Enterprise Security & Risk Management 2020


3 November 2020






Director and Chair, Cloud Industry Forum

David is a well-known strategist, keynote speaker and influencer on cloud computing, digital transformation, social collaboration and ERP software.  He is a Director and Chair of the Cloud Industry Forum, judges the UK Cloud Awards, and is Founder & CXO of digital strategy consultancy Agile Elephant.  He is a specialist in sales, marketing and operations in the technology sector, and guest lectures on digital and social media at Henley Business School and on INSEEC’s MBA programme.  David is an advisor and non-exec director for several companies, and a regular host on the tech TV channel Disruptive. Live.

Ollie Sheridan

CISSP Gigamon Principal Engineer, Security (EMEA) Gigamon

With over 18years’ experience in IT security, Ollie Sheridan joined Gigamon in November 2015. Having been a Certified Information Systems Security Professional (CISSP) for over 13 years, Ollie is Gigamon EMEA’s Principal Security Engineer and Security Strategist.

His wealth of experience in assisting organisations to improve their security posture has ranged from developing Security Standards and writing Security Assessments for major Financial Institutions, to providing assistance in dealing with complex security incidents such as DDoS attacks.

Ollie therefore has an extensive breadth of knowledge of the key aspects any organisation needs to focus on in order to secure its assets.

Denise Beardon

Head of Information Security Engagement, Pinsent Masons

Denise Beardon is Head of Information Security Engagement at Pinsent Masons, an international law firm. Before joining Pinsent Masons, she worked for The Security Company, a security awareness consultancy, where she was responsible for the creation and implementation of their behavioural change methodology, including qualitative and quantitative baseline research. During the past ten years, Denise has worked on many successful behavioural change programmes for several high-profile organisations.

Denise is committed to exploring the interaction between human behaviour and technology and understanding why people do what they do. This insight provides her with the ability to deliver tailored strategic behavioural change programmes that ensure the individual does not feel undermined but empowered to make the right choices. By using behavioural psychology at the heart of her programmes, Denise aims to bring positive change to any cybersecurity culture.

Prior to entering the world of cybersecurity awareness, Denise was internal communications manager for Cambridge Constabulary following a successful career in marketing communications in the private sector. She has a Masters in Crime Writing from the University East Anglia and is working on her debut novel.

Hannah Tufts

Cyber Security Awareness Specialist, Pinsent Masons

Hannah Tufts is an independent strategic communications consultant specialising in cyber security awareness, as well as marketing and brand strategy for businesses in the cyber security industry across Europe. Hannah has been supporting Denise Beardon at international law firm, Pinsent Masons, throughout the last two years to develop educational content for colleagues with simplicity and empathy at its core. Hannah most recently delivered a comprehensive communications programme to support the global roll out of Pinsent Mason’s phishing simulation programme and is presenting alongside Denise to share the insights and results from this truly innovative case study.

Hannah possesses a coveted mix of technical cyber security knowledge, expertise in behaviour change, as well as 10 years’ experience in strategic marketing and communications for organisations in cyber security, finance and tech. Hannah graduated with Consciously Digital in 2019 to enhance her understanding of the neuroscientific impact of our relationship with technology, which became the focus of her collaboration with Pinsent Masons.

Hannah is also a keen advocate for diversity in cyber security, continues to work with organisations and schools to encourage young talent into the industry, and runs immersive programmes designed to enable people to exist, survive and thrive in our highly connected world.


Joe Sullivan

Chief Security Officer, Cloudflare

Joe Sullivan joined Cloudflare as its first Chief Security Officer in 2018. Previously, he was the CSO at Uber and Facebook, and held security and legal roles at eBay and PayPal. Joe also served with the U.S. Department of Justice as a prosecutor in the Silicon Valley U.S. Attorney’s Office, where he was focused on technology-related crimes. In 2016, he served on President Obama’s Commission on Enhancing National Cybersecurity. Joe works with several organizations that promote Internet safety and security and has been an active investor and advisor to technology start-ups.

