14th & 15th April 2026
Northern UK CISO Summit
The TLC Connect Northern UK CISO Summit brings together senior security leaders from across the North of England to tackle the realities of protecting complex, operationally critical organisations in a more hostile and regulated cyber environment.
Over two focused days in Manchester, CISOs, Heads of Security and Risk leaders will work through the challenges of ransomware exposure, legacy infrastructure, supply-chain risk and regulatory pressure, while still being expected to enable digital and commercial growth.
The programme is built around peer-led discussions, real-world case studies and closed-door working sessions, designed to move beyond theory and deliver practical insight, shared learning and decisions leaders can actually take back into their organisations.
Key Themes for 2026
Resilient by Design: Embedding Security into Every Layer of the Enterprise
Cyber Resilience & Operational Continuity
Preparing for disruption with adaptive security models and enterprise-wide resilience planning
Threat Intelligence, Detection & Response
Enhancing visibility, anticipating attacker behaviour, and accelerating response across hybrid environments.
Identity, Access & Zero Trust Execution
Embedding identity-first security, continuous verification, and least-privilege controls across the organisation.
AI, Automation & Secure
Innovation
Implementing AI safely, reducing cyber workload with automation, and enabling secure digital transformation.
Our Speakers
Lee Morton
Head of Cyber Security
CBG
Robin Smith
CISO
Great British Energy - Nuclear
Rob Black
Group Digital & Technology Director
Bruntwood
Professor Gerard Milburn
Quantum Fellow
UK National Quantum Computing Centre
Jon Mattey
CISO
Forge Holiday Group
Michael Heritage
VP Cyber Security
Financial Times
Jay Vinda
Global CISO & Cyber Risk Engineering Lead
Mosaic Insirrance
Petra Vukmirovic
Head of Information Security & IT
Numan
Siegfried Moyo, Director
Director, Cyber| IT| AI Security
Americold Logistics
Gabriela Ahmadi-Assalemi
CISO
University of Cambridge
Dhruv Bisani
Cyber Resilience Director
Starling Bank
David Edwards
VP Information Security
Payroc
Elevate Your Security Dialogue
Summit Agenda Overview
Welcome to the TLC Connect Northern UK CISO Summit. This closed-door gathering brings together senior security leaders responsible for protecting some of the UK’s most operationally critical organisations across industry, infrastructure, public services and regulated sectors.
Across two focused days in Manchester, CISOs and Heads of Security will examine the realities of defending complex environments shaped by legacy systems, expanding attack surfaces, regulatory pressure and persistent ransomware risk — while still being expected to enable transformation and growth.
The agenda is deliberately designed around real-world case studies, peer-led working sessions and senior-level discussions. The goal is not theory, but clarity: shared insight, practical approaches and decisions that security leaders can take back into their organisations with confidence.
12:00 - Registration
Arrival, registration and networking lunch
13:00 - Chair's Welcome
Welcome and Agenda Overview
Peter Dorrington – Founder – XMplify Consulting Ltd
13:05 - Fireside Chat - Resilience in Action: Turning Cyber Crisis into Continuity and Competitive Advantage
IDC forecasts that by 2026, 40% of UK firms will face regulatory penalties tied to resilience failures, while Deloitte notes that incident response maturity is now a differentiator in cyber insurance premiums.
The reality is stark: ransomware, destructive malware, and state-sponsored campaigns are no longer rare events but recurring crises. Boards and regulators expect CISOs to demonstrate not just prevention, but recovery and continuity.
This session explores how leaders design board-level playbooks, integrate legal and PR teams into crisis response, and measure resilience with metrics that matter to regulators and insurers. The conversation will highlight why resilience is now a competitive differentiator, not just a compliance checkbox.
CISO
Great British Energy Nuclear
Global CISO & Cyber Risk Engineering Lead
Mosaic Insurance
VP Cyber Security
Financial Times
13:35 -Partner Keynote - The Control Layer Manifesto: A Unified Approach to Scaling AI Agents
Scaling AI agents beyond simple pilots requires more than just high-performing models; it requires an independent control layer. This introduces AI Commander as a complete solution framework, focusing on how a unified platform can detect hidden risks, enforce consistent policies, and provide AI resilience through precision rollbacks.
Attendees will learn how to transition from siloed, ad-hoc security to a proactive "inside-out" architecture built on deep contextual data insights.
