Start fixing the latest major attack vector

Fraud Governance, regulation and compliance IT and data

Wednesday 3 November 2021

Stop managing and start fixing the latest major attack vector

Microsoft is fast becoming cyberattackers preferred method of gaining unauthorised access to a network or computer system. This event looks to raise awareness of the key risks to organisations, plus how to mitigate them. We hope this event will encourage conversations between IT and Finance teams of how best they can work together and understand the challenges each face. 

How to book

Book below. You will receive a link and login details to join the meeting one week before the event.

Where and when?

Online, 12.30-16.00

Who is this event useful for?

This event would be valuable for I.T leaders, finance professionals and finance managers with an IT remit in their charity, and trustees concerned with cyber risks.

This event is exclusively for CFG and CITL Members. If you are not a member but would be interested in attending please contact

About CFG events and membership

CFG events, training and members' meetings can count towards your continuous professional development (CPD). Contact your association for further information, or email

Becoming a CFG member gives you discounts on events and training, and access to exclusive events. Membership is open to your whole organisation. Join our community

Association of Independent Museums members can register for free CFG membership through our partnership.



Aaron Turner, Founder and CEO, Siriux

Aaron Turner is the Founder and CEO of Siriux.

Aaron is a multi-decade veteran of the InfoSec community. Starting as an independent penetration tester in the early 1990s, he went on to work at Microsoft in the days before the company had formal security teams. Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2020, after three years of R&D, Siriux launched and released two types of Assessment tools for Microsoft 365 — Quick Scans and Vulnerability Assessments – to help identify and remediate significant security vulnerabilities throughout SaaS products.

Aaron can be contacted via LinkedIn

Martin Smith MBE, Founder and Chairman, The SASIG

With more than 40 years’ experience in the security and crime prevention industries, Martin Smith MBE is a highly respected personality in the information assurance and cybersecurity world. He is an established and successful communicator, visionary, speaker and blogger on his passion for improving online trust. He founded The Security Awareness Special Interest Group (SASIG) in 2004 as a subscription-free networking forum for security practitioners. Its membership now comprises more than 5,500 individuals representing some 2,000 organisations from both the public and private sectors. Martin is also a Fellow of The Security Institute and a Freeman of both the City of London and the Worshipful Company of Information Technologists. In 2017, he received a lifetime achievement award at The Outstanding Security Performance Awards (The OSPAs) for his services to the security industry. 

Martin can be contacted via LinkedIn

Ian Morris, Co-Founder & CEO, Secrutiny

Ian is widely recognised as a specialist in ‘what next’ in cyber, with extensive knowledge of Silicon Valley and Tel Aviv start-up communities. His businesses have pioneered next-generational approaches and have been the UK launchpad and channel for vendors such as 3Com, Ascend, Juniper, Netscreen, Neoteris, Fortinet, Juniper, Palo Alto, and FireEye. Ian’s third start-up, VADition, now represents the largest global division of Exclusive Networks. 

Ian can be contacted via or LinkedIn

Deepak Schukla, Technical Services Director’, Secrutiny

Deepak is a multi-disciplined IT Security professional with expertise across many business operation and technology areas. Over the past 20 years, Deepak has held a variety of pre and post-sales engineering roles. He embarked on his IT career as a Systems Engineer and then worked with a prominent UK based network and security re-seller across various delivery and management roles. Today, his work with Secrutiny Limited as Technical Services Director involves developing and operating a number of engagement services that provide factual based endpoint, infrastructure and SaaS assessments to illuminate the security risks a business is exposed to. These services are fully supported with programmes to address hygiene and posture weakness and track further change from the baseline.

Deepak can be contacted via or LinkedIn


12.30 -12.45





Cyber Prevention Versus Cyber Recovery; the chicken or the egg?

Spending on cyber defence lowers the risk of a breach but investing in recovery means a quicker return to business. Traditionally, organisations are focused on defences, but given the likelihood of a successful attack, shouldn’t having the ability to recover quickly be a key consideration?

In this session, we will be exploring cyber recovery and why it has become a vital component of cyber resilience based on the growing number of ransom-based attacks with cyber-consultancy Secrutiny. Join Co-Founder and CEO Ian Morris as he answers:

·          Why do you need it?

·          When do you need it?

·          Where does this fit in the cyber maturity process & budget priority?

·          How do you do it?


Session 2 - Full details coming soon




Panel Discussion 


Insecure by default: Why you need to rethink your approach to M365 security

When you implement Microsoft, you inherit more than 7,500 default settings per user, with 30% of these directly affecting security. Although these defaults are fine for organisations with low security risk, they do not adequately protect your tenants from the latest cyberattack trends. This is especially important for NGOs doing work in high-risk regions where authoritarian governments exploit Microsoft 365 vulnerabilities to track NGO staff and gain unauthorised access to NGO data.

Join cybersecurity veteran and Siriux CEO, Aaron Turner for an in-depth look at how sophisticated attackers developed new approaches to compromising identities and data in Microsoft's cloud services and how those techniques have now proliferated on a global scale. You'll leave this session understanding the impact and probability of the risk occurring, and what you need to do to detect and mitigate the risk to harden your M365 environment.



Closing remarks and Networking 

Charities - Members£0.00
Corporate - Members£0.00
Individual - Members£0.00