There's plenty to get your teeth into

Check Out Our agenda

developer conference

Thursday, September 29th, 2022

08:30 - 09:00


Tea, coffee and breakfast rolls

09:10 - 09:25


Karen Meechan, CEO, ScotlandIS, and Global

09:25 - 10:25

Mike McQuaid, Principal Engineer, GitHub

10:25 - 10:50

Tea, coffee and biscuits

11:00 - 11:40

Richard Archdeacon, Analyst CISO and Josh Green, Zero Trust Technical Lead EMEA, Cisco

Zero Trust has become a common buzzword. It can mean a lot of things, and no one does it all. Thus, a lot of the conversations are specific to vendor solutions and light on practical experience. So, what does Zero Trust mean in a business environment with increasing levels of connectivity and distance working. This session will look at lessons learned and some of the current and upcoming technologies enabling security and an improved user experience together.

11:00 - 11:40

Eli Holderness, Developer Advocate, Anvil

Building web apps is a complicated mess. You need to know Python, JS, HTML, CSS, SQL, Flask, Bootstrap, SQLAlchemy, Webpack...the list goes on. What if you could do it all in Python? That's what we built: an open-source framework with Python in the browser, Python on the server - even a Python UI toolkit. And then we built an online IDE, drag'n'drop designer and hosting platform for it - all available for free. In this talk, I'm going to discuss the current web landscape, why we built Anvil the way we did - then take a deep dive into how it works, including a live demo. How do you run Python in the browser? How do you build an autocompleter that knows about everything from your UI layout to your database schema? And what does it mean for a programming tool to be "accessible"? No web development knowledge required & no paid features of Anvil are showcased in this talk.

11:00 - 11:40

Stephen Beszant, Head of Data Analytics, Global

Global Media & Entertainment have created their own in-house Digital listening Analytics platform over the past few years. This allows the business to understand how people are listening to their stations such as Heart, Capital FM or Radio X, on what platforms and when. The Data Engineering and Analytics team have continuously innovated what they can provide to the business which became even more valuable during Covid when consumer habits were constantly changing. Hear how we built the platform, how it's been innovated and how it ultimately drives decision making.

11:50 - 12:30

Harry McLaren, Cyber, Senior Product Manager and Security Engineering Squad Lead, SenseOn

What's security operations (SecOps/SOC)? What do they do? What can they help with? How do I work best with them? All these answers and more will be explained, including outlining typical responsibilities, antipatterns to working together, and common career paths and resources. Dive into the "blue team" and learn what we care most about, how we support secure software/product development, and what our bad days look like when adversaries attack!

11:50 - 12:30

Daniel Llewellyn, Head of Engineering (tech enablement)

In this presentation I'm going to talk through two separate security vulnerabilities, in two android applications - both disclosed on hackerone, and both leading to stolen auth tokens. Knowledge of android development not required.

11:50 - 12:30

Start from the moment a product or experience is in the customer’s hands, and work backwards! Join us for an insight into this peculiar Amazon process which is as core to our product development as it is to our internal ways of working.

12:30 - 13:40

13:50 - 14:30

Ash Kulkarni Tech Principal, AND Digital

Serverless offers an efficient way to execute code that doesn’t need to run continuously thereby, removing the need for resource wastage and cost optimisation. We aim to explore the use of various AWS Serverless Components to meet most common business cases. In particular, we aim to look at web applications built using Serverless Components.

13:50 - 14:30

Stu Hirst, Chief Information Security Officer, Trustpilot

Stu is the CISO at leading reviews site Trustpilot. It took him 10 years to reach leadership levels in Tech. During this talk, hear about that journey, the successes and failures, overcoming Imposter Syndrome, dealing with hard times and burnout and how to avoid some of the pitfalls.

13:50 - 14:30

Davie Gow, Solution Architect Capability Lead, Leidos UK

Good people can do bad things, unintentionally. Bad people pretend to be good to exploit human vulnerabilities. So when it comes to cloud security, how do we ensure unintended consequences are minimised? In this session, Davie Gow, Leidos UK Solution Architect Capability Lead, will discuss why when it comes to cloud security organisations need to think beyond technology.

14:40 - 15:20

Daniel Amini, Head of Microsoft Technologies, BJSS

Rare is a legendary British developer responsible for some of the most beloved video games of the last 40 years. Rare’s games span multiple generations of hardware platforms, and maybe more significantly the evolution of software delivery practices, the DevOps movement and Public Cloud. In this talk Daniel highlights the challenges traditional game delivery faces and how Cloud adoption and modern CI/CD can align with consumer demands, benefiting from the learnings of other industries, and how concepts like Landing Zones and Observability can benefit all organisations, not just gaming.

