Graham Cluley

Independent computer security analyst and award-winning blogger

Graham Cluley has been at the forefront of cybersecurity for over 20 years, since before most organisations had even heard of the term. He has worked for some of the biggest companies in the field and is now a respected blogger, thought-leader and consultant.

Graham’s award-winning blog is widely praised as being at the forefront of news and information on the rapidly changing world of cybersecurity.

From malicious attacks to data theft, corporate espionage to mischief-making and campaigning exposés, he gives opinion on the hype and the reality of the threats to nations, organisations and individuals whilst educating all to take cybersecurity more seriously.

Jessica Barker

Jessica Barker is a leader in the human nature of cyber security. In 2017, she was named one of the top 20 women of influence in cyber security in the UK and was the winner of the TechWomen50 Awards.

Barker’s technical knowledge and sociology background equip her with unique insight, and she has a talent for translating technical messages to a non-technical audience

She is engaged by organisations of all sizes, from multi-national firms to SMEs. Barker’s work surrounds the psychology and sociology of cyber security, particularly regarding cyber security threats, social engineering, how to effectively communicate cyber security messages, the psychology of fear and cyber security, and the language of cyber security. Her specialisms span cyber security awareness, behaviour and culture.

Barker is passionate about encouraging young people to become more engaged with cyber security, working with TeenTech and the UK’s Cyber Security Challenge.

Freaky Clown

FC is a well known ethical hacker and social engineer.

He started at a young age when computers were growing in popularity and the hacker scene was in its infancy. He has been working in the infosec field for over 20 years and excels at circumventing access controls.

As an ethical social engineer, FC ‘breaks into’ hundreds of banks, offices and government facilities in the UK and Europe. His work demonstrating weaknesses in physical, personnel and digital controls assists organisations to improve their security.

FC is currently Head of Cyber Research for Raytheon UK where he performs valuable research into vulnerabilities. He is also the CEO of Redacted Firm, a small company specialising in physical security, social engineering awareness training and bespoke social engineering and penetration testing. His client list involves every major high-street bank in the UK, FTSE100 companies and multiple government agencies and security forces.

Graham Cluley

Award-winning security blogger, researcher, podcaster, and public speaker.

Jessica Barker

Named one of the top 20 women of influence in CyberSecurity, Co-founder and Socio-Technical Lead at RedactedFirm

Freaky Clown (F.C)

Well-known ethical hacker and social engineer, Co-founder at Redacted Firm

Arrival and Registration

Grab yourself some tea and coffee on arrival. Seize the opportunity to network with other IT professionals, our own cybersecurity professionals and our technical sponsors.

Jez Turner

Sales Director of Chess CyberSecurity and this year’s Conference Chair
accordion closedInfo
Chess Opening Remarks

Join our conference chairman Jez Turner as he welcomes you to this year’s SecureTour18. This year he’ll focus on the major cyber threats we need to be concerned about, from Russia to Ransomware, we’ll be looking at the actual issues that organisations are facing. Since 2003, Jez has ensured some of the largest councils in Europe stay secure, NHS patient records stay confidential, and some of those top secret company recipes stay a secret!


Graham Cluley

Award-winning security blogger, researcher, podcaster, and public speaker.
accordion closedInfo
Unbelievable stories of cyber-horror

Graham Cluley explores some of the surprising and unusual ways that companies have been hacked, and the craziest things tech companies have done to put our data at risk.


Jessica Barker

Co-Founder and Socio-Technical Lead at RedactedFirm
accordion closedInfo
Creating the Strongest Link in the Cybersecurity Chain

Humans are often regarded as the ‘weakest link’ when it comes to the failings in cybersecurity, join Jessica Barker as she highlights where humans have got it right in this empowering keynote.


Refreshment Break

A short break to refuel and offering the chance to speak to delegates and partners.

