Enterprise Cyber Security

24 September 2019

Victoria Park Plaza, London




Dr Gilad L. Rosner

Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Dr Gilad Rosner is a privacy and information policy researcher and the founder of the non-profit Internet of Things Privacy Forum, a crossroads for industry, regulators, academics, government and privacy advocates to discuss the privacy challenges of the IoT. The Forum’s mission is to produce guidance, analysis and best practices to help industry and government to reduce privacy risk and innovate responsibly in the domain of connected devices.

Gilad’s broader work focuses on the IoT, identity management, US & EU privacy and data protection regimes, and online trust. His research has been used by the UK House of Commons Science and Technology Committee report on the Responsible Use of Data and he is a featured expert on O’Reilly and the BBC. Gilad is an internationally invited speaker and has given talks at industry conferences, universities, and government agencies, including the US National Institute of Standards and Technology.

Gilad has a 20-year career in IT, having worked with identity management technology, digital media, automation and telecommunications.
Gilad is a member of the UK Cabinet Office Privacy and Consumer Advisory Group, which provides independent analysis and guidance on Government digital initiatives and is a member of the IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems.

He is a Visiting Researcher at the Horizon Digital Economy Research Institute, an Affiliate Researcher at UC Berkeley’s Centre for Long-Term Cybersecurity and has consulted on trust issues for the UK government’s identity assurance programme,

Francesco Cipollone

Director of Events, Cloud Security Alliance UK; Head of Security Architecture & Strategy, HSBC Global Banking and Markets

I’m Francesco, a Chief Information Security Officer (CISO) and cybersecurity advisor who specialises in strategy and cloud security. Fuelled by passion, curiosity and dissatisfaction for the status quo, I believe in protecting identities in cyberspace and creating a safer, more connected world for future generations.

I’m currently helping ELEXON and HSBC build their cybersecurity practices.

In my spare time, I love to give back to the cybersecurity community. As part of that, I am Director of Events for the Cloud Security Alliance UK and an active member of ISC2. I’ve launched the #MentoringMonday community together with the support of Jane Frankland and Tanya Janca. The mentorship community is inclusive with a focus on empowering women in cybersecurity.

Previous Speakers

Professor Christopher Hankin

Director, Institute for Security Science and Technology at Imperial College London

Professor Hankin joined Imperial College London in 1984 and was promoted to Professor in 1995. He is Co-Director of the Institute for Security Science and Technology. His research is in theoretical computer science, cyber security and data analytics. He leads multidisciplinary projects focussed on developing advanced visual analytics and providing better decision support to defend against cyber-attacks.

He is Director of the UK’s Research Institute on Trustworthy Industrial Control Systems. He is the immediate past President of the Scientific Council of INRIA, the French national institute for research in computer science and control. He is Chair of the UK’s Academic Resilience and Security Community (Academic RiSC) and sits on the ministerial oversight group of the Security and Resilience Growth Partnership. He was Vice Chair of the DG CONNECT Advisory Forum for the European Commission until 2015, having previously been a member of ISTAG for two successive terms.

He is Chair of the Association for Computing Machinery (ACM) Europe Council. He is also a member of the ACM Publications Board.

Flavius Plesu

Chief Information Security Officer, Bank of Ireland

A business-focused cyber security leader, Flavius has held senior security positions both within the public and the private sector and has lead a number of enterprise-wide security transformation programmes in complex global organisations. He is passionate about cultivating and building teams to deliver on the organisation’s mission, values and goals. His primary focus is enabling organisations to understand their cyber security risk exposure to make well informed business decisions.

Along with his role as a Head of Information Security at Bank of Ireland, Flavius is also one of the co-founders of OutThink, a team of CISOs and security practitioners who are changing the way in which organisations engage with their employees to change behaviours and build a risk aware culture.

