Cyber and information security members of the association ISC2 and their guests gathered at 22 Bishopsgate in the City for their annual conference in London, run by the London and East of England chapters.
After a welcome by the association’s acting CEO Debra Taylor, the opening speaker was Helen Rabe, CISO at the BBC, who talked through her strategy and blueprint – not the same things – for her work at the broadcaster since she joined in 2022. A strategy, she explained, is your compass, your vision, while your blueprint is the map for the ‘when’ and ‘where’. She set out principles, or ‘strategy absolutes’ for what should remain constant as you go through your career.
Due diligence
Deborah Saffer, director of information security at Liberty Speciality Markets, an insurer, acknowledged in her talk about doing due diligence on cyber vendors that it’s not flashy; yet it’s essential in a connected world. She summed up: “Your eco-system is your exposure, your partners are your perimeter, and your vendors are like it or not your shared destiny in cyber security. Embrace the art, master the science, ask better questions, build better relationships, and always remember the core truth, we are not just validating our vendors, we are strengthening our resilience; no organisation stands alone. Trust matters, verification matters, and partnership matters more than ever.”
Pen testing
From the penetration testing company Pen Test Partners, Ross Donald, pictured, gave a (pre-recorded) demonstration of a pen-test of an AI assistant for a fictional new law firm. It showed that AI agents can be vulnerable, and that it can be manipulated. The president of the London chapter, Liz Banbury, talked of the similarities and differences between work as a CISO for Thames Water, her current employer, compared with her previous, insurance company, one (which coincidentally was on the tenth floor of the conference location).
More AI
Staying with AI, Stephen Green of the vendor Concentric AI described the field as rapidly evolving. “One thing is for sure, the paradigm has changed,” he said, “and the future is going to be exciting.” He suggested that artificial general intelligence, which can surpass human expertise, is five to seven years away. Whether you like it or not (from a security point of view), GenAI tools are in employees’ hands; and he offered a parallel with BYOD (bring your own device), an issue with corporates about a dozen years ago. Only now, it’s ‘Shadow GenAI’. Whereas last decade staff might use their own tablets to carry out work tasks or to store work data (with perhaps risk to the corporate of data loss), now you may have systems locked down, but how easy it it, Green asked, for an employee to go into Grok (a free AI assistant) and inadvertently drop in sensitive data, ‘and it isn’t coming back’.
Events
US-based ISC2’s global conference next year is from October 24 to 28 at Gaylord Rockies. Among the online events by the association are two days on supply chain security on December 3 and 4. The association points to its recent survey that found most were highly (that is, very or extremely) concerned about cybersecurity risks in their supply chains.
About ISC2
ISC2 offers numerous cyber certifications. Visit https://www.isc2.org/.
More in the January 2026 edition of Professional Security Magazine.
