Enterprise Security & Risk Management

26 March 2019

Victoria Park Plaza




Eliza May Austin

Incident Responder, Founder and Director of LLHS (Ladies of London Hacking Society)

Eliza specializes in incident response in the enterprise environment. She is particularly interested in the bespoke designing of threat intelligence, and advanced targeted attack response and remediation. She strongly advocates for neuro and class diversity in the security industry. Eliza’s passion for information security spurred her on to create Ladies of London Hacking Society. An offensive & defensive technical security meetup for women, with a focus on technical knowledge and skill sharing between women in the security field.

Louise McCarthy

Former Chief Operating Officer – Global Digital Transformation Director, HSBC

An outstanding and dynamic inspirational CIO transformational and business change leader with over 35 years’ experience in some large private and public sector organisations. Also highly respected in the technology, digital industry as a passionate, energized and transformational leader who achieves amazing results. I am valued at board level for design of complex technology and digital transformational visions, and strategy. The ability to take complex organisations with the need for transformation and align to business objectives. A background in finance and commercial giving the ability to see the wider picture and achieved commercial creativity.

I am a strong business leader with commercial/financial skills, who happens to specialise in technology and digitialisation, but experience in delivering measurable and dramatic changes in large, complex organisations well beyond the traditional IT or support office functions, has made me a change agent that can revolutionise any enterprise. Award winner experienced, results-oriented Technology Digital transformation leader with proven track record of managing complex information technology environments and achieving successful outcomes. Also have skills in technology start-ups, venture capitalist business turnaround, and divisional / entity business turnaround.

Mike Spradbery

Senior Technical Leader, IBM Security UK & Ireland

Mike is IBM’s Technical Leader for the UK & Ireland Security Business, managing a diverse team of technical specialists who work with clients across all industries. During the past 20 years, Mike has worked with security, mobile, social and web experience technologies in a variety of business leadership, sales and technical roles.

Ralf Overkamp

Vice President, Vice President Group Security Governance, Deutsche Telekom

Ralf is responsible for assuring Deutsche Telekom’s holistic security approach. This contains strategy, regulations and control in all security domains as well as steering the cooperation of the group’s security departments.
Ralf started his professional career in the German Federal Police. After completing law school in Bonn (GER) and Lausanne (CH) he joined Deutsche Telekom and practiced law in various legal functions. Later he combined both his legal and security background and assumed responsibility for security governance and compliance functions at their headquarters in Bonn.

Ralf practiced law for a period of 10 years in Deutsche Telekom’s legal departments. In 2009 he combined both his legal and security background and assumed responsibility for security governance and compliance functions at their headquarters in Bonn.

Etienne Greeff

CTO & Founder, SecureData

Etienne Greeff is one of the early pioneers of the information security industry. He has spent over 20 years promoting the innovative use of technology and services to solve complex customer issues: founding, growing and successfully exiting a number of information security businesses. As CTO of SecureData, Etienne is passionate about cementing its status as a complete security services provider. He is a graduate of the University of the Witwatersrand in South Africa with a BSc in Electrical Engineering.

Nicola Crawford

Chief Risk Officer, Financial Services Compensation Scheme; Immediate Past Chair of the Board, Institute of Risk Management

Nicola is currently Acting Chief Risk Officer for the Financial Services Compensation Scheme, MD of i-Risk Europe Ltd and the immediate past Chair of the Institute of Risk Management.

Nicola is a motivated and high-performing risk professional offering over 18 years’ experience in governance, regulatory change/compliance, assurance, and enterprise risk management (ERM) combined with solid record of accomplishment in identifying and implementing strategies to capture improvement opportunities within global banking groups, healthcare, retail, energy, utilities, investment banking, asset/wealth managers and insurers (Life and GI).

Nicola is a proven senior programme and line manager with success in mobilising cross functional/cultural teams and influencing Boards to transform, enhance and deliver enterprise risk management, governance, financial and regulatory reporting structures, compliance frameworks/processes, controls, and technology. Nicola offers a strong track record in uniting ERM strategy, Risk Governance and putting new regulatory strategy into action whilst delivering commercial benefits.

Simon Mullis

Regional Technical Officer, Tanium

A technologist at heart, Simon Mullis has worked for a number of leading companies – including Palo Alto Networks and FireEye – in his 20-year career in IT and Information Security. He is delighted to have recently joined Tanium where he helps organisations maximise value from the Tanium platform.

Andrew Tsonchev

Director of Technology, Darktrace

Andrew oversees Darktrace’s OT security offerings, providing cyber defense solutions for industrial environments. Andrew has worked extensively across all aspects of Darktrace’s technical and commercial operations, and advises Darktrace’s strategic Fortune 500 customers on advanced threat detection, machine learning and autonomous response. Andrew has a technical background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London.

Burak Agca

Enterprise Sales Engineer, Lookout

Burak started his career in Sales engineering 7 years ago with LANDesk (now Ivanti) focused on systems management. More recently Burak was a senior sales engineer for Citrix leading enterprise mobility management opportunities in the U.K

A born Londoner, he returned after a stay in Coventry to study Information Systems Management and Business IT.

Richard Flanders

UK Head of Cloud Security, Check Point Software Technologies

Richard has been UK Head of Cloud Security at Check Point for three years. He is well-known as an expert in the field of cloud security and is instrumental to the development of this business within Check Point UK.

Richard has previously occupied roles at VMware, Computacenter and Fujitsu and has accumulated over 30 years of experience in guiding and influencing enterprise customers as they deploy innovative IT solutions.

Ian Brown

Head of Information Security, British Heart Foundation

Ian is a business focused information security professional, holding positions in complex, international companies where safety is critical. He is currently working for the nation’s heart charity, founding the information security department and transforming the use of security and data with a focus on long lasting change and getting “the basics” right.

