SCI Semiconductor
David Chisnall’s background spans compilers, operating systems, security, and computer architecture. He has written three books about programming, one about the internals of the Xen Hypervisor, has been an LLVM committer since 2008 and served two terms on the FreeBSD Core Team. He joined the CHERI project at the University of Cambridge in 2012 to lead the languages / compilers strand of the work. He moved to Microsoft in 2018 where he led the CHERIoT project, scaling CHERI ideas down to tiny microcontrollers. He is now responsible for evolving the CHERIoT Platform at SCI Semiconductor, a startup that aims to ship the first commercial CHERI silicon in early 2025.
Presentation: Delivering CHERI & Memory Safe Technology today! / CHERIoT: Fearlessly reuse untrusted C code in embedded systems
Memory safety has been one of the most pernicious issues in software systems over the past 40 years. With various attempts to resolve these issues, such as formal methods and strict development environments, failing against the tide of code resuse from GitHub, source forge, and dubious AI generation, the industry must rapidly evolve to embrace modern memory safe compute architectures. To the end the UK & US governments have spend hundreds of millions supporting the new CHERI architectural extensions for RISC-V, Arm, and beyond.
As the smallest implementation of CHERI, CHERIoT, is a co-designed hardware/software system that provides non-bypassable, object-granularity, spatial and temporal memory safety that can be used as a building block for fine-grained compartmentalisation. The overhead of splitting a component into two compartments is on the order of tens of bytes, making it possible to implement the principle of least privilege in tiny embedded devices. With only 256 KiB of total memory for code and data, the platform can run networked applications with strong isolation – yet sub-object sharing – between an on-device firewall, the TCP/IP stack, TLS layer, and each protocol layer, as well as isolating individual TLS flows from each other and allowing multiple compartments for the device’s business logic.
On top of this foundation, CHERIoT provides fine-grained auditing to understand the rights of every compartment, allowing untrusted or semi-trusted third-party components to be run without the ability to impact the overall system in case of compromise.
In this talk, we will show how we can use available technology to isolate failures, transparently restarting crashed compartments without impacting the overall system, and how we can enforce properties on legacy C/C++ libraries that may be called from higher-level languages with stronger compile-time safety properties.
Paul Kearney
Cybersecurity consultant
Paul Kearney retired from the position of Professor of Cybersecurity at Birmingham City University in 2023. Previously, he worked for British Aerospace, Sharp Laboratories of Europe, and British Telecommunications. He retains an active interest in cybersecurity research, undertaking freelance consultancy, contributing to activities of the IoT Security Foundation, acting as an expert evaluator and reviewer for research programmes and serving on the advisory boards of research projects. He holds a BSc from the University of Liverpool and a PhD from the University of Durham, both in theoretical physics.
Robert Norton
Senior Researcher, Microsoft
Robert began his career as an embedded software engineer at Broadcom. He then switched to academia, joining the computer architecture group at the University of Cambridge in the early years of the CHERI project. He implemented a CHERI CPU, studied support for compartmentalisation and contributed to the development of the ISA, including modelling it in Sail to enable formal verification of ISA properties. In 2020 he joined Microsoft as a Senior Researcher where he was part of a small team that developed the CHERIoT ISA, core and RTOS as a demonstration of how to build a completely memory safe embedded system and explore the new possibilities this creates for system security.
Prof. Carsten Maple
Prof. of Cyber Systems Engineering, WMG Cyber Security Centre (CSC)
Carsten Maple is Professor of Cyber Systems Engineering in WMG, University of Warwick where he is the Principal Investigator of the NCSC-EPSRC Academic Centre of Excellence in Cyber Security Research. He is also a Professor and Fellow of the Alan Turing Institute, the National Institute for Data Science and AI in the UK, where he is a principal investigator on a $9 million project developing trustworthy digital infrstructure. Carsten is a co-investigator of the PETRAS National Centre of Excellence for IoT Systems Cybersecurity and the Research Innovation Director at EDGE-AI, the National Edge Artificial Intelligence Hub. Carsten has an international research reputation, having published over 450 peer-reviewed papers.