Technology Showcase AM

Choose two of the three breakout sessions to attend from the below options:
accordion closedInfo


11:15am - 12:30am

Choose two of the three 30 minute technology showcases that are on offer

Room 1

Privileged Account Management, Ensuring Least Privilege – a highly practical guide:
Recent reports show 85% of reported breaches involve compromised endpoints, and 80% of breaches involve Privileged Credentials. Traditional Antivirus and Anti-malware blacklisting can’t keep up with new and advanced threats targeting desktops, laptops and servers. Whilst if you are storing privileged account passwords and credentials in spreadsheets, you will have no doubt this poses a serious security risk. Join Thycotic to take you through a number of tools and techniques that you can implement in order to quickly cut down your excess privilege exposure and take back full control of your most precious and important privileged accounts.

Room 2

New Technology Demands a New Approach to Resiliency

In 2018 we continue to see IT technology shifting to more cloud services and distributed architectures. This ongoing shift is accelerating and is forcing IT teams to evaluate how they protect these systems and recover them in the event of a failure.

Gabriel Gambill, Vice President of Product and Technical Operations at Quorum will discuss these trends and will focus on the implications for business resiliency.

In his presentation he will review:

The shift from on-premises applications and infrastructure to cloud services

How to protect legacy applications

The challenge of hybrid and distributed systems

Implications for small and medium sized businesses

Potential gaps for getting to the cloud

Room 3

Sophos creates powerful, yet simple IT security products, but the real power comes when these are combined together in a system.

Thanks to Synchronized Security, Sophos empowers administrators with unprecedented visibility into the activity of their users and devices.

When endpoint and network components communicate and coordinate they’re able to discover and classify previously unknown applications, detect shadow IT activity and automatically isolate compromised devices. Join this session to find out more.



Grab some lunch whilst networking with peers or book a meeting with one of our technology sponsors.

Carl Williams

Security Engineer and Penetration Tester at Chess CyberSecurity
accordion closedInfo
What the...! We’ve been hacked!

Where can a malicious attack lead? Credential theft or even a foothold on your network? Follow our CREST approved penetration testers as they take you through a live SQL injection attack


Freaky Clown

Ethical Hacker, Social Engineer Co-Founder and Head of Ethical hacking at Redacted Firm
accordion closedInfo
Nation State of Cyber Warfare

Following on from our own SQL injection attack, F.C offers a broader overview of cybersecurity and raises awareness about the types of attacks nations across the globe are performing on one another.


Technology Showcase PM

Choose two of the three breakout sessions to attend from the below options:
accordion closedInfo


14:15pm - 15:30pm

Choose two of the three breakout sessions to attend from the below options:

Room 1

AI Considerations for an Automated Cyber Security Strategy Security threats are growing faster than security teams and budgets cannot keep up.

There is already a huge talent shortage in security. Proliferation of data from dozens of security products in complex environments is paradoxically making it harder, not easier, for teams to detect and investigate threats. Hackers are leveraging automation in their attacks, increasing the number of targets and the probability of victimizing organizations even in the smallest of windows of opportunity. Like with the Equifax hack, most hacks do not stem from highly complex exploits, but merely from exploiting a small window of opportunity between public announcement of vulnerabilities and the actual patch being available and applied on the systems.

Most attacks go through a Cyber Kill Chain of events and as a defender you get a handful of opportunities to detect and block breaches. That means you have a chance to come out on top providing you have visibility. Unfortunately, that is not the whole story. Finding the proverbial needle in the haystack has become nearly impossible without automation. The attackers have an unfair advantage over the defenders in cyber-attacks, it's time for security strategies to leverage automation in detection and mitigation, restore the balance and increase our chances to come out on top in the war against cyber threats. This presentation will discuss the different options in automating the detection and mitigation of attacks and where they fit in a modern cyber security strategy.

Room 2

Please delete my previous email - When emails are sent in error, the best-case scenario is that the sender is left a little embarrassed, but at worst it can allow unauthorised access to personal and corporate data. What’s more, email isn’t the only way your staff can share information with unauthorised recipients, both accidentally and maliciously. You need communication channels to be available for work processes yet in doing so, you expose your organisation to risk, and an Outlook recall is not a good enough defence. Egress will explore how organisations can use technology to empower users to address this challenge. We’ll look at how machine learning and data analytics can be used to engage with end users to ultimately drive adoption of security technology and reduce risk.

