UK Northern CISO Summit -

TLC Connect - Northern UK CISO Series

14th & 15th April 2026

Manchester

14th & 15th April 2026

Northern UK CISO Summit

The TLC Connect Northern UK CISO Summit brings together senior security leaders from across the North of England to tackle the realities of protecting complex, operationally critical organisations in a more hostile and regulated cyber environment.

Over two focused days in Manchester, CISOs, Heads of Security and Risk leaders will work through the challenges of ransomware exposure, legacy infrastructure, supply-chain risk and regulatory pressure, while still being expected to enable digital and commercial growth.

The programme is built around peer-led discussions, real-world case studies and closed-door working sessions, designed to move beyond theory and deliver practical insight, shared learning and decisions leaders can actually take back into their organisations.

Days

Hours

Minutes

Seconds

Key Themes for 2026

Resilient by Design: Embedding Security into Every Layer of the Enterprise

Cyber Resilience & Operational Continuity

Preparing for disruption with adaptive security models and enterprise-wide resilience planning

Threat Intelligence, Detection & Response

Enhancing visibility, anticipating attacker behaviour, and accelerating response across hybrid environments.

Identity, Access & Zero Trust Execution

Embedding identity-first security, continuous verification, and least-privilege controls across the organisation.

AI, Automation & Secure
Innovation

Implementing AI safely, reducing cyber workload with automation, and enabling secure digital transformation.

Elevate Your Security Dialogue

Summit Agenda Overview

Welcome to the TLC Connect Northern UK CISO Summit. This closed-door gathering brings together senior security leaders responsible for protecting some of the UK’s most operationally critical organisations across industry, infrastructure, public services and regulated sectors.

Across two focused days in Manchester, CISOs and Heads of Security will examine the realities of defending complex environments shaped by legacy systems, expanding attack surfaces, regulatory pressure and persistent ransomware risk — while still being expected to enable transformation and growth.

The agenda is deliberately designed around real-world case studies, peer-led working sessions and senior-level discussions. The goal is not theory, but clarity: shared insight, practical approaches and decisions that security leaders can take back into their organisations with confidence.

12:00 - Registration

Arrival, registration and networking lunch

13:00 - Chair's Welcome

Welcome and Agenda Overview

Peter Dorrington – Founder – XMplify Consulting Ltd

13:05 -Headline Keynote: The Evolving Cyber Threat Landscape: Unpredictability and Preparedness

The cyber threat landscape is shifting faster than most organisations can adapt. Adversaries are increasingly leveraging automation, AI and industrialised cybercrime to outpace traditional defences, while geopolitical tension and supply chain fragility continue to add volatility and uncertainty.

According to the World Economic Forum’s Global Cybersecurity Outlook 2025, over 90% of cyber leaders believe a far-reaching, catastrophic cyber event is likely within the next two years — highlighting the growing gap between perceived risk and organisational preparedness.

This headline keynote explores how CISOs and security leaders can prepare for the unexpected by building situational awareness, testing assumptions and designing security programmes that flex under pressure rather than break. We’ll examine what “preparedness” really means when the next major incident is unlikely to resemble the last.

13:35 - Fireside Chat - Resilience in Action: Turning Cyber Crisis into Continuity and Competitive Advantage

Global instability is reshaping the cybersecurity landscape. Sanctions, shifting alliances and fragile supply chains are pulling CISOs into board-level discussions that sit far beyond traditional IT risk — while expectations around digital transformation and operational continuity continue to rise.

IDC forecasts that by 2026, 40% of UK organisations will face regulatory penalties linked to resilience failures, while Deloitte highlights incident response maturity as a growing differentiator in cyber insurance premiums. Ransomware, destructive malware and state-sponsored campaigns are no longer exceptional events, but recurring crises.

This fireside discussion explores how security leaders build true strategic resilience into their programmes: designing board-level playbooks, integrating legal and communications teams into crisis response, and measuring resilience using metrics that matter to regulators and insurers. The focus is on translating external volatility into clear, board-ready decisions — and positioning resilience as a competitive advantage rather than a compliance exercise.

