ESRM

Enterprise Security & Risk Management

28 November 2017

Victoria Park Plaza

SOCIAL


LATEST BLOGS


So You’ve Been Hacked: Timely Reporting in the Age of Big Breaches

15th September 2017

By J Connolly Big hacks are back in the news this month with up to 143 million customer details exposed by the hack of credit […]


Must read for enterprises sending employees abroad: The SonicSpy malware family

14th August 2017

Lookout recently released information about a new spyware family called SonicSpy. Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to […]


LATEST TWEETS

SPEAKERS

speaker-image
Sarb Sembhi

Past President, ISACA London Chapter

Sarb Sembhi has been the Chair of the ISACA GRA Committee and a member of ISACA Relations Board. Sarb began his career in the public sector as a Project Manager, and has more than 30 years of project management and consultancy experience.

He has gained this experience providing services to companies including BBC, Travis Perkins, BP, Network Rail. Sarb is a regular speaker at Information Security Conferences around the world, including the CxO Dialogue, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IPSec, IFSEC, Security Directors Forum.

He is also member of the Defence and Security Committee at the London Chamber of Commerce & Industry, and a member of the Cyber Security Working Group at the London Chamber of Commerce and Industry, Infosecurity Magazine Editorial Board, The Institute of Engineering and Technology, The Institute of Risk Management, The Chartered Insurance Institute, and was individual member of the Parliamentary IT Committee.

speaker-image
William Binney

NSA Whistleblower

William Binney is a former high-level National Security Agency intelligence official who, after his 2001 retirement after 30 years, blew the whistle on NSA surveillance programs. His outspoken criticism of the NSA during the George W. Bush administration made him the subject of FBI investigations that included a raid on his home in 2007. Even before Edward Snowden’s NSA whistleblowing, Binney publicly revealed that NSA had access to telecommunications companies’ domestic and international billing records, and that since 9/11 the agency has intercepted some 15 to 20 trillion communications. The Snowden disclosures confirmed many of the surveillance dangers Binney — without the benefit of documents — had been warning about under the Bush and Obama administrations.

speaker-image
J. Kirk Wiebe

NSA Whistleblower

J. Kirk Wiebe is a retired National Security Agency whistleblower who worked at the agency for over 32 years. During his tenure there, he received the Director CIA’s Meritorious Unit Award and the NSA’s Meritorious Civilian Service Award – that Agency’s second highest distinction – for work against foreign strategic weapons systems. Wiebe’s colleague William Binney developed the ThinThread information processing system that, arguably, could have detected and prevented the 9/11 terrorist attacks. NSA officials though, ignored the program in favor of Trailblazer, a program that ended in total failure in 2005 with costs of billions of dollars. Wiebe, together with colleagues William Binney, Diane Roark (former HPSCI senior staffer), and Ed Loomis (former NSA computer systems analyst) blew the whistle on NSA mismanagement and waste of billions of dollars on Trailblazer in a complaint to the Department of Defense Inspector General (DoD IG), but to no avail. Post 9/11, the NSA used ThinThread to illegally spy on U.S. citizens’ communications. Unable to stay at NSA any longer in good conscience, Wiebe, along with colleagues Binney and Loomis retired in October 2001. Since retiring, Wiebe has made several key public disclosures regarding NSA’s massive surveillance program subverting the U.S. Constitution.

 

 

 

speaker-image
Mark Evans

Head of IT, Rider Levett Bucknall (UK)

Mark Evans has worked for the world’s largest independent construction consultancy as a partner and Head of IT for EMEA for the last twelve years, leading the practice into IaaS in 2008 and now into Hybrid Cloud. Prior to this, Mark worked as global infrastructure director for a top five shipping company. Developing ideas about business through the course of mid-career MBA studies, Mark now views IT as a very important facet of business but feels disappointed that there is still a considerable amount of old-fashioned thinking regarding IT as an end in and of itself. By continually challenging the status quo Mark seeks to build a dialogue and question the “holy cows” of the IT industry as a whole, for no other reason than to create a positive financial performance for his employer and a positive reflection on his team. In recent years, Mark has been building a robust information security infrastructure to protect corporate digital assets and has pursued data privacy, leading to membership of the International Association of Privacy Professionals along with achieving the Certified Information Privacy Professional/Europe qualification.  Mark also holds the ISACA Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA), along with the ISC2 Certified Information Systems Security Professional (CISSP) qualification.

speaker-image
Christian Toon

Chief Information Security Officer, Pinsent Masons LLP

Christian has spent the last 14 years successfully disrupting traditional approaches to information protection and management for large international organisations. He started life in vendor security, then moved into Big Four to build a practice and deliver ‘CISO for Hire’ services that involved engagements in the top end of financial and insurance services. Leaving PwC after nearly 3 years, he joined Pinsent Masons to lead their information protection strategy across a firm of over 3200 employees around the globe. He doesn’t like mushy peas.

