Check Out Our 2025 agenda
Find out more details of each of the speaker sessions for our 2025 agenda.
PLAN YOUR DAY, YOUR Way
Thursday, September 25th, 2025
Key:
Technical Talks =
Leadership Talks =
08:30 - 09:00
registration
Tea, coffee and breakfast rolls on arrival.
09:00 - 09:05
Welcome
Karen Meechan, CEO, ScotlandIS
09:05 - 09:55
Ministerial Address
09:55 - 10:55
Keynote - Adventures in Scottish IT
Peter Palmer, Tech Entrepreneur
Peter Palmer (MBE, MA, MSc, DPhil, MBCS) was a founder of Spider Systems in 1983 and AXON Networks in 1992. Both were successfully sold in the mid-1990s.
In the late 1980s, he was a founder of ScotlandIS (then the Scottish Software House Federation) and was its first Chairman.
In his keynote, Peter will talk about the background to the founding and success of Spider Systems, and how those experiences led to the founding of SSHF. Peter will also relate the history of AXON, which, based on the experience of Spider, was founded as an American company with product development in Scotland. Spider and AXON together offer an interesting case study in the differences between two markets.
Peter has lived in the USA for the last thirty years, initially working for AXON, and subsequently as a business angel in the Boston area.
11:00 - 11:20
coffee break
Tea, coffee and biscuits will be provided, with the chance to network and browse the exhibition hall.
11:30 - 12:10
Attacks and Defences for lLMs
Daniel Llewellyn, Director of Technology, CreateFuture
With the incredible speed that developers have been integrating AI into their applications, the tools we have to prevent attackers from abusing AI has not kept up, and in fact unlike other vulnerabilities in web applications (like XSS) there is no easy or clear way of stopping prompt injection attacks.
In this talk, Daniel will cover some of the top threats, including prompt injection, jailbreaking and data poisoning, the impact it can have on an application, and attacks and defences at three levels: before a prompt hits the LLM, defences on the LLM and defences after the LLM.
While there is no silver bullet, he will finish by pointing the attendees to a few tools they can use to protect their own applications, and why you need to care, plus more on AI legislation and the growing call for 'responsible AI' practices.
11:30 - 12:10
Designing Your Ideal Agentic Employee: From Rapid Prototyping to Responsible Integration
Pete Gordon, Principal Consultant, Waracle
In today's AI-powered workplace, sophisticated Large Language Models (LLMs) are transforming from tools to teammates. This session reveals a proven methodology for creating "Agentic Employees" – AI systems that autonomously execute complex tasks alongside your human workforce.
We'll demonstrate how combining Design Thinking principles with LLM-based prototyping creates a powerful iterative framework that dramatically accelerates agent development. Through real-world case studies, you'll see how organisations have moved from concept to functional agentic systems in weeks rather than months.
Beyond technical implementation, we'll focus on the strategic questions determining success: How do you define an agent's purpose, scope, and behavioural guardrails? What communication style aligns with your organisational culture? How do you measure an agent's effectiveness?
The final segment tackles the governance challenges determining whether agentic AI becomes an asset or liability. We'll provide actionable frameworks for establishing clear lines of accountability, implementing effective oversight mechanisms, and creating sustainable maintenance protocols.
Key Takeaways: A practical, step-by-step methodology for rapidly prototyping and iterating agentic AI systems; strategic frameworks for defining agent roles that align with organisational objectives and culture; governance best practices that enable responsible AI integration while mitigating operational and ethical risks.
11:30 - 12:10
How Hackers are Using AI (and What We Can Do About It)
Chris Butler MBCI CISM, Resilience Director, Databarracks
Imagine getting a phone call from your CEO, urgently asking you to transfer £100,000 to a new supplier. You recognise their voice immediately — it has to be them, right? Except…it isn’t. It’s a hacker, using AI to mimic your CEO’s voice perfectly. This isn’t science fiction anymore — it’s happening today.
In this talk, Charlie will explore the many different ways hackers are using AI to enhance and accelerate their attacks. From deepfakes tricking staff into sending money, to phishing emails and ransom notes crafted in perfect English, AI is changing the cyber threat landscape at incredible speed. He’ll also look at how AI is making malware smarter and stealthier, slipping past traditional security tools with ease.
Along the way, Charlie will share real-world examples of AI-driven threats and explain what these developments mean for businesses and individuals alike. Importantly, we’ll also discuss the critical role of Cyber Incident Management in an AI world — and why having a prepared, well-practised human team remains essential when facing fast-moving, AI-powered attacks. Finally, the audience will leave with practical steps you can take to protect yourself and your organisation, and how you can even harness AI as a powerful tool for defence.
