Register Now
4-5 November, 2025Glasgow
National Information Security Conference
Register Now
4-5 November, 2025Glasgow
National Information Security Conference
Register Now
4-5 November, 2025Glasgow
National Information Security Conference
Register Now
4-5 November, 2025Glasgow
National Information Security Conference
Register Now
4-5 November, 2025Glasgow
National Information Security Conference
Register Now

Join the community...

Sapphire invites you to join us at our annual National Information Security Conference (NISC). Launched over two decades ago, NISC is the UK’s leading conference for cyber security professionals and organisations that need to enhance their security posture.

NISC brings together professionals, researchers, and cyber security enthusiasts for a two-day information-sharing and collaboration event. It features presentations, workshops, panel discussions, and networking opportunities to discuss the latest developments, challenges, and solutions within the cyber security and information protection industry.

The conference is a unique opportunity to make new contacts, expand your knowledge, and it gives you full access to thought-provoking and actionable content on the latest cyber security trends.

The National Information Security Conference (NISC) is a gathering designed by cyber security experts, packed with practical insights. Esteemed security pros share their experiences while top experts delve into the latest threats and trends. At NISC, we aim to help delegates boost their security skills. It’s all about collaboration, networking, and sharing key info. Attendees leave equipped to stay ahead in security and strengthen their strategies.

Register
Speakers
0
Sponsors & Exhibitors
0
Breakout Sessions
0
CPD Points to be earned
0

What's happening at NISC 2025?

Explore the latest trends in cyber security over two information-packed days at NISC 2025. Join us for in-depth talks, roundtable discussions with leading experts, and relaxed networking opportunities where you can make valuable connections with industry peers. 

Discover new perspectives from keynote speeches and get hands-on with the latest technology at our exhibition arena. 

Day One
Day Two
Day Three

Monday 3rd November, 2025

15.00
CISO Roundtable: Cyber Security Revolution - Re-writing the Rules of Cyber Defence (By Invitation) Breakout Room 3, Radisson

In an era where cyber threats are evolving at an unprecedented pace, traditional defence mechanisms are no longer sufficient. This roundtable will delve into the latest innovations and strategies in cyber security, offering you a unique opportunity to learn from industry leaders and network with peers.

Discover how to stay ahead of cyber adversaries and safeguard your organisation's digital assets and your customers.

Let’s not mitigate the risk of cyber threats, let's eradicate them.

15.00
Securing the Transport Sector - Threat Workshop Breakout Room 4, Radisson Blu

Panellists:

  • Alick McLeod, Practice Lead & Technical Director, Amey 
  • Doug Curry, Head of Information Technology, Edinburgh Trams

Our transport network, operators, and infrastructure are vital to the prosperity of the UK and requires a whole of society response to the threats we face.

This workgroup will share information on threat actor tradecraft, provide opportunities to collaborate across the UK's transport network both public and private entities, operators, suppliers and bodies and explore practical solutions to strengthen resilience and implement effect countermeasures.

14.30
Technical Masterclass: OT Ransomware Breakout Room 5, Radisson Blu

Join Sapphire and our partners for an in-depth technical session on OT ransomware.

See the latest research on how industrial control systems can be compromised and ransomed, learn how attacks occur, plus mitigation techniques, strategies and the latest technologies to avoid operational impact.

14.30
Ransomware Simulation Exercise Breakout Room 6, Radisson Blu

Are you confident your organisation is prepared for a ransomware attack? The National Cyber Security Centre (NCSC) stresses the importance of preparation: “As there is little an organisation can do once ransomware has hit, preparation is essential.”

Our live-play Ransomware Simulation exercise is vital for ensuring your readiness. Join us for this engaging session, during which we will simulate a ransomware attack, providing a safe environment for you to hone your skills. Attendees will navigate a real-life ransomware attack simulation, allowing you to:

  • Evaluate and improve your processes and practices
  • Gain invaluable experience in handling a ransomware attack
  • Enhance your organisation's cybersecurity readiness
14.30
Experience next-generation cybersecurity live. Take part in our Capture The Flag. Breakout Room, Radisson Blu

Experience next-generation cybersecurity live. Take part in our Capture The Flag.

Read More
19.30
Welcome Dinner, Megalithic Suite

Tuesday 4th November, 2025

09.00
Graham Cluley
Opening Words Auditorium: Megalith Suite

Join Graham as he welcomes you to NISC 2025.

09.15
Matt Griffin
The Future of Security Auditorium: Megalith Suite

Join Matt for a spot of future gazing as we consider the complexity of evolving cyber threats and how we all play a role in building a secure future.