EMEA Field CTO
Securiti AI
14:10 - Customer Case Study Workshop - Cloud-Native Security: Protecting Innovation Without Slowing It Down
14:35 - Customer Case Study Workshop - From Fragmented to Unified: Transforming Endpoint Management for Security and Efficiency
Endpoint management often evolves into a patchwork of disconnected tools and reactive processes. In this case study, we’ll explore how one of NinjaOne's partners consolidated its endpoint stack, modernized patching, and aligned vulnerability prioritization with business risk.
Senior Channel Account Manager
NinjaOne
14:55 - Networking Break and Vendor Exploration
15:15 - Panel Discussion - Beyond the Breach: Building Cyber Strategies for an Uncertain Global Landscape
Global volatility is no longer background noise — it is the defining context for cybersecurity strategy. IDC projects worldwide security spending will surge by 12.2% in 2025, reaching $377 billion by 2028, as organisations confront politically charged threat environments and escalating state actor campaigns. Gartner’s 2025 trends highlight that boards now view cyber risk as a direct threat to shareholder value, yet many security functions remain reactive, failing to adapt when business priorities shift. The imperative is clear: resilience must be embedded into the DNA of security programs, enabling continuity, agility, and strategic foresight. This panel will examine how CISOs can move beyond “defense-first” thinking to position cyber resilience as a driver of trust, competitiveness, and long-term business outcomes in a fractured global landscape.
CISO
Forge Holiday Group
Head of Cyber Security
GBG
Security Controls Partner
NatWest
15:50 - Customer Case Study Workshop - Broken Identity, Hidden Risk: Managing Identity’s Dark Matter
Organisations believe they understand their application landscape. The reality is different. Unknown apps, orphaned accounts, and unmanaged behaviours create identity dark matter — hidden risk living outside traditional identity tools.
At the current pace of discovery and onboarding, it can take years to bring these applications into existing identity controls and Agentic AI raises the stakes even further.
This session explores why identity has become fundamentally broken, how identity dark matter emerges, and how Orchid is helping some of the world's largest enterprises fix the problem.
Job Title
Orchid Security
16:15 - Roundtable Discussions
Roundtable Discussion 1: Third Party Risk in the Age of AI Vendors
AI vendors are rapidly entering supply chains, often with opaque models and data practices. This roundtable examines how to assess and manage third party risk when AI is part of the equation.
Moderation Questions:
- What’s different about assessing AI vendors compared to traditional suppliers?
- How do you verify claims about data handling and model security?
- Should regulators mandate AI vendor transparency, or should industry self regulate?
- What’s one control you’d never compromise on with an AI supplier?
Roundtable Discussion 2: AI or Die: Achieving the Autonomous SOC
In the era of AI-accelerated adversaries, organizations must transform their SOC and empower defenders to overcome alert fatigue and burnout. Join this session to explore how leading security teams are implementing autonomous SOC capabilities to reduce manual workloads, accelerate detection and response, and enable analysts to focus on strategic threats.
Host: Robbie Jakon-Whitworth, Senior Solutions Engineer EMEA, Torq
Roundtable Discussion 3: Cybersecurity Benchmarking
Benchmarking maturity is essential, but many metrics are vanity. This session explores how to measure what matters.
Moderation Questions:
- What’s the most meaningful benchmark you use internally?
- How do you compare maturity across industries?
- Should benchmarking be standardized or remain sector specific?
16:45 - Chair's closing remarks
17:30 - Networking Drinks
18:30 - Gala Dinner and Guest Speaker
08:00 - Registration & Networking Breakfast
08:45 - Chair's Opening and Day 1 Recap
08:55 - Keynote - Moving Beyond Point-in-Time Security: Adapting to Continuous Compliance across Cyber
In the past, compliance efforts have largely centred around providing a snapshot of security at a specific moment. However, with evolving regulations like DORA, NIS2, and others, this approach is becoming outdated. These new standards demand a more dynamic and continuous view of security.
This session will unpack the operational, cultural, and technological changes required to move from static reporting to living, breathing security assurance, and why this shift is essential for organisations facing increasing regulatory scrutiny, expanding attack surfaces, and rising expectations from boards and customers.
Head of Cyber Security
GBG
09:20 - Panel Discussion - Trust in the Machine: Building Secure, Responsible AI Strategies for the Enterprise
80% of enterprises are deploying AI, but only 20% have robust AI security frameworks (451 Research). McKinsey warns that adversarial AI attacks could cost industries $300B annually by 2030.
As UK firms embrace generative AI for SOC automation, fraud detection, and customer engagement, attackers are exploiting model manipulation, data poisoning, and prompt injection. The challenge is balancing innovation with risk: how to harness AI’s productivity gains without exposing organisations to novel attack surfaces.
This session explores governance frameworks, case studies, and the role of CISOs in shaping AI adoption strategies that are secure, ethical, and resilient.