Alan Jenkins
vCISO Leader, Saepio Solutions Ltd
Alan Jenkins has been a practitioner for over 30 years across all 3 pillars of security, with particular focus on cyber, convergence, resilience and business benefit. He spent his formative years in the RAF and has had a variety of corporate and consulting rules since leaving in 2006, including spells as UK CSO at 2 multinational MSPs, Group CISO at a FTSE 100 engineering services business and Associate Partner at IBM Security in Financial Services. After 5 years as an independent consultant, Alan joined Saepio Solutions Ltd in March 2024 to lead their vCISO team.
Dr Ashley Setter
Head of Engineering, NquiringMinds
Dr Ash Setter is the Head of Engineering at NquiringMinds, focusing on developing secure and scalable solutions for securing of networks for IoT devices. In this panel session, “Technology is Proven – How Do We Get Market Traction,” Ash will discuss their work with NIST, demonstrating secure onboarding of IoT devices using the BRSKI protocol, policy-augmented security, and continuous assurance to ensure secure lifecycle management.
Ash will discuss how their tools emphasize the need for memory-safe architectures, like CHERI, by autonomously managing and removing memory-unsafe devices from Wi-Fi, 5G, or LoRaWAN networks. This capability underscores the value of pushing memory-safe technologies to market by highlighting the vulnerabilities of unsafe devices and offering a practical method to ensure network security.
Prof. Bruno Crispo
Professor of computer science, University of Trento
Bruno Crispo (Senior Member, IEEE) holds a Ph.D. from the University of Cambridge, UK. He is a full professor of computer science at the University of Trento. Before that, he was a professor at KU Leuven in Belgium and at the Vrije Universiteit in Amsterdam. He was a researcher at the Stanford Research Institute. His research interests include IoT and embedded security, network security, web security, biometric authentication, and access control. He is one of the founders of Security Embedded a startup operating in embedded system security. He has more than 220 papers in peer-reviewed journals and international conferences. He is featured in Stanford University’s list of the world’s Top 2% scientists.
Ged Lancaster
CTO, TAE Power Solutions
A 38 year veteran of the automotive industry, Ged is a systems engineer first, with a passion for putting the customer first. He has spent the last 25 years in the leadership and development of almost every new control sub system technology available on a modern car as well as the back office systems for diagnostics, test, SOTA and Integration. He is a committed advocate of cyber security as a key enabler to drive a new class of systematic approach to vehicle design.
Opening Plenary Session: IoT Security: Past, Present, Future
The opening plenary session sets the stage for the rest of the day, exploring the cutting edge of IoT cybersecurity, AI and emerging themes. Following the welcome address, we will have two keynote talks that look at the emerging innovation and technology future. We will also take a look at what is in store for the IoTSF and its members with insights from the Executive Steering Board via a panel session taking the theme of the conference: IoT security – past, present and future.
This plenary session promises to equip attendees with a comprehensive understanding of the cybersecurity landscape, setting the context for the specialized tracks that follow. Attendees will not want to miss this opportunity to gain valuable insights from industry leaders and connect with fellow professionals at the forefront of IoT security.
The Future of IoT Security: Embracing Collaborative Approaches and Comprehensive Frameworks
This session explores the evolving landscape of IoT security through keynote talks from leading business and technical experts. On the business side, we discuss the shift from isolated security solutions to collaborative, ecosystem-based approaches in securing IoT devices. Attendees will also learn about supply chain integrity for IoT and AI systems, including innovations for creating operational and trusted bills of materials.
New developments in the evolution of the IoT Security Foundation’s popular security assurance framework will be announced and we will explain its transformation from a developer checklist to a corporate reference for automating audits and certification. We also highlight the recent and important work from NIST on IoT Device Onboarding and Lifecycle Management which addresses real-world trust challenges across enterprise, industrial and consumer networks. Join us to understand the collaborative future of IoT security and its practical implications
IoT Foundations of Trust: Secure by Design
This session explores contemporary cutting-edge approaches to building security into IoT devices and systems from the ground up. Experts will outline the essential elements for secure IoT products and also look at solutions for decentralized and autonomous IoT applications, examining how to leverage hardware security modules to protect vehicle-to-everything (V2X) communications.
We will also delve into the critical role of true randomness in cryptography with a focus on preparing for emerging AI and quantum computing threats.
Attendees will gain practical insights into implementing robust security measures at the hardware and system level to create resilient IoT systems.
The CISO Journey: From Coax to Resilience
In this session, we look at how cyber security has changed over the last 20+ years from the CISO perspective. Where once upon a time all they worried about were operating systems, printers, memory sticks and shadow IT. But soon every new technology became shadow IT, with mobile phones, ipads, social media, cloud services, etc.