09.45
Gavin Holt
State of the Art or Art of the State?: Are Teenagers Scarier than Governments? Auditorium: Megalith Suite
“Scattered Spider” is a name currently echoing around boardrooms worldwide. Allegedly a group of teenagers, they have caused significant financial, operational and reputational damage to organisations across the globe. This impact has captured the attention of senior leaders across all types of organisation who are asking: “Are we vulnerable to Scattered Spider?”
 
Historically, the ultimate fear for organisations was so-called “Advanced Persistent Threat” (APT) groups, which appeared able to walk through walls to achieve their goals. Typically aligned to governments or acting as proxies for states, these groups are well resourced, patient and precise. Initially driven by intelligence collection, operational effects or geopolitics, some have become financially motivated in response to sanctions on their countries, moving their tactics closer to those of organised crime gangs.
 
More recently, true organised crime gangs operating from countries that protect them if they avoid domestic targets, armed with ransomware toolkits, enabled by initial access brokers and adopting double-extortion tactics, have been seen as the greatest risk to organisations. Now, many organisations perceive their biggest threat to be phone calls from teenagers, leading to the same operational disruption, reputational damage and financial cost previously associated with being targeted by states or criminal gangs.
 
This session will examine how these three different types of threat actor (APT groups, organised crime gangs and teenage collectives) operate. It will question why organisations appear to be faring worse against attackers with fewer resources than the previous generation, despite being armed with better defensive tools. Finally, it will suggest defence-in-depth activities that improve organisational resilience and impose costs on attackers, regardless of their resources.
10.30
Break: Exhibition & Networking NISC Exhibition Area
11.15
Rois Ni Thuama Nick Truman Helen Faulds
Panel Session: Combating the AI Firehose: Prioritising Assets, Strengthening Defences Auditorium: Megalith Suite
  • Rois Ni Thuama
    Rois Ni Thuama
    Governance Expert
  • Nick Truman
    Nick Truman
    Head of Information Security, Nscale
  • Helen Faulds
    Helen Faulds
    CIO, Cora Health

Digital transformation isn’t just about adopting new technology — it’s about reshaping how organisations operate. Security transformation must do the same: updating governance, risk prioritisation, and defences so they can run at machine speed, not human speed.

In this panel session, security expert, Rois Ni Thuama set the scene with why assets should be the centre of your strategy and how to strengthen your defences. Rois will then be joined by fellow panellists while they debate the pros and cons of AI leaving delegates with practical, actionable insights to strengthen their defences. 

12.15
BREAKOUT: The duality of AI: How it simultaneously promotes and erodes trust in any organisation Breakout Rooms
  • Vanta
AI is a two-sided coin. It has the power to both erode and ignite our ability to build and maintain trust with prospects and partners. In this session, we’ll explore what it takes to build trust in today’s business landscape and examine how AI serves as both a champion and a challenger of trust.
We’ll talk about how AI ushers in new concerns about privacy and security, improves the effectiveness of traditional attacks, and calls brand authenticity into question. We’ll also explore all the ways AI can accelerate trust - by enabling better communication flows, defending against new attack vectors, and accelerating any business's ability to earn third-party validation.
12.15
BREAKOUT: Inside the Ransomware Economy: Prevention, Resilience & Recovery Breakout Rooms
  • Halcyon

Ransomware has evolved into a highly organised, profit-driven economy — one that continues to outpace traditional security measures. In this session, Halcyon unpacks the inner workings of the ransomware ecosystem, from the monetisation models driving attacks to the growing sophistication of ransomware-as-a-service (RaaS) groups.
Attendees will gain a deeper understanding of:

  - The current state of the ransomware economy and emerging trends  - Why conventional defenses often fall short against modern ransomware throughout the attack lifecycle -  How Halcyon’s multilayered prevention, containment, and recovery capabilities are purpose-built to stop ransomware at every stage of the attack lifecycle

This session will provide actionable insights and introduce a protection-first approach that goes beyond detection — helping your organisation stay operational, even under ransomware attack.

.