Group Digital & Technology Director
Bruntwood
Director, Cyber | IT | AI Security
Americold Logistics
Security Controls Partner
NatWest
Data Protection Officer
NIC
10:00 - Platinum Keynote - Beyond Compliance: Turning Regulation into Competitive Advantage (guide topic - subject to partner changes)
With new regulations on AI, data privacy, and cyber resilience, compliance is no longer optional. This keynote shows how CISOs can move beyond checkbox compliance to leverage regulatory readiness as a differentiator in customer trust and market positioning.
Job Title
Rubrik
10:35 - Customer Case Study Workshop - Securing AI Agent Rollout at a Major Financial Institution: A Case Study
This session will review a case study of a major US bank facing security challenges that blocked their planned deployment of enterprise AI agents across over 100 petabytes of structured and unstructured data.
The bank struggled with a lack of data trust for AI consumption, the massive scale of metadata management, and complex regulatory compliance. Learn how the bank transformed data security and compliance to enable safe agents by moving at business speed and automating risk detection.
We will discuss the journey to establish strong AI governance, enabling the safe and accelerated adoption of enterprise knowledge agents, and the key finding that data must be classified and labeled before utilization by any AI agent.
EMEA Field CTO
Securiti AI
10:55 - Networking Break & Vendor Exploration
11:15 - Workshop - Cybersecurity Economics: Measuring ROI in Risk Reduction (guide topic - subject to partner changes)
Boards increasingly demand quantifiable proof of cybersecurity investment value. This keynote examines frameworks for measuring ROI in terms of risk reduction, resilience, and regulatory alignment, equipping CISOs to communicate security’s business impact with clarity.
Job Title
ThreatLocker
11:40 - Customer Case Study Workshops - The AI-Powered SOC: Scaling Defense at Machine Speed (guide topic - subject to partner changes)
Security operations centers are overwhelmed by alert fatigue and talent shortages. This session explores how AI-driven analytics, automation, and orchestration can transform SOC efficiency, reduce false positives, and enable faster incident response.
Job Title
Veracode
12:00 - Panel Discussion - Trust but Verify: Closing the Cyber Gaps in Complex Global Supply Chains
Forrester reports that 60% of breaches in 2025 originated in third-party ecosystems, underscoring the fragility of extended supply chains. PwC highlights that supply chain risk is now a board-level KPI, with regulators demanding evidence of vendor assurance.
In sectors like healthcare and finance, attackers exploit weak links in outsourced IT, cloud providers, and logistics partners to gain entry. The challenge is compounded by geopolitical instability, where state actors target suppliers to disrupt critical national infrastructure.
This panel examines frameworks for continuous vendor assurance, contractual clauses, and intelligence-sharing networks that allow CISOs to “trust but verify” in an era where supply chain compromise is the fastest-growing attack vector.
Cyber Resilience Director
Starling Bank
CISO
University of Cambridge
VP Information Security
Payroc
12:10 - Customer Case Study Workshops - Adaptive Defence: Building Security Architectures That Evolve in Real Time (guide topic - subject to partner changes)
12:40 - 121 meetings and peer-discussions
13:00 - Networking Lunch & Vendor Exploration
14:00 - Onstage Interview – Quantum Computing: What CISOs Need to Know Now - Separating Hype from Strategic Risk
Quantum computing is accelerating fast, but what does that really mean for enterprise security? In this fireside interview, Professor Gerard Milburn, Quantum Fellow at the UK’s National Quantum Computing Centre, cuts through the hype to give CISOs a clear, practical view of the risks, timelines, and strategic decisions that matter now.
From the future of cryptography to the rise of “harvest now, decrypt later” threats, this session offers a rare opportunity to hear directly from one of the UK’s leading quantum thinkers on how to build long-term resilience in a rapidly shifting landscape.
Quantum Fellow
UK National Quantum Computing Centre
14:30 - Closing Fireside Chat – The Human Firewall: Mental Health, Burnout, and Diversity in Cyber Leadership
Cybersecurity leaders operate under relentless pressure: 24/7 threat landscapes, talent shortages, and escalating board expectations.
This session explores how mental health, burnout, and diversity intersect, and how CISOs can build cultures that are resilient, inclusive, and psychologically safe.
Panelists will share lived experiences, practical strategies, and leadership lessons for sustaining high performance without sacrificing wellbeing.
CISO
Astley Digital
15:00 - Chair's Closing Remarks & Key Takeaways
Past & Current Sponsors
Who Should Attend?
Designed for Security & Risk Leaders Strengthening Enterprise Resilience