Arun Singh

Director Product Marketing, Cloudflare

Arun Singh is leading the Security Product Marketing at Cloudflare, with over 12 years of experience in Cyber Security for enterprises. Working closely with global sales teams and customers to ensure a value-driven product is delivered to customers measured by a set of key metrics. Having previously worked for other tech companies such as Salesforce and Oracle, Arun believes Innovation solves challenges and brings new ones, especially for a tech marketer as such. New ideas, disrupting technology, and solid products drive him to create compelling business value propositions. Arun is passionate about enabling sales teams to envision the product strategy & value and most importantly evangelizing products to customers.

Mike Beck

Global CISO, Darktrace

Mike has 10 years’ experience as operational advisor and delivery lead for a range of national security programmes in the UK government. With vast experience of consulting on tactical cyber defense, he oversees the support and training of Darktrace clients post-implementation. Prior to joining Darktrace in 2014, Mike also served as a GovCERT UK practitioner, defending against a wide range of cyber threats.

Mike was also deployed as a civilian advisor to a number of active operational commands within the UK military. He holds a first-class degree in Computer Science from the University of Plymouth, and is a Certified Information Systems Security Professional (CISSP) and a GIAC Incident Handler.

Carina Kabajunga

Head ICT, The Commonwealth Secretariat

Carina Kabajunga, who heads the Information Technology section at the Commonwealth Secretariat, has a special interest in the application of ICTs and Analytics in improving service provision in the public sector. Carina has in previous roles, worked in Government, Academia and the private sector, leading IT and Information Security initiatives, and promoting the use of Data and Data Governance in organisations. She has over 20 years\’ of experience as an Information Security and Data Management Practitioner and has served as a Board member for her local chapter of the Information Systems Audit and Control Association.

Andrew Hollister

Senior Director LogRhythm Labs & Security

Andrew Hollister, Sr. Technical Director of LogRhythm EMEA, oversees technical resources for the region to advance LogRhythm’s vision of providing an unrivalled NextGen SIEM platform. He studies the threat landscape to understand how customers can leverage analytics within the LogRhythm platform to detect and respond to cyber threats.

For over 20 years, Andrew has had the opportunity to work in a variety of IT consulting roles, working within the private and public sector, including SIEM, DLP and application level firewall design and implementation. Andrew joined the LogRhythm team in 2012 and has a keen interest in machine analytics.

Manish Patel

Director of Corporate Risk, Dataminr

As the Director of Corporate Risk for Dataminr in EMEA, Manish Patel specialises in helping corporate risk teams implement open source technologies. Previously, as a Director for Juniper Networks, he oversaw a Client Management team that provided security and infrastructure solutions to companies globally.

Norbert Eschle

Enterprise Data Architect, Direct Line Group

In his data architecture career Norbert’s work has included regulatory projects, growing and establishing data architecture and its governance. He has a background in enterprise data management, business intelligence and analytics in a variety of industries such as finance, technology and transportation. As Enterprise Data Architect for Direct Line Group, Norbert is responsible for providing the required data capabilities to support business needs in an increasingly digital market.

James Astley

Solutions Director, Somerford Associates

James is highly experienced in identifying appropriate solutions based on organisational requirements; providing technical and strategic guidance to FTSE 100 companies and the Public Sector to ensure their programmes of work are both optimised and can deliver on their strategic requirements, align solutions within budget and timescale.

James has achieved certification in a wide range of program implementations, including solutions from  AWS, Splunk, Varonis, Netskope, HashiCorp, Okta, Centrify, Cloudian and SecurityScorecard.

Delivering  a range of ‘best in class’ solutions across security, identity and analytics as recognised by Gartner Magic Quadrant and Forrester Wave market analysis providing solutions to complex data challenges.