12.15
BREAKOUT: Managing the Complexities of Executive Targeting in the Evolving Threat Landscape Breakout Rooms
13.00
Lunch: Exhibition & Networking NISC Exhibition Area
14.00
BREAKOUT: Vulnerability Hero's not Zeros! Breakout Rooms
Innovid operates within a cutting edge, hyperscale environment where the guiding principle is one of "no code ownership." This rather unique approach empowers developers with complete autonomy, allowing them to pick and choose any technology they deem fit to tackle a problem.  While this fosters incredible innovation and flexibility, it has, perhaps inevitably, ushered in a significant degree of complexity, particularly when it comes to managing software vulnerabilities. Recognising this inherent challenge, the Security Team, in close collaboration with their Engineering counterparts, embarked on a dedicated, three year journey to systematically address and refine their approach to vulnerability management.  Their strategy centred on a fundamental shift in philosophy: adopting a "shift left" approach.  This meant moving security considerations much earlier into the development lifecycle. By deliberately integrating security practices into the very fabric of the engineering culture, Innovid has successfully cultivated a deeply ingrained "secure first" mentality among its developers.  This cultural transformation means security isn't just the remit of a dedicated team; it's now an intrinsic part of how every developer thinks and operates. 
14.00
BREAKOUT: Winning the AI Arms Race in Cyber Breakout Rooms
AI is rapidly transforming the cyber threat landscape, with adversaries—from script kiddies to nation-state actors—leveraging AI to scale and automate attacks. Security operations leaders must adapt, using AI-driven defence strategies to stay ahead. This session explores how organisations can harness AI to enhance detection, response, and resilience. Learn key techniques for integrating AI into security operations, mitigating emerging risks, and ensuring AI works for you—not against you.
14.00
BREAKOUT: AI-Powered Prevention: Stopping Attacks Before the Inbox Breakout Rooms
Email remains the number one attack vector — but the way we defend it must evolve. In this session, Check Point will explore how artificial intelligence is redefining email security — not just for detection and classification, but for proactive prevention and operational resilience.
14.50
Bill Buchanan OBE frse
Post Quantum Cryptography (PQC): The Current, the Future and the Integration of GenAI Auditorium: Megalith Suite
  • Bill Buchanan OBE frse
    Bill Buchanan OBE frse
    Professor Edinburgh Napier University

Public key cryptography (PKC) provides the foundation of trust and security on the Internet. Unfortunately, Shor's algorithm breaks all of our existing public-key encryption methods, such as those used for key exchange and digital signatures. For this, NIST has defined that we need to migrate critical national infrastructure applications to a quantum-robust form by 2030, and for other applications by 2035. It is thus important for organisations to understand their migration strategy over the next few years. This presentation will outline the current status of PQC, and define the steps that organisations need to take to become quantum robust, and will also outline the evolving standards for Post Quantum Cryptography along with the usage of GenAI within the migration process.

15.20
Break: Exhibition & Networking NISC Exhibition Area
16.10
Ben Westwood
Beyond Boundaries: Life as a DPO in the age of AI and GDPR Auditorium: Megalith Suite
  • Ben Westwood
    Ben Westwood
    Head of Compliance and Data Protection Officer, Motor Insurers’ Bureau (MIB)

Told through a series of real-life case studies and first-hand experiences from the frontier of compliance, Ben will be sharing how the battle between innovation and compliance can be won through focusing on the human quotient. 

16.50
Graham Cluley Matt Griffin Professor Bill Buchanan
Fireside Chat: Defending Against Future Threats Auditorium: Megalith Suite
  • Graham Cluley
    Graham Cluley
    Cybersecurity Expert & NISC Chair
  • Matt Griffin
    Matt Griffin
    Futurist, CEO & Author
  • Professor Bill Buchanan
    Professor Bill Buchanan
    Edinburgh Napier University

Join Graham Cluley as he interviews Matt Griffin and Professor Bill Buchanan.

Read More
17.30
Conference Closes
19.00
Drinks Reception Megalithic Foyer

Drinks reception sponsored by Glasgow City Council and the Lord Provost

Read More
20.00
Conference Networking Dinner, Megalithic Suite

Wednesday 5th November, 2025

09.00
Graham Cluley
Opening Words Auditorium: Megalith Suite
Read More
09.15
Lina Swift
Panel: Creating a Movement for Cyber Defence Auditorium: Megalith Suite
Read More
10.15
Spotlight Session Auditorium: Megalith Suite
10.30
Break: Networking & Exhibition NISC Exhibition Area
11.15
Dr. Ryan Shah
The EU Cyber Resilience Act: Compliance Strategies for UK Organisations Breakout Room 1
  • Dr. Ryan Shah
    Dr. Ryan Shah
    DPO & Senior Security Consultant, Sapphire
The EU Cyber Resilience Act represents the most significant cybersecurity legislation to emerge from Brussels in recent years. Despite Brexit, UK businesses cannot afford to overlook this regulation - those with European customers, suppliers, or operations will find themselves directly affected when enforcement begins in 2027.
 
