The expo is part of the London Tech Show, which is one of the biggest exhibitions in the UK.

From MXDR and endpoint protection to data loss prevention and security awareness training, the expo covered a broad range of security disciplines. And of course, the speakers provided some valuable insights.

Richard Tubb and Stephen McCormick both went along to see if it lived up to its reputation.

Cloud & Cyber Security Expo Introduction

The Cloud & Cyber Security Expo was part of the Tech Show London 2024, held this year at the ExCel Conference Centre in London’s Docklands.

Taking place over two days, the Cloud and Cyber Security Expo was just one of the five partner events located in adjacent halls featuring all the big players and up-and-comers in the cloud security space.

The trade show featured a plethora of vendors, resellers and associations, all there to showcase their products and services. Alongside these businesses occupying the show floor, there were a number of theatre spaces offering keynotes and presentations.

The event was expected to bring together over 15,000 exhibitors, visitors, sponsors and speakers, all with cloud security on their minds.

Cloud & Cyber Security Expo Exhibitors

Like any trade show, there were a fair number of companies there to showcase their latest products.

The significant footfall over the two days gives both established vendors and growing start-ups the opportunity to engage with their audiences. And right now, cloud security is a thriving market.

Cloud Marketplace providers Pax8 were one of the exhibitors there to discuss their new developments with new and existing customers.

Some of the other exhibitors that caught our eye included:

• Wasabi, a cloud storage provider
• Abnormal Security, a cloud email security platform
• ThreatAware, an asset discovery and vulnerability tool
• Wiz, a unified cloud security platform

Fires, Finance and Phishing

Pax8’s Senior Director of Security, EMEA, Mostyn Thomas, gave an insightful presentation on how lessons from the past can better prepare us for the future of cybersecurity.

Fires: Mann Gulch

He started with a lesson from a man named Wagner ‘Wag’ Dodge.

In 1949 Wag Dodge led a group of ‘smoke jumpers’ (firefighters who would parachute ahead of wild fires to tackle them) in a place called Mann Gulch, Montana.

The blaze picked up due to high winds, and they were cut off from each other. And many of the men perished in the blaze.

Dodge survived only by doing something you might not expect a firefighter to do – he started a fire at his feet! The fire quickly burned dry grass around him before the blaze reached him, effectively starving the fire of its fuel.

Today fire crews are trained at Mann Gulch to learn the lessons from that day, to prepare them if they have to engage a forest fire themselves.

The three big lessons from Mann Gulch were:

• Communication – radio equipment was destroyed in the parachute drop
• Teamwork/Training –firefighters were not experienced in working together as a team
• Strategy – Forest fire procedures were too rigid and not flexible enough for fluid and dangerous situations

Finance: Lehman Brothers

Next it was the lessons learned from the Lehman Brothers collapse.

In 2008, the Lehman Brothers went bankrupt as a result of the subprime mortgage crisis in the US.

The practice of subprime lending was a risky strategy driving unstable economic growth. Lehman Brothers’ assets were almost as much as the amount of debt owed on those assets, and when a mass exodus of clients occurred, the value drastically dropped all at once.

The lessons to take away from the Lehman Brothers collapse were:

• Risk – Too little margin for disaster, as proven in 2008. Their risk model (QRA) was misused and decision over-reliant on it
• Culture – Management rewarded excessive risk-taking, driven too much by profit
• Overconfidence – Investing in complex high-risk products that they didn’t really understand, and didn’t follow market forces closely enough. “It won’t happen to us”

Small Issues can Become Big Issues

Seemingly small breaches can become big problems if not addressed:

Optus had 9.8 million records breached. The lesson here: Don’t let known security risks sit unresolved because you think another layer of security is in place.

Uber had 57 million records breached following a series of bogus MFA requests. The lesson: Never rely on MFA alone to protect your critical assets. Defence in depth is key.

Zaun, a security perimeter fencing company, had one of their Windows 7 PCs infected with Lockbit ransomware. The company erected fencing for prisons and military installations. Therefore, some of the data obtained was highly sensitive.

This demonstrates the vulnerability of the supply chain, and the need for all partners to work together to keep each other safe.

Building Best Practice and the Changing Role of the MSP

With cybercrime being the third biggest growing economy in the world, we have to take the lead on cybersecurity.

Here are some of the ways we can become better cybersecurity partners:

• Get your own house in order – make sure your MSP cybersecurity is effective
• Embrace governance, risk and compliance (GRC)
• Frameworks and certification (NIST, ISO27001, Cyber Essentials, etc.)
• Get to those client’s board tables
• Follow the data
• Continuous learning and research
• Partnerships

Therefore, what have these lessons taught us? As the technology advances, so must our approach change also:

Face Facts – Perform an honest and realistic appraisal on your cyber risk. Think like a hacker, not like Lehman Bros.

