Qualys Security Conference
Join our cybersecurity experts in London to find out how.
Learn More21-22 May,
London
With so many disparate tools to measure and manage risk these days, it’s harder than ever to quantify the impact of cyber risk on your businesses. Join us in person to find out how today’s security leaders are evolving from enumerating risk to eliminating it. You’ll hear from industry-leading thought leaders, Qualys customers, and product experts on the latest strategies and tactics being used to measure, communicate, and eliminate cyber risk to drive better business outcomes.
8:30 AM Registration and Coffee |
9:10 AM
Welcome to QSC EMEA
Matt Middleton-Leal, MD EMEA North and South, Qualys Room: Grand Ballroom |
9:15 - 10:00 AM
External Keynote
The Shifting Landscape of Cybersecurity: Trends, Challenges, and Emerging Threats Professor Ciaran Martin, CB, Founding CEO of the National Cyber Security Centre and now, Professor, University of Oxford
In this opening keynote, Professor Ciaran Martin, CB, of the University of Oxford and the founding head of the UK National Cyber Security Centre, will argue that understanding risk and harm is one of the most critically important foundations of good cyber security.
|
10:00 - 11:00 AM Qualys Keynote Sumedh Thakar, President and CEO, Qualys |
11:00 - 11:20 AM Coffee Break Room: Wellington Ballroom |
11:20 - 11:45 AM
Operationalize Risk Surface Management with Industry's first Risk Operations Center (ROC), Qualys ETM
Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys Room: Grand Ballroom
As cyber threats grow more sophisticated and regulatory pressures mount, security leaders are under increasing pressure to not just detect vulnerabilities—but to actively manage and communicate risk in real time. The Risk Operations Center (ROC) is emerging as the strategic nerve center for proactive, data driven risk reduction. But operationalizing the ROC at scale means going beyond dashboards and alerts - it requires an intelligent, automated approach that unifies security signals, business context, and response workflows.
In this session, we’ll explore how Qualys ETM, powered by Agentic AI, enables organizations to shift from reactive security postures to continuous, measurable risk mitigation. Attendees will learn how Agentic AI autonomously correlates threat intelligence, asset criticality, and exploitability data to cut through the noise and spotlight the risks that truly matter.
|
11:45 – 12:20 PM
ROC Solid from Day 1 with Qualys TruRisk Platform Innovations
A Risk Analytics Platform - why Qualys? Shailesh Athalye, Senior Vice President, Product Management, Qualys |
12:20 – 13:00 PM
Fireside chat: Rebuilding trust and reducing risk with the Qualys platform at OneAdvanced
Paul Baird, Director of Cyber Security Operations and Engineering, OneAdvanced Matt Middleton-Leal, MD EMEA North and South, Qualys Join Matt Middleton-Leal from Qualys and Paul Baird, Director of Cyber Security Operations and Engineering at OneAdvanced, for an engaging fireside chat. Paul will share his team's recent experiences with Qualys, highlighting how a close collaboration has effectively minimised cyber risks across the organisation. |
13:00 – 14:00 AM Lunch Room: Wellington Ballroom |
14:00 – 14:15 PM
Operations Track
Forecast: Cloudy Attack Paths – Use TruRisk GPS from code to cloud Kunal Modasiya, Senior Vice President, Product Management, Qualys Room: Ballroom 2 As organizations embrace hybrid and multi-cloud environments, security teams often find themselves juggling disconnected point solutions—or platform tools that fall short of their promise to reduce cyber risk across cloud and on-prem workloads. The result is fragmented visibility, increased costs, longer remediation cycles, and missed compliance goals. Qualys TotalCloud, built on the Enterprise TruRisk™ Platform, empowers you to unify risk visibility and response across your hybrid infrastructure—without adding new silos With TotalCloud, you can: a. Break exposure chains and visualize risk context with TotalCloud Attack Path and thus enabling security teams and cloud architects to focus on what truly matters— in addressing risks aligned with your business priorities. b. Bring your risk operation to completeness with frictionless automation (low-code/no-code) to completeness across any infrastructure. c. Gain flexible coverage using agent-based or agentless scanning through FlexScan d. Achieve long-term resilience, eliminate tool sprawl and reduce total cost of ownership with a single platform Management Track Money-minded approach to CTEM with Qualys Enterprise TruRisk Management (ETM) Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys Room: Ballroom 1 Continuous Threat Exposure Management (CTEM) programs play a crucial role in reducing cyber risk, yet they often neglect to factor in the financial impact of threats or the cost of remediation when setting priorities. This session will equip executive leaders with strategies to embed business impact and cost considerations into their CTEM approach, enabling more strategic, value-driven risk management. |
