“What we are doing in cyber security is not working.”
So says Duncan Rae, group CISO at Pepkor, who is joining a line-up of global and local cyber security experts to discuss what is and isn’t working in the increasingly complex cyber security environment.
The Cape Town edition of ITWeb’s Security Summit is one week away.
Rae will speak about Reclaiming the soul of InfoSec, reminding delegates that 2025 was one of the most devastating years in global history when it comes to high-profile cyber incidents. He will question the ‘sacred texts’, frameworks and best practices that are followed out of routine and fear.
His talk is a call and encouragement to the cyber heretics – those brave enough to break away from the script and try something different, says Rae. The goal is to inspire the next generation to think differently, hopefully do it better, and remind the more experienced why we’re really here.
Could you hack into a bank in less than half an hour?
One of the keynote speakers, Glenn Wilkinson, says he could, and he’s willing to show you how.
ITWeb Security Summit 2026
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit 2026 in Cape Town and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
As an ethical hacker, and CEO and co-founder of London-based Agger Labs, which focuses on eliminating ransomware, Wilkinson has penetrated countless companies and organisations – from banks to governments, supermarkets to telcos and many others in between.
During his keynote, Wilkinson will perform a live demo of a hack.
“I’ll be taking the audience on a journey of how hackers operate, how they would get into a South African bank, steal some money and then add insult to injury by dropping ransomware. I’ll show the audience what’s possible, how it could happen, the techniques and tactics used and how to defend yourself,” he says.
Global breaches, local rules
As cyber attacks grow more destructive and regulations tighten worldwide, organisations face a new dilemma: global breaches unfolding under local rules and within local operating contexts.
Asia plays an increasingly important role in shaping how and when companies disclose global cyber incidents.
Drawing on insights from major cyber incidents across Asia and beyond, Sunitha Chalam, partner and head of Singapore at Brunswick Group, will deliver a keynote that examines how stricter breach reporting regulations in Asian markets are shifting the global cyber incident response timeline away from traditional Western-led approaches.
Chalam will also touch on the importance of making incident planning and response a wider practice than simply a technical function responsibility.
The parking ticket, the paperwork and the AI that said 'yes'
According to Javvad Malik, lead CISO advisor at KnowBe4, we’re entering the age of the human-AI hybrid, where trust becomes the primary attack surface. “Let’s learn how to secure it,” he says.
In his keynote, Malik will demonstrate how “helpful” AI can be steered into endorsing shaky assumptions, validating questionable credentials and drafting persuasive (but flawed) arguments.
Then we’ll zoom to the enterprise reality: how the same mechanics enable insider risk, process bypass and high-impact errors when organisations outsource judgment to AI summaries and automated workflows.
Healing digital wounds: Human well-being in digital defence
A panel led by Kerissa Varma, president of Women in Cybersecurity Southern Africa, examines the psychological and physical health impacts of cyber attacks, highlighting the human cost of digital threats. It will propose interdisciplinary solutions for mitigating the human and organisational impact of cyber attacks, for CISOs, legal professionals and cyber security experts aiming to prioritise well-being in digital defence.
Panellists include Rene Mattheus, attorney at RH Heydenrych & Associates; Duncan Rae, group CISO at Pepkor; Wayne Kruger, partner at Synchronicity Change Management; and Lukas van der Merwe, associate director for cyber security sales and client development at Cybercom.
Share