Royce Curtin

Managing Director of Global Intelligence, Barclays

Royce Curtin joined Barclays in January 2017 as Managing Director of Group Intelligence to lead the build-out and delivery of the firm’s global intelligence services. He previously completed a 27-year career as a Federal Bureau of Investigation (FBI) Senior Executive and USA military pilot, including his final role as an FBI Senior Advisor to the USA Director of National Intelligence and the FBI Deputy Assistant Director of National Intelligence for Partner Engagement.

Royce leads Barclays’ Global Threat Intelligence program as part of an integrated Security Operations service line, combined with their CSO Global Cyber Operations and Investigations teams and a 24/7 Joint Operations Centre. His team coordinates all intelligence activities across CSO, BUK Retail Bank, and Barclays International Bank and is key to a large 3 year change program delivering Intelligence Driven Defence security operations across the company.

The Intelligence team delivers Cyber Defence, Cybercrime, Geo-Political, Physical, Strategic and Open Source Intelligence on the most sophisticated threats to the bank that helps defend the network; optimise controls; protect the corporate estate and global workforce; reduce cyber-enabled financial loss; inform vulnerability management, resilience, red team, and secure innovation; support 24/7 situational awareness and incident response; and plays an integral role in mitigating risk and enabling rich customer experiences and secure global financial services.

Raef Meeuwisse

ISACA Expert Speaker and Author of ‘Cybersecurity for Beginners’

Raef Meeuwisse is an ISACA governance expert and Director of Cyber Simplicity Ltd. He has recently finished an ISACA paper on the Governance of Enterprise Information Technology for Healthcare and is also known for his independent books, including ‘Cybersecurity for Beginners’.

Tim Williams

Independent Contractor

Tim is an independent security consultant, life-long learner and trainer. His experience spans international technology service providers, the energy sector, banks and several government departments/agencies. He is currently undertaking multi-disciplinary PhD research integrating knowledge, methods and data from sociology, cybersecurity and physical security domains.

Keith Martin

Professor of Information Security, Royal Holloway University of London

Prof. Keith Martin is a Professor of Information Security at Royal Holloway, University of London. He is currently Director of the EPSRC Centre for Doctoral Training in Cyber Security at Royal Holloway, and is a former Director of Royal Holloway’s Information Security Group. He has broad research interests in cyber security, with a current focus on application of cryptography and geopolitical aspects of cyber security.

Keith has been teaching on Royal Holloway’s pioneering MSc Information Security since 2000, and was a co-creator of the successful distance learning version of this programme. He is author of the book Everyday Cryptography (OUP, 2012), now in its second edition, which introduces cryptography to non-mathematical audiences, with a focus on the practical use of cryptography to support everyday activities. He presents the introduction to cryptography week on the online Coursera course: Information Security: Context and Introduction. He has also presented courses on cryptography to a wide range of audiences, including specialist industrial short courses, the general public, and school audiences.

Tom Parkhouse

Superintending Inspector, Head of Civil Nuclear Cyber Security Regulation, Office for Nuclear Regulation

Tom Parkhouse joined the Office for Nuclear Regulation in 2012 and is currently the Head of Nuclear Cyber Security Regulation within the Civil Nuclear Security Division. As a former member of the Royal Air Force Police he has a broad security and counter-intelligence experience including between 2008 and 2012 serving in various Ministry of Defence appointments focused on cyber issues. From 2011 until 2013 he was a Senior Fellow of the Atlantic Council publishing subjects such as Cyber Security Cooperation and co-authoring a chapter within the National Cyber Security Framework Manual. At ONR, Tom has previously been the Civil Nuclear Security Chief of Staff and the regulatory lead for Emergency Preparedness and Response. Tom is a Chartered Security Professional and has degrees from the Royal Military College of Science (Information Systems Management) and Kings College London (Military Studies); he also holds a number of protective and cyber security certifications.

Margaret Wookey

Head of Information Risk, Global Information Services, British Council

Margaret has worked in Zambia, South Korea, Ireland and Bermuda as well as the UK in the course of a long career with the British Council. She has run cultural programmes for New Zealand and lead budgetary teams, managed higher education recruitment services and HR change programmes. She joined the corporate risk team in 2010 travelling extensively and moved to specialise in information risk on relocating to Bermuda in 2012. She has been the Head of Information Risk for the last two years and is now based in London.