14:20 – 14:50 PM
Operations Track
Aberdeen & Deloitte, A Partnership in Risk Reduction Room: Ballroom 2 Andy Hubbard, Cyber Defence Lead, Aberdeen Group Lucy Williamson, Manager, Deloitte Join this engaging panel discussion featuring Lucy Williamson from Deloitte and Andy Hubbard from Aberdeen as they share insights into their collaboration. Learn how their partnership has successfully minimized cyber risks within Aberdeen Group. Management Track Panel session: mROC – Powering our customer success Room: Ballroom 1 Alessandro Bellato, CEO, Nethive S.p.a. Duncan Bradley, Director of Customer Engagement and Country Practice Leader - UKI Cyber Resiliency Practice, Kyndryl UK Murali Konasani, CEO, Teksalah Nathan Shock, Global Director Vulnerability Management Services, Kudelski An interactive session to discuss how Qualys partners are looking to build service offerings to help drive down risk and operationalize the ROC. |
14:50 – 15:10 PM
Operations Track
Incident Management in 'Sherlock' Mode: Close-loop Threat Detection & Response Andrew Morrisett Director, Product Management, Endpoint Security, Qualys Room: Ballroom 2 You and your security teams today face an overwhelming volume of alerts, siloed tools, and manual processes. In this session, we’ll show how Qualys AI Incident Response Assistant helps modern enterprises shift from reactive to proactive threat response using real-time visibility, prioritized risk, and automated remediation. Key Takeaways: Learn how Qualys has advanced by helping you deploy a revolutionary advancement in cybersecurity defense, designed to hyper-scale incident response processes and dramatically reduce time-to-resolution from hours to minutes. This innovation showcase will empower you and your security analysts by providing comprehensive attack context, clear narratives, and actionable next steps—all delivered instantly when threats are detected. Management Track Patchless Patching: The Art of Risk Reduction with or without a patch Eran Livne, Senior Director, Endpoint Remediation, Qualys Room: Ballroom 1 Not every vulnerability needs a patch. In today’s dynamic enterprise environments, risk elimination requires more than binary decisions. Enter your TruRisk Elimination Cockpit—a centralized view of actionable, contextual options curated by the same experts behind Qualys vulnerability signatures.In this session, explore how TruRisk Eliminate empowers remediation teams with a tailored buffet of mitigation actions—aligned to your organization’s risk appetite, asset context, and operational realities. Learn how Qualys goes beyond detection to guide you toward the right fix, whether it’s patching, configuration change, network isolation, or compensating control. |
15:10 – 15:40 PM
Operations Track
How we started the vulnerability remediation journey, detection to response! Brian Domingues, Vulnerability Manager Contractor, EuropAssistance Room: Ballroom 2 Join Brian Domingues from EuropAssistance as he outlines their remediation journey with Qualys, lessons learnt and outline his vision for the future, partnering with Qualys. Management Track Sessions You’ve Been Qualysed: A Poundland Journey Paul Maxwell, CyberSecurity Engineer, Poundland Room: Ballroom 1 In this session, Paul Maxwell from Poundland, will discuss how they implemented patching to reduce risk in their EUC estate while managing and changing user perception of Qualys patching from a negative into a positive. As well as highlighting what they plan to do elsewhere in the future. |
15:40 - 16:10 PM Tea Break |
Qualys Innovation Showcase
16:10 – 16:25 PM
Putting the 'M' in Vulnerability Risk Management
Kunal Modasiya, Senior Vice President, Product Management, Qualys The threat landscape is more complex than ever, with tens of thousands of new CVEs every year, an attack surface that changes by the hour, and dozens of disjointed tools to collect risk signals. Security teams spend endless cycles to make sense of infinite detections across a hazy picture of their technology environment. It doesn’t need to be this way. In this session, you’ll learn to truly manage exposures beyond the list of vulnerabilities with the following: - A complete view of all assets with cyber risk context, including security gaps, internet exposures, and relationships to your crown jewels - Real-time threat intelligence, including known exploits and MITRE ATT@CK mapping to drive the universal language of TruRisk™ across all asset categories - Orchestrated response, whether its connected workflow to ITSM tools, automated patch jobs, and compensating controls to close attack paths as quickly as possible Join us to learn how Qualys can simplify an increasingly complex threat landscape by streamlining your exposure management program with VMDR and CSAM. |
16:25 – 16:40 PM
Audit Minus the Thrill: Be Audit-ready continuously for DORA and more...