11:30 - 12:10
10k and counting: Insights and Trends from Cloud Native London
Cheryl Hung, Senior Director, Head of Infrastructure Ecosystem at Arm
In 2017 Cheryl Hung started a meetup, Cloud Native London, with no speakers, no venue and no attendees. Just 7 weeks later, over 100 people turned up to the first event. Now Cloud Native London has grown to 10,000 members, and is one of the strongest and most vibrant developer communities in Europe.
In this talk, Cheryl will delve into software architecture insights and trends over the last 8 years. She’ll look at both technical and strategic developments, and transformational opportunities for individuals and organisations going forwards.
11:30 - 12:10
There's No Such Thing as Plain Text
Dylan Beattie, Founder and Director of Ursatile
Software is complicated. Machine learning, microservice architectures, message queues… every few months there’s another revolutionary idea to consider, another framework to learn. And underneath so many of these amazing ideas and abstractions is text. When you work in software, you spend your life working with text. Some of those text files are source code, some are configuration files, some of them are documentation. Editors, revision control systems, programming languages - everything from C# and HTML to Git and VS Code is based on the idea that we’re working with “plain text” files. But… what if I told you there’s no such thing?
When we say something is a plain text file, we’re relying on a huge number of assumptions - about operating systems, editors, file formats, language, culture, history… and, most of the time, that’s OK. But when it goes wrong, good old plain text can lead to some of the weirdest bugs you’ve ever seen. Why is there Chinese in the SQL event logs? Why has the city of Aarhus disappeared? And why does Magnus Mårtensson always have trouble getting into the USA?
Join Dylan Beattie for a fascinating look into the hidden world of text files - from the history of mechanical teletypes, to how emoji skin tones actually work. We’ll look at some memorable bugs, some golden rules for working with plain text, and we’ll find out what the phrase “PIKE MATCHBOX” has to do with driving in the Soviet Union.
11:30 - 12:10
Strategic Thinking and Action - Tools and Techniques for Business Success
Tracy Pound, Managing Director, Maximity Limited
Tracy will cover the key topics of knowing your customer, solution-based selling, utilising every available marketing channel, staying different, expanding your reach, and the challenges associated with change. Her presentation will emphasise collaboration, professional growth, and balancing different aspects of life.
12:20 - 13:00
Beyond Compliance: Leading the industry and transforming developer experience with bold automation
John Ockenden, Senior Full-Stack Engineering Consultant, Accenture
Serverless applications have the benefit that cloud providers manage the underlying infrastructure, but they can be difficult for E2E testing.
In this talk, John will look at patterns which can make this possible and show how automation improved the developer experience and provided a short feedback cycle.
He will show how open-source tools written in Go have been used to provide a polished testing experience - rated "golden standard" by the regulator.
12:20 - 13:00
£750m for a supercomputer?!
Mark Parsons, Director of EPCC, The University of Edinburgh
The UK Government announced in the June Spending Review that a new £750m supercomputer will be coming to Scotland. The next national supercomputing service will be hosted and operated by EPCC, the National Supercomputing Centre at the University of Edinburgh. This talk will explain what the new supercomputer is, what it can do, why it costs so much, and why we hope it will be relevant to many ScotSoft attendees.
12:20 - 13:00
From Theory to Practice: Lessons from the AI Integration Frontier
Jamie Graves, Managing Director, L-Point Ltd
Drawing from his career building AI-powered products, this talk distills key principles that separate successful AI integrations from failures.
Jamie will share practical frameworks for determining when AI truly adds value versus when it's simply trendy, examine the often-overlooked organisational challenges of implementation, and demonstrate how to maintain human-centered design throughout the development process.
12:20 - 13:00
Cyber Threats in the Supply Chain: How Major UK Retailers got attacked
Robin Klusman, Manager Security Architect, Resillion
Supply chain attacks are making headlines, most recently with the attack that shut down Marks and Spencer for several weeks. Attackers are taking advantage of the additional attack surface that is the supply chain, to gain entry where they otherwise could not.
This talk explores the different ways in which various aspects of the supply chain have been used to compromise an organisation. Robin will look into what went wrong in cases such as SolarWinds, Log4Shell and Stuxnet, and discuss the lessons learned from mistakes made in the past.