Adam Bland

Head of Emergency Preparedness, Resilience and Response, NHS England (Yorkshire and Humber)

Adam Bland is Head of Emergency Preparedness, Resilience and Response for NHS England across Yorkshire and the Humber. He works with NHS organisations and non-health partners and Local Resilience Forums to ensure arrangements are in place and joined up to deliver the best outcome for patients and the public during disruptive events and emergencies.

NHS England leads the NHS in England, setting its priorities and direction as well as commissioning health care services from GPs, pharmacists and dentists. It is the lead health agency for risk assessing, planning and responding to emergencies and incidents.

Adam’s career in the NHS has involved risk management, service redesign, assurance and commissioning and emergency planning and response in hospital, community and primary care organisations. Previously Chair of the Emergency Planning Society (London), he is a qualified Health Service Commander, has a degree in Public Service Management and a Diploma in Health Emergency Planning.

Among many emergencies throughout his career, Adam led the regional major incident response to the Wannacry cyber attack that affected NHS organisations in 2017.

Sarb Sembhi

Past President, ISACA London Chapter

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also member of the Defence and Security Committee at the London Chamber of Commerce & Industry, and a member of the Cyber Security Working Group at the London Chamber of Commerce and Industry, Infosecurity Magazine Editorial Board, The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was individual member of the Parliamentary IT Committee.

John Hield

Information Security and Compliance Manager, Veolia

John Hield is an experienced information security manager (CISM) with a background in both manufacturing and IT quality assurance management (ITIL & ISO 20000). Since 2006, he has held the role of Information Security and Compliance Manager for Veolia UK and Ireland. A senior member of the UK and Ireland Security team, he covers the less technical aspects of security and manages all IT compliance activities – ISO27001, Cyber essentials+, PCI-DSS, MOD RMADS, GDPR and (previously) SOX. He is an active member of both the Veolia global information security team and the Veolia UK and Ireland Risk Committee.

Ian Goodwin

Director of Information Governance and Risk Management, Global Information Services, British Council

Ian has worked in the area of Information Governance for over 16 years in roles at the Information Commissioner’s Office, the Legal Services Commission, Lambeth Council and now at the British Council as their Director of Information Governance and Risk Management. In his new role Ian leads a team of officers based around the world, covering all areas of Information Governance (Data Protection, Cyber Security, Information Risk Management and Assurance). The current focus of Ian’s role is on preparing the organisation for GDPR and embedding information governance maturity within a 3 lines of defence model.

Ian is IAPP CIPP/E, CIPM, CIPT certified and was one of the first people to receive the IAPP Fellow of Information Privacy designation. Ian is also ISEB qualified Data Protection and Freedom of Information Practitioner, as well as a certified ISO 27001 Lead Auditor and Prince 2 qualified.

Martin Fletcher

Assurance and Information Management Consultant, National Archives

As part of the Information Management Department at The National Archives; Martin Fletcher has provided Cyber Security training to 2,700 staff from over 150 organisations across the public sector. In this role, he has also developed an Information Security ‘train the trainer’ course which is now used by organisations including The Scottish Government, HMRC and the Ministry of Justice. He is also responsible for the Archives’ well established programme of Management Board briefings. Martin believes that the core to ensuring a secure culture is to engage the senior management and encourage them to see cyber security as being more than just an “IT problem.”

Richard Bell

Former Chief Information Security Officer, Transport for London

Transport for London is a dynamic and challenging retail and transportation organisation with annual revenue of £4Bn. In Richard’s former position, his first step was to risk assess the current state of information security at TfL. From that risk assessment he then developed and led the implementation of an effective tactical and strategic cyber response programme to ensure cyber security resilience.

Richard has been with TfL since 2004, during which he has had responsibility for providing security assurance against some of the most significant risks TfL has faced. He is advocator in the harnessing of social media and big data analytics. He has served as a Director for The Security Institute and featured within the IFSEC Global Top 40 of influencers in security 2014 and 2015.