14:20 - Customer Case Study Workshops -Operational Technology Under Fire: Securing Critical Infrastructure (guide topic - subject to partner changes)

OT environments are increasingly targeted by nation-state and criminal actors. This session highlights strategies for securing industrial control systems, bridging IT/OT security gaps, and protecting critical infrastructure from cascading failures.

14:45 - Customer Case Study Workshop - Cloud-Native Security: Protecting Innovation Without Slowing It Down (guide topic - subject to partner changes)

As enterprises accelerate cloud adoption, CISOs must secure workloads without stifling innovation. This session highlights best practices for securing containers, serverless functions and multi-cloud environments while maintaining developer velocity.

15:05 - Networking Break and Vendor Exploration

15:25 - Panel Discussion - Beyond the Breach: Building Cyber Strategies for an Uncertain Global Landscape

Global volatility is no longer background noise — it is the defining context for cybersecurity strategy. IDC projects worldwide security spending will surge by 12.2% in 2025, reaching $377 billion by 2028, as organisations confront politically charged threat environments and escalating state actor campaigns. Gartner’s 2025 trends highlight that boards now view cyber risk as a direct threat to shareholder value, yet many security functions remain reactive, failing to adapt when business priorities shift. The imperative is clear: resilience must be embedded into the DNA of security programs, enabling continuity, agility, and strategic foresight. This panel will examine how CISOs can move beyond “defense-first” thinking to position cyber resilience as a driver of trust, competitiveness, and long-term business outcomes in a fractured global landscape.

16:10 - Customer Case Study Workshop - Resilience by Design: Building Cyber Programs That Withstand Disruption (guide topic - subject to partner changes)

Cyber resilience is now a board-level mandate. This session examines how CISOs can integrate resilience into architecture, governance and culture — ensuring organisations recover quickly from attacks and maintain business continuity.

16:15 - Roundtable Discussions

Roundtable Discussion 1: Third Party Risk in the Age of AI Vendors

AI vendors are rapidly entering supply chains, often with opaque models and unclear data practices. Traditional third party risk approaches struggle to assess and manage this new class of supplier.

Moderation Questions:

What’s different about assessing AI vendors compared to traditional suppliers?
How do you verify claims about data handling and model security?
Should regulators mandate AI vendor transparency, or can industry self-regulate?
What’s one control you would never compromise on with an AI supplier?

Roundtable Discussion 2: Insider Threats in Hybrid Workforces

Remote and hybrid work has blurred the boundaries of insider risk. Employees, contractors and partners can access critical systems from almost anywhere, while expectations of trust and privacy remain high.

Moderation Questions:

What’s the most effective insider threat control you’ve implemented?
How do you balance employee trust with monitoring and surveillance?
Should insider threat programmes sit with HR, IT or Security?

Roundtable Discussion 3: Cybersecurity Benchmarking

Benchmarking maturity is essential, but many metrics are vanity figures that don’t drive better decisions. This discussion looks at how to measure what actually matters.

Moderation Questions:

What’s the most meaningful benchmark you use internally?
How do you compare maturity across different industries and geographies?
Should benchmarking be standardised or remain sector-specific?

17:05 - Chair's closing remarks

18:30 - Networking Drinks

19:30 - Gala Dinner and Guest Speaker

08:00 - Registration & Networking Breakfast

08:45 - Chair's Opening and Day 1 Recap

09:00 - Keynote – Cyber Resilience Under Regulation: Governance, Risk and Compliance in a New Era

The regulatory landscape for cybersecurity is undergoing its most significant transformation in decades. With frameworks such as NIS2, the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act, organisations across Europe and the UK face heightened expectations for accountability, transparency, and resilience. These rules are not simply compliance checklists — they are reshaping the responsibilities of boards, CISOs, and regulators alike.

Delivered by the National Cyber Security Centre, this keynote will highlight why regulatory resilience is now a strategic imperative. As Gartner notes, by 2026 most CISOs will report directly to boards on governance, while PwC underscores the rising costs and complexity of compliance. In this environment, organisations must embed security into their strategic DNA, ensuring governance frameworks, risk management, and compliance practices are robust, adaptive, and future-proof.