12:20 - 13:00
Agentic AI: Software Steps into the Labour Market
Gary Crawford, Founder and Chief Advisor, Owendale Advisory
In 2011, Marc Andreessen famously declared, "Software is eating the world." But Andreessen wasn't entirely correct: software merely ate the tasks of storing and retrieving information—until now.
Agentic AI marks a seismic shift. We're now entering an era where AI-enabled software steps into skilled roles, performing activities once exclusive to humans. As AI enters the labour market, we stand on the brink of the most profound transformation in work, society, and economics since the Industrial Revolution.
In this talk, Gary Crawford outlines the strategic, operational, and cultural challenges leaders must overcome to succeed in the Intelligence Era. Combining sharp insights with practical guidance, this lively and entertaining session is a must-see for forward-thinking leaders shaping the future of work.
13:00 - 13:50
Lunch
14:00 - 14:40
Coping with constant change: the realities of embedding AI
Richard Marshall, Principal, Concept Gap Ltd
Software environments have always been evolving, but the rate of change in the last couple of years has grown exponentially. This creates a massive problem for developers looking to create a stable, reliable enterprise operating environment, yet want to add new AI-based features. This is particularly important for many highly regulated industries where AI can bring measurable benefits, yet the churn in approaches, APIs, models, and capabilities makes adoption particularly challenging.
In this session, Richard will present techniques that will enable developers and architects to plan for an increasingly fluid future.
14:00 - 14:40
Code Meets Creds: Navigating the Identity Collision Course
Chris Owen, Managing Director, dotnext Europe
As software eats the world, identity is quietly becoming its favorite snack. In today’s DevOps-fueled, API-saturated world, the line between development and security has not just blurred—it’s buckling under the weight of machine identities, hardcoded secrets, over-permissioned service accounts, and a "ship it now, patch it later" mindset.
This talk explores where security and development collide—often unintentionally—and how developers are unknowingly holding the keys to the kingdom. We'll spotlight the growing risks around both human and non-human identities, including the rise of shadow tokens, identity sprawl in CI/CD pipelines, and privilege escalation hiding in plain sight.
But this isn’t a blame game. We’re here to show how developers can become identity champions without slowing down innovation. From least privilege by design to secrets hygiene that doesn’t suck, we’ll share practical strategies that work with your flow, not against it.
Let’s rethink identity security as a team sport—because the best code in the world means nothing if it ships with the wrong permissions.
14:00 - 14:40
Pushing the Limits: Exploring 1-Bit Large Language Models for Efficient AI
Marcin Wawryszczuk, Principal AI/ML Architect, Andersen
1-bit LLMs aim to drastically reduce computational cost while maintaining useful performance. Quantisation has evolved from 8-bit to 4-bit, and now researchers are pushing the limits with 1-bit representations.
In his talk, Marcin wil dive into why 1-bit models are ideal for edge devices, offline AI, and energy-constrained environments, while considering that achieving 1-bit models requires specialized training methods, gradient approximations, and architectural tweaks.
Early results show promising efficiency gains (though trade-offs exist in accuracy and convergence) and a future promise of hybrid precision and better training algorithms - however hardware support will define the next phase of 1-bit research.
14:00 - 14:40
The Quantum Computing Advancements Set to Unlock the Promise of AI
Ilyas Khan, Vice Chairman of Board of Directors and Chief Product Officer, Quantinuum
14:00 - 14:40
The Founder’s Revenue Trap: Why Great Products Don’t Sell Themselves (and How to Avoid It)
tbc
Many tech founders believe, “if we build it, they will come.” The reality? They don’t.
Most companies that manage to break out of the first phase grow through founder-led selling. That’s a powerful start, but it’s not enough. To truly scale, you need structure. The earlier and more deliberately you build that structure, the faster you move towards scalable revenue growth, stronger product–market fit, better fundraising (while giving away less equity), and ultimately a healthier, more sustainable business.
14:00 - 14:40
Discovering ES|QL, the New Query Language for Elasticsearch
Emmanuel Demey, Web Developer Freelancer
Elasticsearch has long been a powerful tool for searching, aggregating, and analyzing data at scale. With the introduction of ES|QL (Elasticsearch Query Language), a new chapter begins. ES|QL brings a unified, SQL-inspired syntax designed not only for search but also for advanced data transformations, making it easier than ever to query, enrich, and correlate data directly within Elasticsearch.