14:40 - 15:20

Alexander Pirker, Senior Security Consultant, RootSys

Have you ever wondered about how it comes to security incidents? I mean the really big ones like someone accessing a remote host, or executing some nice scripts inside your browser?

In this session I want to show some of the most common pitfalls into which companies usually fall. Specifically, I want to cover the following frequent mistakes, and more: * Missing Input Data Validation: Certainly a big one, since depending on the environment, this could lead to for example remote-code-execution (RCE) on your backend, or the execution of scripts in your browser, known under the term Cross-Site-Scripting (XSS) * Improper Usage of Data Types: One of my favorites, since it highlights how careless we sometimes use data types without reasoning about the consequences of our choices. * Information Disclosures: Why sometimes attackers manage to read out secrets, and how do such attacks work? * Denial-of-Service through service crashes

14:40 - 15:20

Calum Dickson, Infinity Works (Part of Accenture)

We have drained the Data Lake, and the Data Warehouse is all boarded up - Data Mesh is the new buzz in town. But as with many great ideas in the world of technology, applying them in the real world is rarely straightforward. Thankfully, Data Mesh is more than a new technology or vendor offering; it is a set of principles that provide a new lens for viewing data platform tooling and data ownership. Join us as we explore what these principles are, and how you can start to apply them wherever your organisation is on its data journey.

15:20 - 15:55

Tea, coffee and biscuits

16:00 - 16:40

Kieron Smith, Chief Technology Officer at SnapDragon Monitoring

A breakdown of the people, pressure, and politics involved in small company product management, and how we’re dealing with them at SnapDragon

16:00 - 16:40

David Stubley, 7 Elements

The aim of this talk is to demystify the actions of malicious actors and provide real world examples of how vulnerabilities within applications are used by attackers. This talk will take a look at a recent high-profile vulnerability within the Atlassian Confluence platform (CVE-2022-26134). Using a real-life incident, David will explain how the vulnerability was leveraged by malicious actors to gain a foothold and the actions undertaken to maintain access and exploit access for malicious purposes.

16:00 - 16:40

Iris Winter, Head of Engineering (Frontend), XDesign

16:45 - 17:25

Wiktor Jurek,Development Lead and Director, Cobry - a Google Cloud partner

A talk on how you can get started with devops, with an actionable learning path * How I became a cloud engineer * How you can get started * How you can forge your own path

16:45 - 17:25

Raquel Bautista-Garrido, Principal Quality Engineer, Fanduel

In this session, we will talk about how Agile teams are changing their approach to testing. We will explore the whole team approach, shift-left testing, and some test techniques that will result in shorter feedback cycles, helping the teams to deliver working software without forgetting our main objective: deliver quality to the customer.

leadership forum

Thursday, September 29th, 2022

12:30 - 13:00

Registration and Lunch

13:05 - 13:15


Karen Meechan, CEO, ScotlandIS

13:15 - 13:45

Tom Kegode, Work:Lab Lead, People & Places, Lloyds Banking Group

How the evolution of ways of working is creating ‘New Work’ that works for everyone; Work Reimagined; Stories we tell ourselves about collaboration; The role of leaders; and What we need to do next.

13:45 - 14:25

Location, location, location: Pro's and con's of home, hybrid and office

Jennifer Ralston, Account Executive, Gigged AI || Andrew Williams, CEO, Fyne Labs || David Farquhar, Intelligent Growth Solutions

During this session our three panellists will discuss the different ways we now work, the challenges they've faced, the opportunities that have been created and how they think they and their teams will continue in the future.

14:25 - 14:55

Develop, Retain, Attract

Nikola Kelly, Managing Director, Be-IT || Richard Archdeacon, Advisory CISO EMEA, Cisco

14:55 - 15:15

Campfire discussion: The impact of the new world of work on Inclusion and Diversity

Silka Patel, Social Value Manager at Leidos || Nikki Slowey, Co-Founder of Flexibility Works

15:15 - 15:45

Coffee Break

Tea, coffee and biscuits

15:50 - 16:25

Overcoming the noise

John Waddell, Chairman, Forrit || Phil Worms, CEO, Frog Systems

16:25 - 17:00

Ali Law, Managing Partner, IT & Digital Transformation, Hanya Partners

17:00 - 17:25

Steven Drost, Chief Strategy Officer, CodeBase

Steven will explain what the newly created Tech Scaler will do by talking about tech ecosystems, globally and locally. What are their constituent parts? How do they play together? How can we make them do more?

Watch The Video

Last Year Was Amazing.

take a look.

Play Video

Don't Wait ‘Till The Last Moment



sign up

Hear all the news about ScotSoft and keep up to date with what’s going on in the Scottish digital ecosystem


latest news


Find out everything you need to know about ScotSoft and the digital ecosystem in Scotland, once a week, straight to your inbox