Security Conference – building resilience and sharing powerful lessons to strengthen our sector
Our head of cyber engineering and architecture reflects on this year’s conference and some of its key takeaways.
Security Conference 2025 brought together IT, security and digital leaders from across education, research and the public sector to share insights, connect with peers and explore practical ways to strengthen resilience.
Against an increasingly hostile cyber security environment, it was powerful to see how the conference, held at Manchester Central, with selected sessions streamed online, brought the community together to share insights and explore practical ways to strengthen resilience.
Here are some of my key takeaways from the event.
We’ve now grown up with cyber threats
One of the strongest themes this year was the value of talking openly about incidents. Delegates shared experiences of what they’d been through, how they were impacted and how they recovered.
I could see that many people in the room had been in the world of cyber security for many years and, over time, had shifted from being the person fixing the issue to being the person leading others through it. That change in responsibility requires different skills and confidence – something many in the room recognised – and demonstrated in the discussions.
The need to see the academic world in a wider global context
Jonathan Shaw, the first and former head of cyber security for the British Army, delivered a memorable keynote with a clear message – if you only look at your own estate, you only see a narrow slice of the picture.
Jonathan brought a national and global perspective on cyber security, reminding us that the sector doesn’t operate in isolation.
For me, a key takeaway was that the human risk factor still dominates as a point of vulnerability. Good decision-making, backed by trained and confident staff, will always matter – and we must remember to instil that in our teams.
Cyber Essentials is a challenge – but a necessary one
The Cyber Essentials session must have set a record for audience participation and questions. Everyone has their own challenges in meeting the standard, and that’s understandable.
Even with years of experience behind us, many institutions are still trying to work out how to make Cyber Essentials fit their business without disrupting day-to-day operations.
The message remains the same: Cyber Essentials is, well, essential. There’s no alternative and is only becoming more critical as it becomes mandatory in purchasing frameworks and your supply chain considerations.
The real work lies in structuring the organisation so it can meet the requirements, and in bringing people with you. You can’t simply declare that you’re “doing cyber security”. You need buy-in from leadership, staff and anyone who may be involved, assessed or audited.
We should all learn from attacks on others
I’ve often said that the fastest way to improve your security posture is to experience an incident – but it’s also the most brutal. It forces progress in a way no one would choose.
But that’s not how a responsible organisation operates. Instead, we should assess risk, mitigate it and make improvements before something goes wrong.
Major organisations are being compromised, and when they’re transparent about what happened and what they learned, we should pay attention. There’s huge value in the shared lessons – we are in this together and sharing information makes us all stronger.
We have a collective responsibility to tackle cyber security
Whether you’re an executive, a technician or somewhere in between, you have a responsibility to protect your institution – whether that’s systems, data, buildings or people.
The conference is a place to discover that you’re not alone in the challenges you face, and to explore what you need to achieve across the next year – or the next five. Everyone has a role to play. The impact of cyber incidents is global, and when one college or university is affected, it affects the whole sector.
Attackers often operate at scale. If our sector is seen as a soft target, the risk increases – so we all share a duty to stay on the front foot, and attending conferences like ours is a powerful way to stay ahead.
We are uniquely positioned to support the sector
Our mission is to strengthen the collective cyber resilience of the UK tertiary education sector. Under-investment, ageing infrastructure and inconsistent security standards have created an expanded attack surface – one of the reasons we refer to protecting the HE and FE sector as the hardest challenge in cyber security.
Through tools, expertise and specialist support, we help institutions defend against increasingly sophisticated threats.
Our Security Operations Centre (SOC) represents the gold standard in proactive detection, prevention and response – and we’ll continue evolving to meet the challenges ahead.
Next steps
- Find out more about our Security Operations Centre (SOC) and download our new SOC brochure
- Connect with your relationship manager or make a customer enquiry to talk about the challenges you face
About the author