Anu Kapil, Senior Manager, Product - Compliance Solutions, Qualys Regulators aren’t easing up—if anything, they’re tightening the screws. With mandates like DORA and PCI DSS 4.0 raising the bar on operational resilience and security controls, organizations face a stark reality: audit preparation is becoming a full-time, resource-draining burden. Manual evidence collection, siloed compliance workflows, and reactive reporting are no match for today’s fast-moving requirements. For many, staying compliant across multiple frameworks feels like a never-ending fire drill—costly, chaotic, and unsustainable. In this session, we’ll cut to the heart of the problem: why traditional compliance approaches fail under modern pressure—and how you can fix it. Learn how Qualys Policy Audit enables continuous compliance through intelligent automation, real-time risk prioritization, and instant audit-ready reporting. Say goodbye to 10,000+ hours of manual work and hello to streamlined, scalable compliance that’s always ready for your next audit—no matter how complex. Key Takeaways: • Why audits for DORA and PCI DSS 4.0 are exposing cracks in outdated compliance workflows • How automation slashes audit prep time by up to 75% and reduces errors by 95% • Strategies to manage multiple mandates simultaneously—without ballooning costs or complexity • How to transform compliance into a proactive, business aligned process that’s always audit-ready |
16:40 – 16:55 PM
Containers Never Rest. Neither Should Your Risk Strategy
Abhinav Mishra, Product Management Director, Container Security, TotalCloud CNAPP, Qualys
Modern container environments evolve fast—and so do the risks. While many cloud security tools excel at surfacing alerts, they often fall short when it comes to helping you understand what truly matters and how to act on it. For security teams already using VMDR, the opportunity is clear: unify your container and Kubernetes security into a risk-informed model that scales with your operations—not your alert fatigue. In this session, we’ll explore how Qualys brings deep visibility and context to your container attack surface—from image to runtime—while embedding it seamlessly into your existing risk management workflows. Learn how to cut through the noise with TruRisk prioritization and attack path, align DevOps and SecOps through runtime aware policy enforcement, and move beyond point detection toward sustained resilience. If you’re managing containers and cloud workloads with different tools today, this is your chance to see how one integrated approach can elevate both efficiency and impact—across vulnerabilities, misconfigurations, and compliance. |
16:55 – 17:10 PM
App-solutely Secure: AI-Powered Risk Management for Applications & APIs
Asma Zubair, Director, Product Management, AppSec, API & Web App Security, Qualys Applications have long been the primary entry point for breaches, and now APIs are opening new pathways for attacks. Staying ahead of threat actors is increasingly challenging. In this session, we’ll demonstrate how Qualys is advancing security for web applications and APIs. Attendees will gain insights into newly released features and get a preview of upcoming innovations designed to mitigate risks. Key Takeaways: • Reduce risk of breaches • Protect sensitive data • Build customer trust • Ensure compliance • Reduce time to market |
17:10 – 17:25 PM
Secure your Generative (AI & LLM) Sheep
Himanshu Kathpal, VP, Product Management, Platform and Technologies, Qualys Digital identities across hybrid environments and cloud ecosystems has introduced significant security challenges for the modern enterprises - introducing expanded attack surafce, credential theft, privilege access abuse, misconfigurations, federated identity challenges, and managing compliance and privacy concerns. In this session, we will showcase Qualys Identity Security Posture Management, a solution designed to mitigate these risks as part of unified Qualys Enterprise TruRisk Platform. Key takeaways: - Actionable insights into safeguarding user identities and mitigating risks in an increasingly perimeter-less world - How Qualys Identity Security Posture Management helps enterprises achieve real-time visibility into identity risks, enforce least-privilege principles, and proactively address potential threats—empowering them to secure their digital workforce while maintaining agility. - Be confident that you easily can gain visibility and governance over user access, eliminate credential theft and privilege misuse, eliminate your enterprise risks to data breaches, compliance violations, and operational disruptions. |
Room: Grand Ballroom 17:25 – 17:35 PM Closing Remarks Matt Middleton-Leal, MD EMEA North and South, Qualys |
17:35 – 19:00 PM QSC Reception Room: Wellington Ballroom |
Register |
Simply calculating the vulnerabilities that cyber risk poses to your business is no longer enough. See the latest strategies and innovations leading security experts are implementing to quantify the impact of cyber risk on their businesses so they can focus on the vulnerabilities that matter most.