Claus Murmann

Head of Risk Analytics Systems, Standard Chartered Bank

Claus is currently Head of Risk Analytics Systems at Standard Chartered Bank, leading strategy for systems that support the model development lifecycle including model inventory, model risk management and development platforms for models and advanced analytics of risk metrics and data.

Prior to that he was a senior lead in JP Morgan’s Data Science team, as product manager on projects spanning the Markets’ trading and sales functions. He has broad experience in investment banking and trading technology systems, and spent several years on trading floors designing and delivering IT trading systems for commodities front office desks again with a focus on data and analytics.

Renaud Di Francesco

Director, Europe Technology Standards Office, Sony Europe BV

Renaud Di Francesco, PhD, is the Director of the Europe Technology Standards Office of Sony, supporting the Sony Group in its global standards development needs, ranging from content aspects to networks and energy consumption, security and privacy, including the substantial objective of sustainability for the Planet and its People.
He has held positions in business development and technology management with Sony and France Telecom. Before joining the private sector, he has been a national and European civil servant employed by the Ministry of PTT and the European Commission and is aware of the challenges of policy efficiency and technology neutrality. His current interests include the transformation of industry sectors such as the Automotive with a roadmap to autonomy, Industry of the Future, as well as IoT, and the use of Artificial Intelligence.

Steve Mulhearn

Director Enhanced Technologies UKI & DACH, Fortinet

Steve is the Business Development Director for Fortinet and Shares his experiences from Fortinet and other organisations in a rapidly changing and challenging world. He has over 25 years in Cyber security and has built a number of Companies including Arbor Networks and Isight Partners working in Cyber Intelligence.

Nadine Thomson

Former Group Director of Technology, Conde Nast International; Digital Technology Advisor, News UK

Nadine leads the transformation of businesses through technology change. She has worked internationally across a range of industries including media, retail, travel and financial services. Nadine has a computer science background and couples business knowledge with deep technical understanding to help businesses evolve. She has a breadth of experience tailoring security and risk for different industries, business strategies and risk appetites. Nadine has recently worked as Group CTO Conde Nast International (Vogue, GQ) and Technology Director for Vue Cinema. She is currently consulting for News UK on their digital technology structure and operating model.

Previous Speakers

Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

Randi Roisli

IT Technical Security Lead, Shell International

An information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.

David Wood

Information Security Manager, Kennedys

David Wood has over 14 years’ experience in information security, from access control with Halifax Card Services, to non-compliance management with Lloyds Banking Group. He has worked for Kennedys for over 3 years, overseeing the ISO 27001 certification programme, and general Information Security management.

David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

Algy Booker

Group Head of Information Security, RSA Insurance Group

Algy has worked for RSA for over 30 years in a variety of technology-oriented roles. He has been working in Information Security for over 10 years, developing capability from an initial basic IT Security focus into a wider Information Security framework aligned with Enterprise Risk Management practises.

Mohsin Choudhury

UK Head of Information Security for Bank of Ireland (1st Line)

Mohsin has over 20 years of experience in Information Security from diverse sectors including Investment Banking, Defence & National Security, Central Government, Big 4 Audit Firms, Nuclear and Global Health Organisations. He is responsible for all areas of Information Security from defining security requirements for new digital programmes, advising businesses of their Cyber Risks, Technical Cyber Risk Assessment and Financial Regulatory needs.

During his career, Mohsin has worked on the Security of Satellite Communication Systems, producing key management and encryption systems, helping and advising Global Investment Bank’s with their Information Security maturity and managing large scale security of transformational programmes . He is highly technical and understands business needs.

Mohsin holds CISM and CISSP Certifications and has two Master Degrees, MSc in Defence Communications and MSc in Nuclear Science.

Title: No one is safe – Cyber Crime and the Threat Landscape

Cyber Criminals pose significant threats to individuals, organisations and nation states with devastating consequences.

The speaker will highlight the motives, means and opportunities of  Cyber Criminals  and the impact they are having on our society. He will show the changing threat landscape and why your business will be a target for Cyber Criminals. This session will cover identity theft, financial fraud, ransomware, organised crime and conclude with best ways to protect your business from Cyber Criminals.

Linked in profile

Matthew Kay

Group Data Protection Officer, Balfour Beatty

Matthew holds a Masters in Information Rights Law and Practice and the BCS certificate in Data Protection. He is experienced in case handling and advising organisations on information compliance across a variety of sectors.

Matthew currently heads the Data Protection function for Balfour Beatty(c.40000 employees) overseeing the 6 Data Protection Officers across the strategic business units that the organisation operates to achieve compliance with the General Data Protection Regulation(GDPR) as well as the Data Protection Act 2018.

In addition to his core work he is also a member of the Data Protection Network(https://www.dpnetwork. and a regular speaker at numerous external events on GDPR to help assist other organisations with compliance and share best practice.

He previously worked for the London Borough of Hounslow where he was organisational lead for GDPR implementation(c.2000 employees) as well as being a key member of the Information Governance Network for London.

Prior to this work Matthew worked in the audit department at the Information Commissioner’s Office (ICO) helping organisations improve their privacy practices to reduce risk. He provided expert advice to local government, criminal justice and health organisations through on-site audits which were followed up with listed recommendations. Matthew also worked as part of a network of trainers delivering internal training to all levels within ICO.

His diverse work experience has exposed him to Information risks facing the Financial, Higher Education, Property and Transport, Emergency and Legal sectors.

Sarb Sembhi

Past President, ISACA London

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of the ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including the BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also a member of the Defence and Security Committee and the Cyber Security Working Group at the London Chamber of Commerce & Industry, Infosecurity Magazine Editorial Board, and The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was an individual member of the Parliamentary IT Committee.