Richard has been with TfL since 2004, during which he has had responsibility for providing security assurance against some of the most significant risks TfL has faced. He is advocator in the harnessing of social media and big data analytics. He has served as a Director for The Security Institute and featured within the IFSEC Global Top 40 of influencers in security 2014 and 2015.

Richard Wright

Senior Officer - Security Education, National Crime Agency

Richard leads the National Crime Agency’s security education programme, with responsibility for policy, guidance, communications and training. As a passionate advocate of people-centric security, he believes long-term behavioural and cultural change strategies should be at the heart of risk reduction instead of viewing people as the weakest link to be designed out by onerous technical controls. Richard is a qualified information security and training professional with over nine years’ experience of working on a number of diverse and challenging security projects.

John Unsworth

Chief Executive, London Digital Security Centre

John is the Chief Executive of the London Digital Security Centre.

The London Digital Security Centre is a joint venture between the Mayor’s Office for Police and Crime (MOPAC), the Metropolitan Police Service (MPS) and the City of London Police (CoLP). Working in partnership with academia and the private industry the London Digital Security Centre aims to help protect businesses operating in London from online criminal threats.

John is a highly regarded financial and cybercrime intelligence professional. He has 20+ years of experience in successfully leading national intelligence activities in the UK aimed at identifying, preventing and detecting criminal activities and targeting financial and cybercrime threats committed by Organised Crime Groups.

Prior to joining the London Digital Security Centre, John was seconded to the Global Cyber Alliance (GCA), from one of its co-founders the City of London Police (CoLP) and also led CoLPs Economic and Cyber Crime Prevention Centre (ECPC).

John has recently completed a Masters degree in Criminology at Cambridge University.

Detective Chief Inspector Vanessa Smith

Yorkshire and Humber Regional Cyber Crime Unit

DCI Vanessa Smith is head of the Yorkshire and Humber Regional Cyber Crime Unit. She has served in West Yorkshire Police for 22 years, developing the force’s first cybercrime unit and cyber response strategy. During her career, she has also investigated historical child sex abuse allegations, managed Registered Sex Offenders and managed teams tackling serious organised crime.

Steve Kennett

Security Director & Senior Information Risk Owner (SIRO), Jisc

Steve Kennett served 23 in the Royal Air Force from 1978 to 2001 as a telecommunications engineer. He served at various bases and in the UK and in operations around the world, he specialised in Data communications, Cryptography & Data protection (cyber and Information security).

On Leaving the RAF Steve held senior positions at Kingston Communications and Centrica where he had responsibilities for the Data & IP networks as well as the One Tel ISP he was responsible for all aspects of IP and ISP operations, design & strategic management.

Steve Joined Ofcom in June 2005 as the Head of Spectrum Services he was responsible for all aspects of Enforcement & Interference policy, business governance and due diligence. He introduced major Legislation & Policy changes into Ofcom the new WT Act 2006, R&TTE Act 2005 and Regulation of Investigatory Powers Act 2000. During his time at Ofcom he was Chair of the Satellite Monitoring MOU committee within CEPT of the European communications office. He left Ofcom on a high after being part of the successful Ofcom Olympics Spectrum Delivery team responsible for keeping the Spectrum for the London 2012 Games free from Interference.

Steve joined Janet in Jan 2013 as the Head of Operational Services and Senior Information Risk Owner (SIRO) is to ensure that appropriate supplier relationships (contractual and otherwise) were in place to support the network and its services and that the services provided over the network are delivered according to the company’s stated service levels and policies and meet customer expectations.

Steve is currently the Security Director and SIRO responsible for Jisc’s response to the increasing cyber security threat, providing leadership for the development of the cyber security strategy and policy to ensure that an extensive programme of enhanced cyber security services and initiatives is maintained that protect the network and meets the needs of Jisc’s members and customers whilst maintaining a high level of cyber security across the Janet network and other Jisc services.