This session will explore how CISOs started from overseeing information security, which included computers, users, the network, etc. to today, where they have to view things from an enterprise cyber resilience perspective. Does this really mean that there is nothing that they can rule out from having to provide guidance on or be responsible for? These and many other questions will be explored with our expert panel who will provide perspectives of what cyber resilience means to them in their daily world view for an enterprise.
The Practice of IoT Security: From Breach Response to Threat Anticipation
The session also includes best practices for comprehensive testing of products with diverse supply chain components. Through expert-led talks and interactive discussions, participants will gain valuable insights to strengthen their organization’s IoT security posture.
The Business of IoT Security: Mastering the Economics
In this session we look at security through the economics lens – how can security help us win in business? What do we need to know beyond the technical requirements, how do we weigh up risk and reward – how can the approach be used to underpin, even boost business objectives?
IoT technology has many commercial applications, and the resilience to attack of the connected systems is essential for business success. Context is king when determining security features, yet the business case dominates the feasibility of any successful, sustainable, security posture.
Securing IoT: Lessons from the Past, Laughs in the Present, Leaps to the Future
This engaging IoT security session will equip attendees with valuable insights and practical strategies to enhance their IoT defences. We’ll examine historical patterns, extracting crucial lessons to fortify future IoT implementations.
Prepare yourself for a humorous yet eye-opening journey through the “10 Rules to Build Unsecure Embedded Systems” highlighting common pitfalls and misguided practices that compromise security. We’ll also explore the cutting-edge world of eSIMs, uncovering their unique security properties and how they can future-proof IoT device protection. This session blends historical analysis, satirical reflection, and emerging technology insights to provide a comprehensive view of IoT security challenges and solutions.
IoT Security Compliance: Navigating the Regulatory Landscape
As connected devices become ubiquitous in our homes, businesses, and cities, the need for security oversight has never been more critical. Yet, the path to regulation is fraught with challenges. This session illuminates the complex reality of IoT security regulation and compliance, where innovation and protection must coexist.
We’ll explore the global regulatory landscape, focusing on Europe’s CRA and RED, the UK’s PSTI, NIST CSF 2 and NIS2. Our expert speakers will dissect the delicate balance between fostering innovation and ensuring user safety, addressing the concerns of compliance professionals grappling with legal uncertainties and potential penalties.
Whether you’re an IoT manufacturer, policymaker, developer, consultant, or security professional, this session will equip you with the knowledge and insights needed to navigate the evolving regulatory landscape. Don’t miss this opportunity to stay ahead of the curve and contribute to a more secure and innovative IoT future.
Memory Safety: The Pernicious Challenge
What is the memory safety challenge? How big an issue is it and what can be done? Join this session to learn about the complexities of memory safety, explore current solutions, and glimpse into the future of secure IoT systems.
Whilst memory safety in computing has been identified as a challenge since the 1970’s, it became a significantly bigger problem with the growth of connected and distributed systems – such as the IoT. Solutions to the memory safety challenge are beginning to emerge from the research labs toward real-world applications underpinned by a range of hardware and software technologies. This session dives into the critical world of memory safety and its implications for secure IoT systems. Beginning with an academic exploration of memory safety fundamentals, we progress to cutting-edge industry solutions.
We’ll examine the UK government-backed CHERI project, discuss the role of memory-safe languages like Rust, and explore industry efforts to popularize these technological advances
This session is intended for designers, developers, manufacturers, and users of IoT technology, providing them with the knowledge and tools needed to improve the security and reliability of connected systems.
The Human Side of IoT Security: Protecting People, Spaces, and Systems
This session explores critical aspects of IoT security, focusing on protecting vulnerable communities and public spaces while also considering the impact on a CISO’s mental health. Experts will discuss how IoT technologies can be misused to target at-risk groups and strategies to mitigate these threats.
We’ll examine the importance of language and framing when discussing IoT deployments in public areas, emphasizing transparency and community engagement.
Then we will consider the increasing burden of IoT to CISOs leading to further stress and anxiety and what can be done to help.
In this thought provoking session each of the speakers will present on their area of expertise. After they have spoken we will hold a fascinating interactive panel discussion and invite the audience to ask their questions.
Attendees will gain a wider view of IoT security challenges and practical approaches to address them.