Engage with Qualys’ customer-facing teams and your peers around best practices and user case studies for applying security automation to real-world challenges.
One day of free training covers forward-looking strategies, best practices to improve effectiveness and productivity, and core and expanded product features to up-level your security program.
CIOs, CSOs and CTOs; directors and managers of network, security and cloud; developers and DevSecOps practitioners; Qualys partners and consultants; or any forward-thinking security professionals.
Qualys Security Conference will be held at the Hilton Park Lane.
Hilton Park Lane
22 Park Ln, London W1K 1BE, United Kingdom
T: +44 20 7836 2400
Hilton Park Lane - London, United Kingdom
Attendance at QSC is complimentary. This includes access to all general sessions, breakfast, lunch, breaks, and training.
Travel and hotel accommodations are not included with QSC or pre-conference training.
Join us to learn how to effectively secure your hybrid IT environment, streamline your security and compliance initiatives and enable digital transformation. There is no cost to attend this event.
Paul Maxwell is an experienced Cyber Security Professional with over 12 years in the industry, specialising in network, infrastructure, and data protection. Currently working as a Cyber Security Engineer at Poundland, Paul leads the design and implementation of cybersecurity measures, focusing on vulnerability management, endpoint security, and security incident management. He has a proven track record of deploying effective security technologies and overseeing key policies to protect business-critical assets across diverse sectors, including retail, manufacturing, and IT services.
Paul’s expertise includes managing large-scale vulnerability and remediation programmes, enhancing security incident detection and response, and fostering a strong security culture within organisations through awareness training and employee engagement. With a focus on continuous improvement, he is currently pursuing his CISSP certification to stay ahead of emerging cybersecurity challenges. Paul’s comprehensive approach ensures that security is deeply integrated across all levels of the business.
Andy Hubbard has been with Aberdeen since 2020 having previously worked in cyber security for the public sector. Beginning with a focus solely on Aberdeen’s vulnerability management processes, Andy began to develop Aberdeen’s nascent Cyber Defence function from its early beginnings to the more mature service we have today.
When not working to protect Aberdeen from the nefarious attentions of the various malicious actors in todays cyber world , Andy is proud member of the Queensferry RNLI lifeboat crew, father of three, keen outdoor enthusiast and motorcyclist .
Himanshu Kathpal is VP, Product Management, Platform and Technologies at Qualys. He has over 13 years of experience in cybersecurity and product management, with a specialization in vulnerability management, remediation, and next-generation endpoint security. Himanshu is passionate about developing security solutions that align with the company’s cybersecurity product strategy to meet customer needs, reduce the attack surface, and strengthen the organization’s security posture. He holds a master’s degree in engineering from D.Y.Patil University, Pune, as well as an MBA in International Business Management from NMIMS, Mumbai.
Ciaran Martin founded the UK’s world-leading National Cyber Security Centre and headed it for the first four years of its existence. Currently, after stepping down from his role with NCSC at the end of August 2020, Martin holds the position of Professor of Practice in the Management of Public Organisations at Oxford University’s Blavatnik School of Government, advises several private sector organisations on cybersecurity strategies and is one of the leading global authorities in the field of cyber security policy.
