Enterprise Security & Risk Management

27 November 2019

Victoria Park Plaza




Sarb Sembhi

Former President, ISACA London

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of the ISACA Relations Board. Sarb began his career in the public sector as a Project Manager and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including the BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also a member of the Defence and Security Committee and the Cyber Security Working Group at the London Chamber of Commerce & Industry, Infosecurity Magazine Editorial Board, and The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was an individual member of the Parliamentary IT Committee.

Greg van der Gaast

Head of Information Security, University of Salford

Greg has over two decades of technical and management experience in Information Security, starting as one of the most notorious hackers of the late 1990s. A frequent speaker about bringing visibility, care, and accountability to the Information Security profession, he is an expert in building efficient InfoSec organisations and programmes by enabling leadership, addressing root causes, and harnessing human potential.

He is currently the Head of Information Security at the University of Salford where he will also be lecturing on practical information security management in the coming year.

He also has his own consultancy, CMCG, to help others deliver effective and accountable information assurance.

Simon Mullis

Director of Technical Account Management, Tanium

A technologist at heart, Simon Mullis has worked for a number of leading companies – including Palo Alto Networks and FireEye – in his 20-year career in IT and Information Security. He is delighted to have recently joined Tanium where he helps organisations maximise value from the Tanium platform.

Ollie Sheridan

CISSP Gigamon Principal Engineer, Security (EMEA), Gigamon

With over 18years’ experience in IT security, Ollie Sheridan joined Gigamon in November 2015. Having been a Certified Information Systems Security Professional (CISSP) for over 13 years, Ollie is Gigamon EMEA’s Principal Security Engineer and Security Strategist. His wealth of experience in assisting organisations to improve their security posture has ranged from developing Security Standards and writing Security Assessments for major Financial Institutions, to providing assistance in dealing with complex security incidents such as DDoS attacks. Ollie, therefore, has an extensive breadth of knowledge of the key aspects any organisation needs to focus on in order to secure its assets.

Dr Sanjana Mehta

Head of Market Research Strategy (EMEA), (ISC)2

Sanjana Mehta is a market and customer insight leader with over 15 years of international research experience in education, health and IT sectors. She has led several projects to understand the impact of technology on teaching and learning. In her current role as Head of Market Research Strategy at (ISC)² EMEA, Sanjana is responsible for building a strategic understanding of customer needs and market trends in IT and cybersecurity across the EMEA region. She also contributes to thought leadership on topical cybersecurity issues, including skills development.

Denise Beardon

Head of Information Security Engagement, Pinsent Masons

Denise Beardon is Head of Information Security Engagement at Pinsent Masons, an international law firm. Before joining Pinsent Masons, she worked for The Security Company, a security awareness consultancy, where she was responsible for the creation and implementation of their behavioural change methodology, including qualitative and quantitative baseline research. During the past ten years, Denise has worked on many successful behavioural change programmes for several high-profile organisations.

Denise is committed to exploring the interaction between human behaviour and technology and understanding why people do what they do. This insight provides her with the ability to deliver tailored strategic behavioural change programmes that ensure the individual does not feel undermined but empowered to make the right choices. By using behavioural psychology at the heart of her programmes, Denise aims to bring positive change to any cybersecurity culture.

Prior to entering the world of cybersecurity awareness, Denise was internal communications manager for Cambridge Constabulary following a successful career in marketing communications in the private sector. She has a Masters in Crime Writing from the University East Anglia and is working on her debut novel.

Charl van der Walt

Chief Security Strategy Officer, SecureData, part of Orange CyberDefense

After many years in an “attack and penetration” testing role at SensePost, Charl van der Walt has a deep understanding of the “offensive” paradigm within information security with a particular interest and passion for teaching and training. Over the years he has given courses and lectures for companies and universities the world over and has been a regular on the Infosec conference circuit, appearing as a speaker at the prestigious Black Hat Briefings multiple times, where SensePost has consistently also been the biggest-selling training provider over the past 10 years.

Danny Phillips

Senior Manager of Systems Engineers, Zscaler

Danny Phillips is the Senior Manager of Systems Engineering at Zscaler UK.  Danny has spent the majority of his career working with businesses to design and implement their  IT infrastructure, with specific focus on networking components.  With over 20 years’ experience in the field, Danny has seen technologies come and go in the marketplace.  In his current role at Zscaler he has witnessed the continued rise of cloud computing, and its growing importance in today’s IT landscape.