Phil Soane 

Senior Channel Development - AWS Marketplace

Phil is an experienced IT professional and has worked in channel roles for over 15 years. He is passionate in explaining how AWS Marketplace transforms the way organisations approach software discovery, procurement, entitlement, provisioning, and governance, streamlining the traditional supply chain and enabling digital transformation.

He focuses on supporting partners leveraging the AWS Marketplace and helping develop new business models which make a demonstrable difference to the channel community.

Chris Green

Head of Communications EMEA, (ISC)²

As a business and technology journalist, as well as a communications professional, Chris Green has been at the forefront of technology reporting and reviewing for over 25 years. His specialist areas include security, networking & telecommunications, internet technologies, storage, office productivity tools, operating systems and automotive technology. Chris has a background in both consumer and business IT journalism as well as research. Chris\’ background includes three years as the launch Editor of the highly-respected UK business IT publication IT PRO. Prior to this, Chris worked for Computing, where he spent nine years as Technical Editor and then Editor of computing.co.uk, as well as Editor of its sister title Data Business. Chris also spent two years leading content development for the Future of Work: Amplifying Human Potential research series, launched at the World Economic Forum’s Davos conference.

Sandy Silk

Director of Information Security Education and Consulting, Harvard University

Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Her team at Harvard consults with researchers, faculty, and departments on security risks and controls for the data, technology, and vendors they use within their projects. Sandy is also involved in several Women in Technology (WIT) organizations and programs, and she led the creation of a WIT mentoring program at Harvard. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.

Jon Geater

Co-Founder & CTO, Jitsuin

Jon applies his expertise in cryptography, cybersecurity and blockchains to challenging issues in the Internet of Things. Jon has held senior global technical roles at Thales e-Security, Trustonic, ARM and nCipher where he built chip-to-cloud solutions for mobile, IoT, payments and smart cities while managing large global teams, integrating acquisitions and driving corporate strategy.

Jon leads open standards at board committee level having served GlobalPlatform, Trusted Computing Group, OASIS and Hyperledger. He now chairs the Security and Trust Working Group at the Digital Twin Consortium.

Jonathan Ehret

CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon

Jonathan has been a third-party risk practitioner since 2004. He is co-founder and former president of the Third-Party Risk Association.

He has deep experience building and running third-party risk programs in finance and healthcare. He started with RiskRecon in April, 2020.

Dave Philpotts

Senior Sales Engineer, Varonis Systems

Over 20-years’ experience in IT including IT Management for a household name and working for MSPs serving clients across all sectors. Before joining Varonis in January 2017, was working in PreSales for an MSP aligned to the Finance Sector where I was technical lead for a number of startup mortgage companies and banks.

Constantine Malaxos

Director of Strategic Alliances, ProcessUnity

As Director of Strategic Alliances for ProcessUnity, Constantine is responsible for finding and building long-term successful relationships with ProcessUnity’s strategic partners. He shares the alliance team’s and partner’s goal of providing optimal value from ProcessUnity’s solutions.

Throughout his career, Constantine has built successful teams within high growth technology firms.  Prior to joining ProcessUnity, he created and led Hiperos’(now Coupa) alliance program.  He also led Lumeta’s (FireMon) North American Commercial Sales team.  Constantine earned his MBA from UCLA Anderson School of Management.

Grant McDonald

Director Solutions Marketing, BMC Software

Grant is an Information Security veteran whose career has spanned numerous technologies including Endpoint, Web, Server, Cloud and Data Security. At BMC his focus is helping large enterprises integrate more of their critical infrastructure and build their XDR strategies.

Paul “PJ” Norris

Senior Systems Engineer, Tripwire

Paul “PJ” Norris has over 28 years of IT experience and 15 years working in the information security industry. In 2015, he joined Tripwire as a Senior Systems Engineer, providing pre-sales support to the UK & EMEA region across multiple industry verticals and international markets. Paul’s security expertise spans across the fields of e-discovery, forensics, policy and compliance. He regularly contributes to Tripwire’s blog, The State of Security.

