I’m delighted to be joining an exceptional panel of leaders at the CSO ThreatScape Summit UK, taking place on 19 March at the Hyatt Regency Manchester.
Events like this matter. Not because of the networking or the agenda — though both look strong — but because the cybersecurity challenges organisations are facing right now genuinely benefit from being talked through with peers who are navigating the same complexity. The best insights I’ve taken from conferences over the years haven’t come from the keynotes. They’ve come from the conversations in between.
What I’ll Be Focused On
My contribution to the day will centre on something I think doesn’t get enough serious attention in cybersecurity conversations: how you actually influence and drive secure behaviour and culture across an organisation.
It’s easy to talk about culture. It’s much harder to do something useful with the concept. So I want to get specific about what works — what actually shifts how people behave when they’re under pressure, time-poor, or facing something they haven’t seen before.
A few threads I’ll be pulling on:
The gap between policy and practice is where most breaches live. Organisations invest heavily in writing policies. They invest far less in understanding whether those policies translate into real behaviour. Closing that gap requires a different kind of thinking — more behavioural, less procedural.
Leadership sets the tone in ways that formal training can’t replicate. When senior leaders treat security as a genuine priority — not a compliance obligation — it changes how the rest of the organisation relates to it. Conversely, when leaders visibly circumvent controls for convenience, no amount of awareness training compensates.
Incentives matter more than most people admit. If the systems and incentives inside an organisation make secure behaviour harder than insecure behaviour, you will lose that battle every time. Redesigning friction — making the right thing the easy thing — is underused and undervalued.
Why Manchester, Why Now
The threat landscape is evolving faster than most governance structures are designed to handle. AI is reshaping both the attack surface and the tooling available to defenders simultaneously. Regulation is tightening. Board expectations are rising.
The conversations we have at events like ThreatScape — honest, peer-level, with the people actually responsible for navigating this — are part of how the industry finds its footing.
I’m looking forward to the day. If you’re attending, come and find me.
Neil Manfred is the founder of Fredian Shield, a specialist consultancy helping regulated organisations adopt AI and technology responsibly. He speaks regularly on cybersecurity leadership, AI governance, and building secure cultures in complex organisations.