What attendees will learn:

The real risk employees pose by sharing sensitive personal and corporate data with unauthorised recipients

How machine learning and AI can be used to engage end users with security technology

How organisations can prevent the ‘accidental’ (fat finger) email send  

How organisations can audit and control access to data even after sharing 

Room 3

No matter how many log files or data sources you have, it’s all just ones and zeros if you can’t or don’t do anything with them. How do you turn the growing tide into an asset and not a burden? Actionable intelligence in IT security is the “real-time collection, normalisation, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise”. That’s the dictionary. But it’s all about using your data to reduce risk and effort for every organisation – whatever the size. Join LogPoint to learn how the only EAL3+ SIEM can help your business achieve excellence in security, surpass compliance requirements, refine your IT operations and provide you with valuable context to what your logs are trying to tell you, with a technical overview of the LogPoint platform from a SIEM specialist.

During this presentation you will learn how to:

Address the spiralling costs of handling increasing data volumes and associated logs

Avoid increasing volumes of non-indexed information that hinder use; avoid seeing it diminish in value exponentially and reduce time to react

Demonstrate an actual, measurable, return on investment from spend on complex IT security ecosystem/environments


Smashing Security LIVE

Graham Cluley and Carole Theriault
accordion closedInfo
We’ve got a SecureTour first with a live podcast for you!

With nearly 100 podcasts under their belt, join industry veterans Graham Cluley and Carole Theriault as they discuss online privacy and cybersecurity, with a humorous twist! Every week they’ll focus on a new topic, and dish out all the industry gossip!


Conference Close and Prize Draw

It will have been a busy day so we won’t keep you long – just long enough to do that all important prize draw, will you be going home empty handed or a winner?!
uk map


Duxford Imperial War Museum


Edinburgh International Conference Centre


St. Pancras Renaissance London Hotel


Lancashire County Cricket Club


Duxford Imperial War Museum


Edinburgh International Conference Centre


St. Pancras Renaissance London Hotel


Lancashire County Cricket Club

  • This year's SecureTour in numbers
  • 3 keynote speakers
  • 6 sponsors
  • 1 live podcast
  • 660 minutes of keynote speaking
  • 954 miles travelled
  • 921 cups of tea

Egress is the leading provider of privacy and risk management services designed to manage and protect unstructured data.

Offering Government and Enterprise customers a portfolio of complementary services, the Egress platform leverages machine learning-led policy management, encryption and discovery to enable end users to share and collaborate securely, while reducing the risk of loss and maintaining compliance.

LogPoint enables organizations to convert data into actionable intelligence, improving their cybersecurity posture and creating immediate business value.

Our advanced next-gen SIEM, UEBA and Automation and Incident Response solutions, simple licensing model and market-leading support organization empowers our customers to build, manage and effectively transform their businesses.

Sophos makes IT security simple. Focused on innovation in next-generation protection, Sophos solutions are simple to deploy, maintain, and manage, enabling organizations to protect and defend their networks, their information, and their people. Sophos — Security made simple.

Quorum is the global leader in 1-click recovery, providing everything needed for immediate recovery of your critical systems after any storage, system or site failure.

Quorum’s onQ "Disaster Recovery as a Service" (DRaaS) solution provides organizations with both local and remote instant recovery capabilities for their servers, applications and data.

Thycotic provides solutions that prevent cyber-attacks by securing privileged passwords, protecting endpoints, and controlling access.

Privileged account passwords rank among the highest priority and most lucrative of security targets in any organisation. Once in the wrong hands, they can provide direct access to privileged accounts and resources – with the potential to inflict maximum damage.

Radware's mission is to be at the forefront of technology/service advances so our customers can be at the forefront of their industry.

Our DDoS protection, web application firewall (WAF), application delivery and load balancing solutions optimize business operations, minimize service delivery degradation and prevent downtime.

Thank You

We will be in touch to confirm your registration in due course. Should you have any questions or queries please contact us.

Sorry, Something Went Wrong