Sarah Janes

Managing Director Layer8, and Co-Founder, Security2Live

Sarah has spent her career managing, delivering and creating security behaviour change programmes. Both from the inside, as BT’s Security Communications Manager to consulting and running programmes for large international businesses. Sarah has developed new methods for changing behaviour putting conversation back at the heart and executing successful long-lasting Champions Programmes.

In addition, Sarah is a co-founder at Security2Live and strongly believes that everyone no matter their employment status should have access to basic digital safety skills.

Flavius Plesu

Co-founder & CEO, OutThink, and Co-founder, Security2Live

Flavius has held senior security positions both within the public and the private sectors and has lead enterprise-wide security transformation programmes as a former CISO. With 20 years of cyber security experience, he is passionate about enabling global organisations to understand their risk exposure and make informed business decisions.

In addition, along with his co-founders in Security2Live, Flavius strongly supports the principle of equipping the average person with the basic digital skills and knowledge required to manoeuvre securely in our increasingly digital personal lives.

Josh Lamming

Cyber Security Manager, Darktrace

Josh Lamming is a Cyber Security Manager at Darktrace, the world’s leading AI company for cyber defence. Josh advises companies from a variety of industries on the use of artificial intelligence for cyber defence, including financial services, aerospace and retail. Josh holds a degree in Modern Languages, French and Spanish from Durham University.

Omer Maroof

Head of IT Risk, Euroclear UK & Ireland

Omer started his career in IT risk consulting at KPMG in the year 2000 where he was involved in several world-class business continuity, security and governance engagements with a particular focus on banking, telco and oil & gas sectors.  From KPMG he moved to EY to focus on IT SOX attestation and advisory work.  Since then Omer has focussed entirely on the financial services sector across the insurance, wealth management, funds and post-trade segments.  At Aberdeen Standard Investments he headed up the IT audit team and was instrumental in developing the IT & change audit and data analytics team within the Internal Audit function.  Earlier this year, he moved to Euroclear UK & Ireland to build the IT Risk capability in the second line Risk Management function with a particular focus on cyber, resilience, outsourcing and the regulatory agenda on the back of the Central Securities Depositories Regulation (CSDR).  Omer has a degree in Systems Engineering & Management and a postgraduate diploma in Information Systems from the University of Leeds.  He holds the Certified in Risk & Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) and Certified ScrumMaster (CSM) certifications.

Ignasi Riera

Vendor Risk Sales Manager, OneTrust

Ignasi Riera is a Certified Information Privacy Professional (CIPP/E) a Third-Party Risk Sales Manager for OneTrust- the #1 most widely used privacy, security and third-party risk technology platform. At OneTrust, he works with GDPR and ePrivacy project teams and C-suite executives across Spain and Portugal to automate and strengthen their core privacy processes. Prior to OneTrust, Riera spent over eight years consulting for industry leading telecommunication companies.

Yvonne Harrison

Group Head of Enterprise Risk and Assurance, Mothercare Plc

Yvonne is Group Head of Enterprise Risk and Assurance with a background of 17 years in successfully leading teams to manage the delivery of comprehensive audit plans across organisations. She started her career in operational risk management prior to working in professional services firms in the UK, Netherlands and Australia.  She is skilled at leading all aspects of internal audit, enterprise and operational risk management, Sarbanes-Oxley and controls transformation. Strong experience of implementing risk and internal audit frameworks globally and working at Board level to develop appropriate strategies and plans.

Helen Hosein

Customer Engineer, Google

Helen Hosein is a customer engineer for Chrome browser and has worked with several large customers to help them uphold best practice and compliance by making use of Chrome’s management capabilities. Helen is considered an expert on Chrome browser security both within Google and externally.

Raif Mehmet

Regional Sales Director, UK & Ireland, Bitglass

Raif is an exceptional business leader who has successfully driven multi million growth in both privately held and publicly quoted companies. Raif has been working for numerous years in IT industries for numerous years and have extensive experience in bringing disruptive technologies to market within networking and security.

Francesco Cipollone

Head of Cloud Security Alliance UK & Ireland; Head of Security Architecture & Strategy HSBC GBM; Director NSC42

Francesco is the Chief Information Security Officer (CISO) and cybersecurity advisor who specialises in strategy and cloud security. Fuelled by passion, curiosity and dissatisfaction for the status quo, he believes in protecting identities in cyberspace and creating a safer, more connected world for future generations.