Javvad Malik

Security Awareness Advocate, KnowBe4

Javvad Malik is a Security Awareness Advocate at KnowBe4, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speak to both technical and non-technical audiences alike.

Prior to joining KnowBe4, he was security advocate at AlienVault. Before then, he was a Senior Analyst at 451’s Enterprise Security Practice (ESP).

Ilia Sotnikov

Vice President of Product Management, Netwrix Corporation

Ilia Sotnikov is responsible for Netwrix product vision and strategy. He has over 15 years of experience in IT management software market. Prior to joining Netwrix in 2013, he was managing SharePoint solutions at Quest Software (later acquired by Dell).


Scott Bridgen

GRC Consulting Director, OneTrust

Scott Bridgen serves as a GRC Consulting Director for OneTrust GRC– a purpose-built software designed to operationalise integrated risk management. In his role, Scott is responsible for driving the development and delivery of OneTrust’s integrated risk management product as well as driving the refinement of the toolset and offerings. He advises companies throughout their risk management implementations to establish processes to support operations and align with their enterprise objectives, including adopting industry best practices and adhering to requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG and more).

Scott works with clients to realise the extent of their risk exposure, helping clients to map their digital infrastructure, assess risks, combat threats, monitor ongoing performance, and document evidence throughout the risk lifecycle.

Previous Speakers

Claus Murmann

Head of Risk Analytics Systems, Standard Chartered Bank

Claus is currently Head of Risk Analytics Systems at Standard Chartered Bank, leading strategy for systems that support the model development lifecycle including model inventory, model risk management and development platforms for models and advanced analytics of risk metrics and data.

Prior to that he was a senior lead in JP Morgan’s Data Science team, as product manager on projects spanning the Markets’ trading and sales functions. He has broad experience in investment banking and trading technology systems, and spent several years on trading floors designing and delivering IT trading systems for commodities front office desks again with a focus on data and analytics.

Renaud Di Francesco

Director, Europe Technology Standards Office, Sony Europe BV

Renaud Di Francesco, PhD, is the Director of the Europe Technology Standards Office of Sony, supporting the Sony Group in its global standards development needs, ranging from content aspects to networks and energy consumption, security and privacy, including the substantial objective of sustainability for the Planet and its People.

He has held positions in business development and technology management with Sony and France Telecom. Before joining the private sector, he has been a national and European civil servant employed by the Ministry of PTT and the European Commission and is aware of the challenges of policy efficiency and technology neutrality. His current interests include the transformation of industry sectors such as the Automotive with a roadmap to autonomy, Industry of the Future, as well as IoT, and the use of Artificial Intelligence.

Steve Mulhearn

Director Enhanced Technologies UKI & DACH, Fortinet

Steve is the Business Development Director for Fortinet and Shares his experiences from Fortinet and other organisations in a rapidly changing and challenging world. He has over 25 years in Cyber security and has built a number of Companies including Arbor Networks and Isight Partners working in Cyber Intelligence.

Nadine Thomson

Former Group Director of Technology, Conde Nast International; Digital Technology Advisor, News UK

Nadine leads the transformation of businesses through technology change. She has worked internationally across a range of industries including media, retail, travel and financial services. Nadine has a computer science background and couples business knowledge with deep technical understanding to help businesses evolve. She has a breadth of experience tailoring security and risk for different industries, business strategies and risk appetites. Nadine has recently worked as Group CTO Conde Nast International (Vogue, GQ) and Technology Director for Vue Cinema. She is currently consulting for News UK on their digital technology structure and operating model.

Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

Randi Roisli

IT Technical Security Lead, Shell International

An information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.

David Wood

Information Security Manager, Kennedys

David Wood has over 14 years’ experience in information security, from access control with Halifax Card Services, to non-compliance management with Lloyds Banking Group. He has worked for Kennedys for over 3 years, overseeing the ISO 27001 certification programme, and general Information Security management.

