Enterprise Security & Risk Management

19 April 2018

Victoria Park Plaza



New Cryptojacking Attack Hits Thousands of Websites

14th February 2018

By John Connolly Over 4000 sites were compromised this weekend when hackers inserted malicious code that hijacked the processing power of any site visitor’s computer […]

Cyber is Third Most Likely Global Risk

31st January 2018

By J Connolly The World Economic Forum’s Global Risks Report 2018 released this January warns of the increasing likelihood of cyber attacks and their growing […]



Nicola Lishak

Information Security Risk Lead, Royal Mail Group

Nicola is an Information Security Risk Lead at the Royal Mail Group driving change through an information security risk and compliance programme as the organisation prepares for GDPR. Nicola started her career in the Big 4 working with major clients across all industries from Financial Services to Critical National Infrastructure working on projects designed to improve capabilities in Corporate Security, Information Risk Management, Business Continuity and Technology Resilience. Nicola has designed and implemented an enterprise security risk management framework for a FTSE100 company, delivered large scale international security assurance projects and conducted security audits for a range of clients. She has supported organisations in defining security risk management strategies and has experience in developing effective ways to stimulate security culture, through training and awareness at the first line.

Phil Cracknell

Group Cyber Security Advisor, HomeServe

Phil is regarded as one of Europe’s leading information security experts. He has held several CISO (Chief Information Security Officer) roles spanning five different industry sectors.

With over 28 years’ experience gained in a variety of high-profile technology and security management roles, he offers a unique insight to the world of information security, cyber-threats and risk management. He is a regular speaker at UK, Middle Eastern and European conferences.

As national publicity on the subject of ‘Wireless security’ peaked in 2002, Phil became somewhat of a cyber-security celebrity with appearances on Sky TV, BBC News and in national and industry press.

Phil remains highly technical with a hands-on security capability not normally present with someone of his seniority in the industry.

He has vast amounts of project success, technical deliverable experience and can operate at any level.  Serving as Group Security & Risk Advisory to Arriva Plc.(2015), Advisor to the Board at Camelot UK (2016/17) and is currently a board advisor retained by HomeServe plc (2017).  He was the founder and chairman of the non-profit ClubCISO group – www.clubciso.organd is a non-executive director of the Cloud Security firm Everycloud –

Peter Drissell

Air Commodore, MA, BSc, FCGI, FIoD, Director Aviation Security, and Transformation Director, Civil Aviation Authority

Peter was appointed by the Civil Aviation Authority (CAA) as its first Director of Aviation Security in 2013 and led the transition of operational aviation security functions from the Department for Transport (DfT) to the CAA on 1st April 2014.   Prior to his appointment, Peter was Director of Security & Business Continuity for the Home Office. Before this, Peter had served for 32 years in the Royal Air Force from which he retired as an Air Commodore in April 2007; his last appointment combined the roles of Commandant General of the Royal Air Force Regiment and Air Officer RAF Police.

Sarb Sembhi

Past President, ISACA London Chapter

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of the ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including the BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also a member of the Defence and Security Committee and the Cyber Security Working Group at the London Chamber of Commerce & Industry, Infosecurity Magazine Editorial Board, and The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was an individual member of the Parliamentary IT Committee.

Darren Hickling

Senior Developer, Bud Systems, formerly Senior Developer, Vitality UK

Darren loves software engineering, and actively seeking out interesting challenges. He has worked at large corporates, agencies and now a start-up, on both greenfield projects and vast, established codebases. His teams have created endlessly customisable user interfaces, incredibly fast search engines and, ultimately, very successful products, in London and the South West. When not researching the next fun home project, Darren attempts to entertain his young family and relax with a hard-earned craft beer or two.

Omid Raghimi

Senior Cyber Security Engineer – Incident Response (DFIR), Lloyds Banking Group

Lloyds Banking Group

Heinz Janiec

Sen Project Manager, Oil and Gas Industry

Heinz is 61 years old, married and with two children. Prior to starting his own consultancy firm, Specialy Engineering, Heinz worked at Shell for forty years in a variety of positions such as Maintenance, Advanced Process Control, Team Lead for DCS and ESD, and in Functional Safety (HAZID & HAZOP).

Andrew Rice

Information Security Strategist, Interpublic Group

Andrew is a dynamic information technology management professional offering over 25 years’ experience leading comprehensive Information Technology Security initiatives. He is a proven technology leader who excels as a pivotal business partner and provides critical training and leadership to the executive team. Andrew has been responsible for the protection of critical information for defence, legal, governments, and global financial institutions. He is a founding member of GCHQ’s Certified Listed Advisor Scheme.

Junaid Farooqui

Local Information Security Officer (Interim), Volkswagen Financial Services (UK)

Junaid Farooqui is an experienced Cyber Security Architect and Consultant, working for the last 20 years in various sectors such as Banking, Insurance, Transport, Health, Local Government, Utilities, Automobile and Media.