Francesco is currently helping ELEXON and HSBC build their cybersecurity practices.

In his spare time, he loves to give back to the cybersecurity community. As part of that, Francesco is the Director of Events for the Cloud Security Alliance UK and an active member of ISC2. He launched the #MentoringMonday community together with the support of Jane Frankland and Tanya Janca. The mentorship community is inclusive with a focus on empowering women in cybersecurity.

Michael Macpherson

Lead Information Security Architect, ClearBank

Michael spent 14 years in Her Majesty’s Armed Forces as a non-commissioned officer, specialising in the maintenance, design and deployment of intelligence, reconnaissance and secure communications systems. Over the last eight years, he has developed his commercial cybersecurity experience working with high profile clients in the defence, legal, technology and financial services industries.

As the security architect at ClearBank, ranked the No1 Fintech Disruptor 2019, he is focused on utilising his experience to deliver functional security solutions to DevOps and drive the necessary cultural shift required to adopt security best practice in a native cloud environment.

Previous Speakers

Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

Randi Roisli

IT Technical Security Lead, Shell International

Randi is an information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.

David Wood

Information Security Manager, Kennedys

David Wood has over 14 years’ experience in information security, from access control with Halifax Card Services, to non-compliance management with Lloyds Banking Group. He has worked for Kennedys for over 3 years, overseeing the ISO 27001 certification programme, and general Information Security management.

David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

Algy Booker

Group Head of Information Security, RSA Insurance Group

Algy has worked for RSA for over 30 years in a variety of technology-oriented roles. He has been working in Information Security for over 10 years, developing capability from an initial basic IT Security focus into a wider Information Security framework aligned with Enterprise Risk Management practises.

Mohsin Choudhury

UK Head of Information Security for Bank of Ireland (1st Line)

Mohsin has over 20 years of experience in Information Security from diverse sectors including Investment Banking, Defence & National Security, Central Government, Big 4 Audit Firms, Nuclear and Global Health Organisations. He is responsible for all areas of Information Security from defining security requirements for new digital programmes, advising businesses of their Cyber Risks, Technical Cyber Risk Assessment and Financial Regulatory needs.

During his career, Mohsin has worked on the Security of Satellite Communication Systems, producing key management and encryption systems, helping and advising Global Investment Bank’s with their Information Security maturity and managing large scale security of transformational programmes . He is highly technical and understands business needs.

Mohsin holds CISM and CISSP Certifications and has two Master Degrees, MSc in Defence Communications and MSc in Nuclear Science.

Title: No one is safe – Cyber Crime and the Threat Landscape

Cyber Criminals pose significant threats to individuals, organisations and nation states with devastating consequences.

The speaker will highlight the motives, means and opportunities of  Cyber Criminals  and the impact they are having on our society. He will show the changing threat landscape and why your business will be a target for Cyber Criminals. This session will cover identity theft, financial fraud, ransomware, organised crime and conclude with best ways to protect your business from Cyber Criminals.

Linked in profile

Matthew Kay

Group Data Protection Officer, Balfour Beatty

Matthew holds a Masters in Information Rights Law and Practice and the BCS certificate in Data Protection. He is experienced in case handling and advising organisations on information compliance across a variety of sectors.

Matthew currently heads the Data Protection function for Balfour Beatty(c.40000 employees) overseeing the 6 Data Protection Officers across the strategic business units that the organisation operates to achieve compliance with the General Data Protection Regulation(GDPR) as well as the Data Protection Act 2018.

In addition to his core work he is also a member of the Data Protection Network(https://www.dpnetwork. and a regular speaker at numerous external events on GDPR to help assist other organisations with compliance and share best practice.

He previously worked for the London Borough of Hounslow where he was organisational lead for GDPR implementation(c.2000 employees) as well as being a key member of the Information Governance Network for London.

Prior to this work Matthew worked in the audit department at the Information Commissioner’s Office (ICO) helping organisations improve their privacy practices to reduce risk. He provided expert advice to local government, criminal justice and health organisations through on-site audits which were followed up with listed recommendations. Matthew also worked as part of a network of trainers delivering internal training to all levels within ICO.

His diverse work experience has exposed him to Information risks facing the Financial, Higher Education, Property and Transport, Emergency and Legal sectors.