Conference Chairperson & Opening Remarks

Liam Lynch, L2 Cyber Security Solutions

ISO 27001 Readiness: From Policies to Evidence

Speaker: Eoghan Kenny, Founder and CEO of The Compliance Team

• Define scope and control owners
• Set up the required documents and review cycles
• Turn policy into controls you can prove are operating
• Build an evidence pack that’s audit-ready (logs, tickets, approvals, reviews)

NIS2 Readiness and Regulatory Impact on Businesses

Speaker: Rebecca Lindley, Senior Cyber Consultant, Deloitte 

• Scope: how to assess whether you’re in
• Reporting workflow and minimum information to capture
• Supply chain risk and vendor oversight requirements
• AI governance: tool approval, data handling rules, monitoring

Incident Response and Breach Management

Speaker: Joshua Hovsha, PhD AI Governance Lead, Senior Data Protection Consultant, Pembroke Privacy 

• First 24 hours: containment, triage, comms, decisions
• Roles, escalation paths, and decision logging
• Tabletop exercises and what evidence to retain
• Post-incident review and corrective actions

Third-Party and Supplier Risk Management – Practical Controls for 2026

Speaker: Thato Phetlhe, Senior Manager – Cyber Strategy & Transformation Deloitte Ireland

• Set a supplier security baseline that is realistic and enforceable
• Assess critical suppliers differently from low-risk vendors
• Build contract terms that matter incidents, subcontractors, audits, and exit
• Monitor suppliers over time, not just at onboarding
• Manage access and data sharing with third parties without losing oversight

Cyber Fundamentals (CyFun): a Framework for IT and OT Security

Speaker: Gerard Joyce, CTO CalQRisk

• A risk-based approach to cyber security
• Different levels of compliance, proportionality in practice
• Alignment with other security standards
• The key cybersecurity functions
• Certification or self-assessment

Artificial Intelligence and Cyber Security – Practical Controls for 2026

• Set clear rules for approved tools and safe use
• Reduce data leakage through prompts, uploads, and plug-ins
• Tighten access and permissions for tools and integrations
• Keep outputs traceable with basic documentation and checks
• Use a simple checklist for new tools and suppliers
• Prepare for common attacks using artificial intelligence tools

Identity, Access, Remote and Endpoint Security – Zero Trust Controls for Devices and Users

• Joiners, movers and leavers, and where access gaps usually creep in
• Least privilege, admin rights and how to stop “everyone is an admin” becoming policy
• Conditional access built around device compliance and risk signals
• Remote access controls that match how people work now
• BYOD and contractor access, keeping business data separated and controllable
• Baseline endpoint controls, patching, encryption and malware protection
• Monitoring compliance, access reviews, and how to handle exceptions without creating loopholes

Cloud Security Essentials

• Permissions and access design that prevents overexposure
• Secrets management and key handling
• Logging, monitoring, and alerting that’s usable
• Backup and restore testing with clear recovery targets