Learning from the Welsh National Security Operations Centre

This session draws on national operational experience protecting NHS Wales to highlight a consistent pattern seen across the healthcare sector. It shows how attackers exploit weaknesses in identity, privilege, patching and third-party access, and why inconsistency in these controls creates systemic risk in shared environments. The session emphasises that cyber resilience is a leadership responsibility, requiring disciplined implementation of fundamental controls and demonstrable recovery capability — not new technology.