09:25 - Panel Discussion – Quantum Countdown: Preparing for the Encryption Reset

Quantum computing is rapidly shifting from theoretical risk to practical disruption, threatening the foundations of modern encryption. Gartner warns that by 2029, traditional asymmetric cryptography will be unsafe. Forbes notes that RSA and elliptic curve cryptography currently secure billions of devices and over 80% of global internet communications, making them prime targets as quantum capabilities mature. Yet fewer than a quarter of enterprises have begun serious migration planning, even as McKinsey stresses that the transition to post-quantum cryptography will be more complex than Y2K remediation.

This panel will examine how CISOs can prepare for quantum threats, build crypto-agility, and transition to quantum-safe standards before adversaries exploit the gap.

09:50 - Platinum Keynote - Beyond Compliance: Turning Regulation into Competitive Advantage (guide topic - subject to partner changes)

With new regulations on AI, data privacy, and cyber resilience, compliance is no longer optional. This keynote shows how CISOs can move beyond checkbox compliance to leverage regulatory readiness as a differentiator in customer trust and market positioning.

10:05 - Customer Case Study Workshops - Zero Trust at Scale: Lessons from the World’s Largest Cloud Security Deployments

Zero Trust has moved from buzzword to blueprint, but making it work across a complex enterprise is still challenging. Legacy systems, hybrid infrastructure and demanding users can quickly stall progress.

In these workshops, security leaders will share how they are implementing Zero Trust principles in the real world – segmenting critical assets, enforcing least privilege, reducing attack surfaces and measuring progress without compromising user experience or productivity.

10:35 - Customer Case Study Workshop - Quantum Readiness: Preparing for the Cryptographic Cliff (guide topic - subject to partner changes)

Quantum computing threatens to break today’s encryption standards. This session explores the timeline for quantum risk, the emergence of post-quantum cryptography, and how CISOs can begin migration planning now to safeguard long-term data confidentiality.

10:55 - Networking Break & Vendor Exploration

11:15 - Platinum Keynote - Cybersecurity Economics: Measuring ROI in Risk Reduction (guide topic - subject to partner changes)

Boards increasingly demand quantifiable proof of cybersecurity investment value. This keynote examines frameworks for measuring ROI in terms of risk reduction, resilience, and regulatory alignment, equipping CISOs to communicate security’s business impact with clarity.

11:45 - Customer Case Study Workshops - The AI-Powered SOC: Scaling Defense at Machine Speed (guide topic - subject to partner changes)

Security operations centres are overwhelmed by alert fatigue and talent shortages. This session explores how AI-driven analytics, automation, and orchestration can transform SOC efficiency, reduce false positives, and enable faster incident response.

12:10 - Customer Case Study Workshops - Adaptive Defence: Building Security Architectures That Evolve in Real Time (guide topic - subject to partner changes)

Static defences are no match for dynamic adversaries. This session explores adaptive architectures powered by telemetry, automation, and AI — helping CISOs build systems that learn, adjust, and respond in real time to evolving threats.

12:30 - Networking Lunch & Vendor Exploration

13:30 - Panel Discussion -Trust but Verify: Closing the Cyber Gaps in Complex Global Supply Chains

Forrester reports that 60% of breaches in 2025 originated in third-party ecosystems, underscoring the fragility of extended supply chains. PwC highlights that supply chain risk is now a board-level KPI, with regulators demanding evidence of vendor assurance. In sectors such as healthcare and finance, attackers exploit weak links in outsourced IT, cloud providers and logistics partners to gain entry. The challenge is compounded by geopolitical instability, where state actors target suppliers to disrupt critical national infrastructure.

This panel examines frameworks for continuous vendor assurance, contractual clauses and intelligence-sharing networks that allow CISOs to “trust but verify” in an era where supply chain compromise is the fastest-growing attack vector.

14:10 - Roundtable Discussions : Talent, Wellbeing, and Building Resilient Security Teams

Roundtable Discussion 1: From Burnout to Balance: Safeguarding the Mental Health of Security Teams

Cybersecurity professionals often operate under relentless pressure, long hours, high stakes and constant threat monitoring. This roundtable explores how leaders can proactively address burnout, foster psychological safety and embed wellbeing into the culture of security teams.