Coming from an engineering background he made his way up to acquire knowledge and expertise in the field of IT and Cyber Security to provide solutions and advice for complex business requirements.

He has a MSc degree in Information Security and also holds CISSP certification. He has other certification such as TOGAF, PRINCE, and ITIL as he believes from his practical experience that security cannot be implemented without understanding various organisational business and IT functions.

Simon Legg

Group CISO, Jardine Lloyd Thompson plc

Simon is a Changer, Shaker, Motivator and Manager of Amazing People. He has tangible success in driving strategies, enabling IT risk, information security and systems compliance as a commercial advantage, transforming and managing global services, developing organisations and business infrastructures.

Simon is commercially astute and a relentless negotiator with a broad range of senior-level management experience working within energetic, complex and fast-moving environments. He is Prosci Change Management, Six-Sigma & ITIL qualified, with experience introducing best practice frameworks, methods, and implementing measurements that fundamentally just make good sense.

John Moor

Managing Director, IoT Security Foundation

John Moor is the Managing Director of the IoT Security Foundation. He has over 30 years’ experience in the electronic systems and microelectronics industry and holds executive leadership and general manager responsibilities for IoTSF. Previously John served as a vice-president at the National Microelectronics Institute where he was tasked with formulating strategy and leading the implementation of key innovation initiatives including creating a portfolio of technical engineering networks and running the Future World Symposium.

Prior to this John was a founder of Bristol-based start-up ClearSpeed Technology (formerly PixelFusion Ltd). During this time he led engineering operations at vice-president level, responsible for technology acquisitions, establishing international supply chain operations and acquiring capability in the UK, USA and Taiwan. John’s formative engineering career centred on leading-edge microprocessor based systems (substantially parallel systems) used in virtual reality, high performance computing, graphics and data communications applications

Previous Speakers

J. Kirk Wiebe

NSA Whistleblower

J. Kirk Wiebe is a retired National Security Agency whistleblower who worked at the agency for over 32 years. During his tenure there, he received the Director CIA’s Meritorious Unit Award and the NSA’s Meritorious Civilian Service Award – that Agency’s second highest distinction – for work against foreign strategic weapons systems. Wiebe’s colleague William Binney developed the ThinThread information processing system that, arguably, could have detected and prevented the 9/11 terrorist attacks. NSA officials though, ignored the program in favor of Trailblazer, a program that ended in total failure in 2005 with costs of billions of dollars. Wiebe, together with colleagues William Binney, Diane Roark (former HPSCI senior staffer), and Ed Loomis (former NSA computer systems analyst) blew the whistle on NSA mismanagement and waste of billions of dollars on Trailblazer in a complaint to the Department of Defense Inspector General (DoD IG), but to no avail. Post 9/11, the NSA used ThinThread to illegally spy on U.S. citizens’ communications. Unable to stay at NSA any longer in good conscience, Wiebe, along with colleagues Binney and Loomis retired in October 2001. Since retiring, Wiebe has made several key public disclosures regarding NSA’s massive surveillance program subverting the U.S. Constitution.

William Binney

NSA Whistleblower

William Binney is a former high-level National Security Agency intelligence official who, after his 2001 retirement after 30 years, blew the whistle on NSA surveillance programs. His outspoken criticism of the NSA during the George W. Bush administration made him the subject of FBI investigations that included a raid on his home in 2007. Even before Edward Snowden’s NSA whistleblowing, Binney publicly revealed that NSA had access to telecommunications companies’ domestic and international billing records, and that since 9/11 the agency has intercepted some 15 to 20 trillion communications. The Snowden disclosures confirmed many of the surveillance dangers Binney — without the benefit of documents — had been warning about under the Bush and Obama administrations.

Etienne Greeff

Chief Technology Officer and Founder, SecureData

Etienne is one of the early pioneers of the information security industry. He has spent over 20 years promoting the innovative use of technology and services to solve complex customer issues: founding, growing and successfully exiting a number of information security businesses. As CTO of SecureData, Etienne is passionate about cementing its status as a complete security services provider. He is a graduate of the University of the Witwatersrand in South Africa with a BSc in Electrical Engineering.

Ian Greenwood

Regional Sales Manager UK&I, Thales eSecurity

As Regional Manager for Enterprise Accounts, Ian has gained extensive experience having worked alongside the UK’s largest enterprises over the past 15 years.  With a focus on securing the enterprise, Ian’s background includes the security division of Computacenter, Senetas, and Biodata. His role at Thales eSecuirty is to advise and guide FTSE500 companies in their data protection strategies with specific interest in encryption.

Kirill Kasavchenko

Principal Security Technologist, Arbor Networks

Kirill Kasavchenko is a Principal Security Technologist at Arbor Networks with a focus on technology research. Kirill has over 13 years of pre- and post-sales networking and security experience working for infrastructure vendors and systems integrators. Since joining Arbor Networks in 2011 Kirill has been helping Arbor customers in EMEA to deploy Arbor solutions and launch value-added security services. On his previous positions Kirill had been designing and implementing networking and security infrastructure for large service providers and enterprises.