This session examines the Act's core requirements and explores what compliance means for UK businesses operating in an increasingly connected regulatory landscape. We'll focus on practical implementation challenges rather than theoretical frameworks, drawing from early industry experiences and regulatory guidance to provide actionable insights.
The discussion will cover three key areas: first, we'll dissect the Act's scope and requirements, identifying which products and services trigger compliance obligations. Second, we'll assess the specific implications for UK organisations across different sectors, examining how existing cybersecurity programs may need to evolve. Finally, we'll address the operational challenges many businesses are already encountering, from supply chain due diligence to certification processes, and discuss emerging approaches to managing compliance costs and timelines.
Participants will gain a clear understanding of their potential exposure under the Act and practical strategies for developing compliant cybersecurity practices. The session includes time for peer discussion and Q&A, recognising that many organisations are grappling with similar implementation questions.
Read More
11.15
Martin Freeman Immersive Labs
Bridging the Gap: Developing Cyber Resource Breakout Room 2
  • Martin Freeman
    Martin Freeman
    Cyber Security & Compliance Managing Director, Calastone
  • Immersive Labs
    Immersive Labs
11.15
Rob Vann
Come and Meet the Most Dangerous Person on the Internet Breakout Room 3
  • Rob Vann
    Rob Vann
    CEO & Founder, MXDR Ltd

In an age where artificial intelligence is becoming not just a tool but an agent, we are beginning to outsource more and more of our decisions, interactions, and even trust to systems that act on our behalf. These AI agents can send messages, make purchases, negotiate, and even mimic our voices and personalities. But with this new power comes a dangerous shift—when we hand them agency, we also hand over the risks that come with it.

Unlike humans, these digital agents don’t carry intuition, context, or moral hesitation. They can be deceived, manipulated, or repurposed with frightening ease. The same protections that would stop you from being tricked or coerced don’t exist in the same way for the algorithms acting in your name. And that gap creates a perfect opening for exploitation.

So when we talk about “the most dangerous person on the internet,” we’re not pointing to a criminal mastermind lurking in the shadows, we aren’t even asking each of you to look in the mirror —it’s something far more elusive. It’s the invisible, tireless, agentic AI, capable of acting, or being exploited to act as anyone and everyone. The real danger isn’t in the technology itself, but in what happens when we give it the keys to our identity, our judgment, and our actions.

Read More
12.00
Lunch: Exhibition & Networking
13.00
Spotlight Session Auditorium: Megalith
13.15
Lucy Bofin Zibby Kwecka Jennifer Kilmartin
Panel Session: An Emotional Response to a Cyber Breach Auditorium: Megalith Suite
  • Lucy Bofin
    Lucy Bofin
    Group Information Security Advisor, DCC Plc
  • Zibby Kwecka
    Zibby Kwecka
    CISO, Arnold Clark
  • Jennifer Kilmartin
    Jennifer Kilmartin
    Head of Information Security, Motor Insurers Bureau (MIB)
14.15
Spotlight Session Auditorium: Megalith Suite
Read More
14.30
Geoff White
Keynote: Geoff White Auditorium: Megalith Suite
  • Geoff White
    Geoff White
Read More
3.15pm
Closing Words

Who will be at NISC 2025?

NISC 2025 will attract a wide range of IT and security experts from leading businesses, service providers, global research groups, and consultancy firms. 

Attendees will include CISOs, CTOs, IT Security/Network Managers, Compliance/Risk Managers, and IT Directors. Together, we’ll create a vibrant and collaborative atmosphere where you can network and share ideas with the industry’s top minds and most exciting innovators.

Why do they attend?

  • Certification & Growth
  • Collaborative Brilliance
  • Continuous Learning
  • Meaningful Conversations
Secure your place today

Two-Night Residential Pass

£ 545
  • 2 nights accommodation
  • Breakfast, lunch and both evening meals
  • Conference, exhibition & breakouts
  • Unlimited access to content for 12 months
  • CPE/CPD Points
Register

All prices exclude 20% VAT

One-Night Residential Pass

£ 340
  • 1 night accommodation
  • Breakfast, lunch and networking dinner
  • Conference, exhibition & breakouts
  • Unlimited access to content for 12 months
  • CPE/CPD Points
Register

All prices exclude 20% VAT

Two-Day Delegate Pass

£ 195
  • Conference, exhibition & breakouts
  • Lunch on both days and networking dinner
  • Unlimited access to content for 12 months
  • CPE/CPD Points
Register

All prices exclude 20% VAT

One-Day Delegate Pass

£ 115
  • Conference, exhibition & Breakouts for one day
  • Lunch
  • Unlimited access to content for 12 months
  • CPE/CPD Points
Register

All prices exclude 20% VAT

Our Sponsors

NISC 2025

Our Venue

Secure your place

Register today
@2025 Sapphire Technology Ltd
Youtube