Moderation Questions:

What early warning signs of burnout should leaders look for in their teams?
How can cybersecurity leaders balance 24/7 operational demands with sustainable workloads?
Which wellbeing initiatives have proven effective in high-stress security environments?
How do you measure the ROI of wellbeing programmes in terms of resilience and retention?

Roundtable Discussion 2: Resilience Through Diversity: Building Teams That Think Differently

Diversity of thought, background and experience strengthens problem-solving and organisational resilience. This roundtable examines how security leaders can embed diversity, equity and inclusion into hiring, development and leadership pipelines.

Moderation Questions:

How does diversity directly impact the resilience of a security team?
What barriers still exist to building diverse security teams, and how can they be dismantled?
How can cybersecurity leaders ensure DEI initiatives are authentic rather than performative?
What metrics or benchmarks can track progress in building diverse teams?

Roundtable Discussion 3: Upskilling for the Future: Preparing Teams for AI, Cloud, and Emerging Threats

As technology evolves, so must the skills of security professionals. This discussion focuses on continuous learning, reskilling and preparing teams for emerging threats — from AI-driven attacks to quantum risk.

Moderation Questions:

Which emerging skills are most critical for security teams over the next 3–5 years?
How can cybersecurity leaders create a culture of continuous learning without overwhelming staff?
What role should certifications, labs and simulations play in upskilling?
How do you balance investment in training with immediate operational needs?

14:50 - Networking Break & Vendor Exploration

15:10 - Panel Discussion - Trust in the Machine: Building Secure, Responsible AI Strategies for the Enterprise

80% of enterprises are deploying AI, but only 20% have robust AI security frameworks (451 Research). McKinsey warns that adversarial AI attacks could cost industries $300B annually by 2030. As UK firms embrace generative AI for SOC automation, fraud detection, and customer engagement, attackers are exploiting model manipulation, data poisoning, and prompt injection.

The challenge is balancing innovation with risk: how to harness AI’s productivity gains without exposing organisations to novel attack surfaces. This session explores governance frameworks, case studies, and the role of CISOs in shaping AI adoption strategies that are secure, ethical, and resilient.

15:35 - Closing Keynote – Sustainability & Cyber Responsibility: Embedding Trust into ESG Strategy

Cybersecurity is now inseparable from corporate responsibility and sustainability. As 40% of organisations link their cyber strategies directly to ESG objectives (Deloitte), 77% of firms expect cyber budgets to rise while only 2% have implemented firm-wide resilience programmes (PwC’s Global Digital Trust Insights 2025). Gartner’s 2025 trends emphasise that resilience and adaptability are now top priorities, as boards increasingly view cyber risk as a direct threat to shareholder value.

For CISOs, the challenge is aligning cyber resilience with broader ESG commitments, from reducing the carbon footprint of data centres to ensuring responsible AI adoption. This keynote reframes cybersecurity as a strategic enabler of trust, sustainability, and long-term business outcomes, highlighting how responsible practices strengthen reputation, investor confidence, and regulatory compliance.

16:05 - Chair's Closing Remarks & Key Takeaways

Past & Current Sponsors

Who Should Attend?

Designed for Security & Risk Leaders Strengthening Enterprise Resilience

CISOs & Security Leaders

Chief Information Security Officers, Directors of Security and Heads of Cyber responsible for steering organisational security strategy, reducing risk, strengthening resilience, and ensuring business continuity amid accelerating threats.

Risk, Governance & Compliance Leaders

Leaders overseeing cyber risk, GRC, audit and organisational oversight — focused on aligning security with regulatory expectations, strengthening governance frameworks, and building defensible decision-making structures.

Security Architecture & Engineering Leaders

Professionals designing and operating secure, scalable architectures across hybrid cloud, identity, network, and endpoint environments — tasked with reducing complexity, modernising controls, and enabling transformation at scale.

Threat, SOC & Incident Response Leaders

Heads of Threat Intelligence, SOC, Detection & Response, and Incident Management who are driving capability uplift, preparing for high-impact events, and adopting AI-enabled detection, automation, and proactive defence strategies.