The NCSC, part of GCHQ, where Martin served as an executive board member for six and a half years, is regarded as the world leader among public authorities for cybersecurity. The International Telecommunications Union now ranks the UK as the #1 country for cybersecurity because of the NCSC’s work. Under Martin’s leadership, the NCSC took the lead in managing more than 2,000 nationally significant cyber-attacks against the UK, including the socalled Wannacry attack against the NHS in 2017. He led the detection work that prompted the Government to call out, for the first time, cyber aggression from Russia, China, Iran and North Korea. He helped the NCSC transform the Government’s relationship with business on cybersecurity. In 2018, in a keynote at the CBI’s cybersecurity conference, he launched a board toolkit with five essential questions corporate leaders needed to understand. As a global cybersecurity leader, he travelled to more than 30 countries on five continents building partnerships with Government, national security and corporate leaders. At the NCSC he was a much sought-after guest of the UK’s major corporate boards. Martin believes the essence of good cybersecurity is demystifying a complex subject and finding a way and a language for the specialists to engage with the leadership. That becomes more and more important as new technologies and technology platforms – 5G, the Internet of Things, quantum – become the new reality.
Martin is also a 23-year veteran of the UK Government, working directly with five Prime Ministers and a variety of senior Ministers from three political parties. He held senior positions at HM Treasury and the Cabinet Office as well as GCHQ. He was head of the Cabinet Secretary’s Office and led the official negotiations that led to the agreed terms and rules for the Scottish independence referendum. In 2020 Ciaran Martin was appointed CB by Her Majesty The Queen and has received a range of awards domestically and internationally in recognition of his cybersecurity work.
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.
Matt Middleton-Leal is Managing Director for EMEA North & South at Qualys. With 20 years spent working in the security industry, Matt brings significant experience to his role at Qualys. He has worked for many organisations, specialising in areas such as risk management, identity and access management, application, network and database security. Matt most recently held the position of General Manager EMEA and Board member at Netwrix Corporation. Previous to this role Matt was V.P. Northern Europe at CyberArk Software, where he oversaw five consecutive years of 45%+ per annum revenue growth. Prior to CyberArk he held the position of Business unit executive at IBM Security Systems. Matt joined IBM from CA where he had spent six years, working on their largest information security projects. Matt is a CISSP® – Certified Information Systems Security Professional.
As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.
Lucy Williamson, Manager within the Deloitte UK practice. Over 7 years of experience working in Cyber Security, with a focus on helping financial services clients navigate the complexities of digital transformation and operating large scale MSSP’s.
Paul Baird is an experienced cybersecurity leader with over 25 years in IT, including more than a decade dedicated exclusively to cybersecurity. As the Director of Cybersecurity at Advanced, he oversees cybersecurity operations and engineering and drives the organisation’s security strategy to enhance resilience and mitigate evolving threats.
Paul has led significant security transformations throughout his career, including establishing a Security Operations Centre (SOC) for a leading UK car manufacturer and shaping the cybersecurity strategy for a UK FTSE 250 company. His expertise spans security operations, risk management, security tooling, and incident response, enabling him to implement strategic initiatives that align cybersecurity with business objectives.
Beyond his professional role, Paul is passionate about cybersecurity awareness and community engagement. He created the Cyber Security Acronym Periodic Table, which began as a personal passion project but has since gained global recognition as an educational tool used by professionals worldwide. Translated into multiple languages, it helps individuals navigate the industry’s acronym-heavy landscape, making cybersecurity more accessible.
Paul also strongly advocates diversity and inclusion in cybersecurity, actively mentoring underrepresented groups and championing initiatives to broaden participation in technology careers. A regular speaker at industry conferences and contributor to various publications, he plays an active role in shaping discussions on cybersecurity best practices and emerging trends.
Paul is committed to building robust, scalable security operations that not only defend against modern threats but also support business growth and operational excellence.
With 7 years of experience in vulnerability management and security risk mitigation, Brian Domingues has a proven track record of deploying Qualys solutions, optimizing security processes, and leading teams to enhance cybersecurity maturity across global organizations. I have worked in various types of organizations, from industrial to banking and insurance sectors, each with different remediation timelines and constraints in vulnerability management. I have also worked on various aspects of Qualys, from full on-premises environment to full cloud deployments, implementing products such as VMDR, WAS, Connectors, EASM and Cloud Agents.
Mayuresh is Manager of Threat Research at Qualys. During his 15+ year career, he has gained expertise in many areas of information security, including vulnerability assessments, penetration testing, application security, reverse engineering, and purple teaming. He is passionate about all things inter-networked and possesses an intellectual curiosity in secure computing and emerging technologies. Mayuresh has been with Qualys since 2012 and was one of the first technical hires in the Pune, India office.
Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti’s enterprise security and endpoint security and management solutions. Eran holds a bachelor’s degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.