Culture – Aim to have all staff onboard with cybersecurity practice by altering the culture of the organisation

Back to Basics – Although new and sophisticated tools and techniques are out there, start with practicing the basics first.

Use Your Own Knowledge – Be like Wag and think what will work for your organisation and what will not work.

Cybersecurity Synergy: Nurturing High Performing Teams Through Psychological Safety and Diversity

Stuart Seymour, Group CISO for Virgin Media O2, provided one of the highlights for the second day of the Cloud & Cyber Security Expo.

He started his presentation explaining that there’s no such thing as a typical day in security.

Theft, fraud, protecting customers, security and governance are just some of the examples of what a Chief Information Security Officer has to deal with.

As a dyslexic, Stuart believes that neurodiversity and cybersecurity are intrinsically linked, and today leads a team of great people.

Have a Purpose and a North Star

In his early career, Stuart was in the Armed Forces.

When he was deployed to Bosnia, the UN mandate at the time meant that British Armed Forces could not be directly involved in operations.

Once the mandate changed, coming home in one piece became their ‘north star’ – a common shared goal the troops could rally behind.

He’s taken that message to heart throughout his career. Having a purpose and a north star binds a team together, encouraging them focus on achieving a desired result.

Don’t Be Afraid to Fail

When he went on to work for Lockheed Martin, he noted that you had to do something exceptional in your work to achieve an ‘outstanding’ grade in your appraisals.

To do something outstanding, it meant taking a risk and not being afraid to fail.

Reflecting on this, Stuart believes that there’s psychological safety in having the space to experiment, and to learn this way is a good thing.

When we resolve incidents, there’s a sense of relief for cracking the puzzle. But afterwards, we don’t always take the time to reflect on what we’ve learned, which is a massively missed opportunity.

If engineers are not permitted to fail, they will be less inclined to take risks and miss out on potential success, not to mention the learning opportunities that come from making mistakes.

Embracing Neurodiversity

It was when he was working for BAT that he took a risk with the SOC team he put together.

In his son’s school he was aware that one boy there was an exceptional swimmer. He was autistic though, and so any discomfort, such as asking him to swim in a different lane, would cause him upset.

Stuart noted that he picked up on changes to his normal environment, and wondered if it could be something that a Security Operations Centre (SOC) team could benefit from.

Therefore, Stuart put his team together with neurodiverse candidates as a big part of his threat intelligence strategy. He thought they would be able to spot abnormalities easier – things that neurotypical threat hunters might miss.

He was right and a result, the SOC’s success rate at intercepting threats improved dramatically.

Applying the Lessons To Build a Strong Team

Now at Virgin Media O2, Stuart adopted a similar strategy for building his team.

• 50% of his leadership team are women
• 71% are black or minority ethnic
• 30% are LGBTQ
• 70% are neurodiverse

Works with specific recruiters and charities, he’s able to find the right people for the right roles, allowing them to play to their strengths.

He is very proud of his team. They have a purpose and a north star, and a strategy that they all understand. This results in improved engagement scores across the board.

Strong communication is key, as well as promoting psychological safety to allow his team the space to learn and develop.

He shows appreciation for his team through personalised one-to-ones with all members of the team. And he shows recognition with rewards for those that go the extra mile.

And should anything go wrong, the response he gives his team is: “Great, what next?”

This acknowledges the incident has happened, but makes the focus on how they move forward from it.

Cloud and Security Expo’s Other Highlights

The Cloud & Security Expo had acres of things to see, both in terms of exhibitors and presentations.

As a result, it was difficult to see everything over the two days.

Professor Brian Cox gave the opening keynote via live stream on the benefits of exploring the universe.

Arctic Wolf gave us a look into a typical day in the life of a concierge security team.

A panel of security executives talked about the importance of having a cyber hygiene checklist in their organisations.

LogicMonitor gave the crowd a demonstration of their product and how it helps engineers to check the health of cloud applications to optimise performance.

Conclusion

The Cloud & Cyber Security Expo was just one of many events that were part of Tech Show London 2024, and it was very busy both days.

With such a growing market, cybersecurity products are in abundance at the moment, and that doesn’t show any signs of slowing down.

Seeing so many different products in one room was a little overwhelming, but it was a great opportunity to see what’s out there, and the trends that are developing in this area.

It was nice to see lots of solutions covering the depth of defence, security awareness training and compliance.

Did you attend the Cloud & Cyber Security Expo, or one of the sister shows? What vendor impressed you the most? And what did you think of the event as a whole? We’d love to hear your view in the comments.

You Might Also Be Interested In

• TubbTalk Travelogue: The Cloud & Cybersecurity Expo 2024
• Key Importance of Privacy for MSPs and Clients
• TubbTalk Bonusode: The Cloud & Cybersecurity Expo: What’s New for MSPs?

The post Top Tech and Insights from Cloud & Cyber Security Expo appeared first on Tubblog: The Hub for MSPs.