In this session, we will explore the motivations behind ES|QL, its syntax, and its key features compared to existing query approaches. Through practical examples, we will demonstrate how ES|QL simplifies common tasks such as filtering, aggregations, joins, and time-series analysis, while also opening the door to more complex data pipelines natively in Elasticsearch. Whether you are a developer, data analyst, or architect, you will leave this talk with a clear understanding of how ES|QL can streamline your workflows and unlock new possibilities for interacting with your Elasticsearch data.
14:50 - 15:30
Patching the Pipeline: Aligning Python Engineers and SQL Analysts
Ceri Shaw, Fractional CTO
Technical leaders often find themselves managing teams where Python engineers and SQL analysts operate in silos with misaligned goals and workflows leading to data teams struggling to untangle the data, broken pipelines and dashboards and blame games all around.
This talk explores why that gap exists, what it costs in terms of productivity and trust, and how to close it.
Ceri will look at real-world examples of tension between engineering and data teams, the root causes behind data handoff issues, and why shared context, collaboration and communication are the key to better outcomes. You'll leave with actionable strategies to align your engineering and analytics teams, from setting joint data contracts to embedding analysts in feature teams. Ceri will also share tips and techniques that have worked in her experience as a technical leader and discuss some of the well-intentioned misses and why they failed.
Whether you're leading a data-driven org or feeling frustrated with data work always lagging the product teams, this talk will give you actionable insights you can apply in your teams tomorrow.
14:50 - 15:30
Gamifying the Future: Transforming Digital Engagement in Scottish Widows
Rose Ulldemolins, Engineer Lead, and Derek Shanks, Director of Digital Technology, Lloyds Banking Group
Join Derek Shanks and Rose Ulldemolins as they explore how Scottish Widows is reimagining the digital experience through the lens of gamification and next-gen app design.
Derek will share the strategic vision behind our transformation - why we’re investing in digital engagement, how it aligns with our business goals, and what it means for our customers and engineers. Rose will then bring the strategy to life, showcasing the technology, design thinking, and execution behind our gamification approach and the Scottish Widows App. Together, they’ll offer a compelling look at how business and tech are partnering to shape the future of Insurance, Pensions & Investments.
14:50 - 15:30
Co-Innovating in the Cloud: Lessons from Scaling AI in Partnership
Scott Henderson, SVP of Platform Engineering and Data Innovation, The Craneware Group
This session shares technical insights from real-world co-innovation at hyperscale — drawing on experience collaborating with Microsoft to deliver AI-powered solutions in sensitive data environments.
We’ll explore practical strategies for scaling AI workloads using Azure: balancing native cloud services with custom components, managing latency and cost trade-offs, and designing architectures that meet demanding compliance needs without slowing delivery. The talk will feature architectural diagrams, code-level patterns, and candid lessons on what works — and what to avoid — when partnering with large platforms to build AI-driven systems at scale. It’s designed for senior engineers and architects who want to accelerate AI innovation without compromising reliability, ethics, or performance.
14:50 - 15:30
Reverse Investor Pitch: What Investors Can Do for You
tbc
In this unique session, investors take the stage to pitch to you — Scotland’s innovative start-ups and SMEs. Hear directly what support, funding, and expertise they offer, the types of businesses they’re seeking, and how to position your company for investment success. A must-attend to match your ambition with the right backers.
14:50 - 15:30
AI Security starts with your team: Building cyber resilience through continuous training
Gerasimos Marketos, Chief Product Officer, and Edouardos Petriadis, Solutions Engineer, at Hack The Box
In this session, Gerasimos and Edouardos will explore how organisations can build end-to-end resilience - from protecting AI systems, to augmenting human defenders, to preparing for the rise of autonomous agents.
To bring these ideas to life, the session will feature a real-world data poisoning attack on an AI-powered cheque processing system using the Bridging machine from Hack The Box. You’ll also see how hands-on training, such as the AI Data Attacks module in HTB Academy, equips teams to stay ahead of these evolving threats.
15:35 - 15:55
coffee break
Tea, coffee and biscuits will be provided, with the chance to network and browse the exhibition hall.
16:00 - 17:00
keynote - Pivot Point: Back to the future
K D Adamson, Futurist and Ecocentrist
The age of technology optimisation is over, and the age of resilience has begun.
In a future shaped by moralism, meta-mercantilism, and meatspace global business was a great start-up, but it isn’t going to scale. Like all good start-ups it has to pivot, which means challenging some basic assumptions. Because the greatest handicap that leaders face is not uncertainty about tomorrow, it’s overconfidence in their beliefs about today.