TLC Connect - Northern UK CISO Series

14th & 15th April 2026

Northern UK CISO Summit

Key Themes for 2026

Resilient by Design: Embedding Security into Every Layer of the Enterprise

Cyber Resilience & Operational Continuity

Threat Intelligence, Detection & Response

Identity, Access & Zero Trust Execution

AI, Automation & Secure Innovation

Elevate Your Security Dialogue

Summit Agenda Overview

12:00 - Registration

13:00 - Chair's Welcome

13:05 -Headline Keynote: The Evolving Cyber Threat Landscape: Unpredictability and Preparedness

13:35 - Fireside Chat - Resilience in Action: Turning Cyber Crisis into Continuity and Competitive Advantage

14:20 - Customer Case Study Workshops -Operational Technology Under Fire: Securing Critical Infrastructure (guide topic - subject to partner changes)

14:45 - Customer Case Study Workshop - Cloud-Native Security: Protecting Innovation Without Slowing It Down (guide topic - subject to partner changes)

15:05 - Networking Break and Vendor Exploration

15:25 - Panel Discussion - Beyond the Breach: Building Cyber Strategies for an Uncertain Global Landscape

16:10 - Customer Case Study Workshop - Resilience by Design: Building Cyber Programs That Withstand Disruption (guide topic - subject to partner changes)

16:15 - Roundtable Discussions

Roundtable Discussion 1: Third Party Risk in the Age of AI Vendors

Moderation Questions:

Roundtable Discussion 2: Insider Threats in Hybrid Workforces

Moderation Questions:

Roundtable Discussion 3: Cybersecurity Benchmarking

Moderation Questions:

17:05 - Chair's closing remarks

18:30 - Networking Drinks

19:30 - Gala Dinner and Guest Speaker

08:00 - Registration & Networking Breakfast

08:45 - Chair's Opening and Day 1 Recap

09:00 - Keynote – Cyber Resilience Under Regulation: Governance, Risk and Compliance in a New Era

09:25 - Panel Discussion – Quantum Countdown: Preparing for the Encryption Reset

09:50 - Platinum Keynote - Beyond Compliance: Turning Regulation into Competitive Advantage (guide topic - subject to partner changes)

10:05 - Customer Case Study Workshops - Zero Trust at Scale: Lessons from the World’s Largest Cloud Security Deployments

10:35 - Customer Case Study Workshop - Quantum Readiness: Preparing for the Cryptographic Cliff (guide topic - subject to partner changes)

10:55 - Networking Break & Vendor Exploration

11:15 - Platinum Keynote - Cybersecurity Economics: Measuring ROI in Risk Reduction (guide topic - subject to partner changes)

11:45 - Customer Case Study Workshops - The AI-Powered SOC: Scaling Defense at Machine Speed (guide topic - subject to partner changes)

12:10 - Customer Case Study Workshops - Adaptive Defence: Building Security Architectures That Evolve in Real Time (guide topic - subject to partner changes)

12:30 - Networking Lunch & Vendor Exploration

13:30 - Panel Discussion -Trust but Verify: Closing the Cyber Gaps in Complex Global Supply Chains

14:10 - Roundtable Discussions : Talent, Wellbeing, and Building Resilient Security Teams

Roundtable Discussion 1: From Burnout to Balance: Safeguarding the Mental Health of Security Teams

Moderation Questions:

Roundtable Discussion 2: Resilience Through Diversity: Building Teams That Think Differently

Moderation Questions:

Roundtable Discussion 3: Upskilling for the Future: Preparing Teams for AI, Cloud, and Emerging Threats

Moderation Questions:

14:50 - Networking Break & Vendor Exploration

15:10 - Panel Discussion - Trust in the Machine: Building Secure, Responsible AI Strategies for the Enterprise

15:35 - Closing Keynote – Sustainability & Cyber Responsibility: Embedding Trust into ESG Strategy

16:05 - Chair's Closing Remarks & Key Takeaways

Past & Current Sponsors

Who Should Attend?

Designed for Security & Risk Leaders Strengthening Enterprise Resilience

CISOs & Security Leaders

Risk, Governance & Compliance Leaders

Security Architecture & Engineering Leaders

Threat, SOC & Incident Response Leaders

AI, Automation & Secure
Innovation