David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

Algy Booker

Group Head of Information Security, RSA Insurance Group

Algy has worked for RSA for over 30 years in a variety of technology-oriented roles. He has been working in Information Security for over 10 years, developing capability from an initial basic IT Security focus into a wider Information Security framework aligned with Enterprise Risk Management practises.

Mohsin Choudhury

UK Head of Information Security for Bank of Ireland (1st Line)

Mohsin has over 20 years of experience in Information Security from diverse sectors including Investment Banking, Defence & National Security, Central Government, Big 4 Audit Firms, Nuclear and Global Health Organisations. He is responsible for all areas of Information Security from defining security requirements for new digital programmes, advising businesses of their Cyber Risks, Technical Cyber Risk Assessment and Financial Regulatory needs.

During his career, Mohsin has worked on the Security of Satellite Communication Systems, producing key management and encryption systems, helping and advising Global Investment Bank’s with their Information Security maturity and managing large scale security of transformational programmes . He is highly technical and understands business needs.

Mohsin holds CISM and CISSP Certifications and has two Master Degrees, MSc in Defence Communications and MSc in Nuclear Science.

Title: No one is safe – Cyber Crime and the Threat Landscape

Cyber Criminals pose significant threats to individuals, organisations and nation states with devastating consequences.

The speaker will highlight the motives, means and opportunities of  Cyber Criminals  and the impact they are having on our society. He will show the changing threat landscape and why your business will be a target for Cyber Criminals. This session will cover identity theft, financial fraud, ransomware, organised crime and conclude with best ways to protect your business from Cyber Criminals.

Linked in profile

Matthew Kay

Group Data Protection Officer, Balfour Beatty

Matthew holds a Masters in Information Rights Law and Practice and the BCS certificate in Data Protection. He is experienced in case handling and advising organisations on information compliance across a variety of sectors.

Matthew currently heads the Data Protection function for Balfour Beatty(c.40000 employees) overseeing the 6 Data Protection Officers across the strategic business units that the organisation operates to achieve compliance with the General Data Protection Regulation(GDPR) as well as the Data Protection Act 2018.

In addition to his core work he is also a member of the Data Protection Network(https://www.dpnetwork. org.uk) and a regular speaker at numerous external events on GDPR to help assist other organisations with compliance and share best practice.

He previously worked for the London Borough of Hounslow where he was organisational lead for GDPR implementation(c.2000 employees) as well as being a key member of the Information Governance Network for London.

Prior to this work Matthew worked in the audit department at the Information Commissioner’s Office (ICO) helping organisations improve their privacy practices to reduce risk. He provided expert advice to local government, criminal justice and health organisations through on-site audits which were followed up with listed recommendations. Matthew also worked as part of a network of trainers delivering internal training to all levels within ICO.

His diverse work experience has exposed him to Information risks facing the Financial, Higher Education, Property and Transport, Emergency and Legal sectors.

Sarb Sembhi

Past President, ISACA London

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of the ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including the BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also a member of the Defence and Security Committee and the Cyber Security Working Group at the London Chamber of Commerce & Industry, Infosecurity Magazine Editorial Board, and The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was an individual member of the Parliamentary IT Committee.

David Terrar

Director and Deputy Chair, Cloud Industry Forum

David is a well-known strategist, keynote speaker and influencer on cloud computing, digital transformation, social collaboration and ERP software.  He is a Director and Deputy Chair of the Cloud Industry Forum, judges the UK Cloud Awards, and is Founder & CXO of digital strategy consultancy Agile Elephant.  He is a specialist in sales, marketing and operations in the technology sector, and guest lectures on digital and social media at Henley Business School and on INSEEC’s MBA programme.  David is an advisor and non-exec director for several companies, and a regular host on the tech TV channel Disruptive. Live.