Kirill holds B.Sc and M.Sc with honours in Computer Sciences from the Saint-Petersburg University of IT, Mechanics and Optics as well as a number of industry certifications including Cisco CCIE. His areas of interest are network design and network security at a large scale.

Raef Meeuwisse

ISACA Governance Expert and Author of ‘Cybersecurity for Beginners’

Raef Meeuwisse is an ISACA governance expert and Director of Cyber Simplicity Ltd. He has recently finished an ISACA paper on the Governance of Enterprise Information Technology for Healthcare and is also known for his independent books, including Cybersecurity for Beginners.

Oliver Madden

Chrome Enterprise Browser Specialist, Google

Oliver Madden serves as an Enterprise Browser Specialist at Google where he provides support to businesses. In this role, he helps businesses utilize Chrome as an Enterprise grade browser through management tools, building vision, app strategy and deployment. Oliver has been with Google for over 5 years and most recently served as the Chrome Operations Lead for UK and EMEA. He is a Certified Deployment Specialist, Google Administrator and Google Educator.

Marc Hammoud

Product Manager – Technology and Data, NHS Improvement

Marc has a B.S from the American University of Beirut and an M.Sc. from the University of Geneva. After a career between private and public sectors in Switzerland, he pursued professional development at the INSEAD in Paris, Harvard University, University of Cambridge, University of Oxford and more recently at the International House, London.

His professional experience in Project Management goes back to 1998 in Lausanne, Switzerland and extends to his current role at the National Health Service. Marc has been a PMP since 2012, with the credential valid till 2021. He is a Certified Project Director, Six Sigma Black Belt Professional, Projects in Controlled Environments (PRINCE2) Practitioner, Professional Scrum Master, Information Technology Infrastructure Library (ITIL) and Microsoft Certified IT Professional – Enterprise.

Marc has moved through various roles with ownership and responsibilities of all sorts of IT projects of significant budgets. He has led on Change Management, Risk Management, and various other important projects using PMI, Prince2 and Agile Scrum methodologies. In 2013, Marc joined the United Nations in Geneva and in 2015, he teamed up with Agilisys Digital then Smart Focus and the Cystic Fibrosis Trust in London before settling recently in the role of Product Manager – Development at NHS Improvement London. In this role, Marc provides cross-team leadership with a balanced mix of technical, leadership and project and product management skills.

For Marc, on every project, your best friend should be ‘the customer’, and your worst enemy ‘scope creep’.

Christian Toon

Chief Information Security Officer, Pinsent Masons LLP

Christian has spent the last 14 years successfully disrupting traditional approaches to information protection and management for large international organisations. He started life in vendor security, then moved into Big Four to build a practice and deliver ‘CISO for Hire’ services that involved engagements in the top end of financial and insurance services. Leaving PwC after nearly 3 years, he joined Pinsent Masons to lead their information protection strategy across a firm of over 3200 employees around the globe. He doesn’t like mushy peas.

Mike Murray

Vice President Security Intelligence, Lookout

Mike Murray is the VP of Security Intelligence at Lookout. For nearly two decades, Mike has focused on high-end security research, first as a researcher and penetration tester and then building and leading teams of highly skilled security professionals. He previously led Product Development Security at GE Healthcare, where he built a global team to secure the Healthcare Internet of Things. Prior to that, he co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including nCircle Network Security, Liberty Mutual Insurance and Neohapsis.

Kieren Lovell

Head of Computer Emergency Response, University of Cambridge

Kieren Lovell is the Head of Computer Emergency Response Team at the University of Cambridge. As well as leading one of the world’s leading universities in incident response, he is also an instructor of Information Security and Information Handling at the University.

Prior to this role, Kieren has spent the last fourteen years at the forefront of Information Security within the Navy; working on Submarines, Mine warfare and Patrol vessels for the Royal Navy (UK), and was a Communication and Information Security instructor for the Royal Norwegian Navy. During his tenure the Royal Norwegian Navy, he was awarded the rank of Kapteinloytant (LT CDR) and was the Chief Communications Officer (CISO) for NATO Standing NATO Maritime Group One (COMSNMG1) and was a Battlewatch captain during operations in the Gulf of Aden, to mitigate the Pirate Threat, for a nine month deployment.

Kieren has worked in fifty countries, with just over seven years on live operations.

Paul Lucas

Group Head IT Governance, Impellam Group Plc

After spending 12 years working in the Telecommunications industry in a variety of IT Service, Senior Operations and Project roles, Paul made the break and crossed over to Recruitment and Staffing, joining Impellam in May 2011. Starting as Service Delivery Manager Paul progressed through to his current role in 2014 where he heads up the implementation and ongoing maturity of IT Governance in a dynamic, sales focused environment.

Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

Randi Roisli

IT Technical Security Lead, Shell International

An information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.