 

speaker-image
Marc Hammoud

Product Manager – Technology and Data, NHS Improvement

Marc has a B.S from the American University of Beirut and an M.Sc. from the University of Geneva. After a career between private and public sectors in Switzerland, he pursued professional development at the INSEAD in Paris, Harvard University, University of Cambridge, University of Oxford and more recently at the International House, London.

speaker-image
Raef Meeuwisse

ISACA Governance Expert and Author of ‘Cybersecurity for Beginners’

Raef Meeuwisse is an ISACA governance expert and Director of Cyber Simplicity Ltd. He has recently finished an ISACA paper on the Governance of Enterprise Information Technology for Healthcare and is also known for his independent books, including Cybersecurity for Beginners.

speaker-image
Kieren Lovell

Head of Computer Emergency Response, University of Cambridge

Kieren Lovell is the Head of Computer Emergency Response Team at the University of Cambridge. As well as leading one of the world’s leading universities in incident response, he is also an instructor of Information Security and Information Handling at the University.

Prior to this role, Kieren has spent the last fourteen years at the forefront of Information Security within the Navy; working on Submarines, Mine warfare and Patrol vessels for the Royal Navy (UK), and was a Communication and Information Security instructor for the Royal Norwegian Navy. During his tenure the Royal Norwegian Navy, he was awarded the rank of Kapteinloytant (LT CDR) and was the Chief Communications Officer (CISO) for NATO Standing NATO Maritime Group One (COMSNMG1) and was a Battlewatch captain during operations in the Gulf of Aden, to mitigate the Pirate Threat, for a nine month deployment.

Kieren has worked in fifty countries, with just over seven years on live operations.

speaker-image
Dave Palmer

Director of Technology, Darktrace

Dave Palmer is a cyber security technical expert with over ten years’ experience at the forefront of government intelligence operations. He has worked across UK intelligence agencies GCHQ and MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. At Darktrace, Dave oversees the mathematics and engineering teams and product strategy. He holds a first class degree in Computer Science and Software Engineering from the University of Birmingham.

Previous Speakers

speaker-image
Chris Rivinus

Head of IT Finance, Tullow Oil

Chris has over 20 years of experience in Information Technology, Innovation Management and Project Management working across the civil engineering and energy sectors. He holds degrees in Cultural Anthropology, Business Administration and International Business Transactions as well as certifications in Industrial Control System Security Management. His articles on information management and business strategy have been published in research forums, textbooks and mainstream business publications including CIO Magazine, Business Information Review and Knowledge Management Review.

speaker-image
Sam Lee

Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation

Sam Lee is Head of Operational Risk, EMEA for SMBC. He has previously been head of operational risk at RBS, Barclays Wealth and Credit Suisse Private Banking and has ridden a number of the industry’s challenges. Sam started his career training as a chartered accountant and left the profession immediately after qualifying and entered the world of investment banking as an internal auditor before moving to operational risk and initially setting up the operational risk framework and department for CSPB – He has stayed with Operational Risk ever since and has been focused on the embedding and transformational aspects of Operational Risk.

speaker-image
Andy Boura

Senior Information Security Architect, Thomson Reuters

Andy Boura has a passion for technology, science, and business. He brings technical depth of knowledge together with broad development process, business, and management experience. This allows him to take a holistic strategic view of technology, information security, and risk management. He advises on enterprise and technical security architecture of internally developed and third-party applications; and contributes to technical strategy, policies, and standards.

Thomson Reuters has over 50,000 employees in over 100 countries and is trusted by many of the biggest organisations in the world to provide business critical services and deliver accurate and timely information to professionals. As such, information security is critical in almost everything Thomson Reuters does.

speaker-image
Randi Roisli

IT Technical Security Lead, Shell International

An information risk management professional with 20 years’ of experience from the oil and gas industry, Randi was born in The Netherlands, gained engineering degrees in the UK and USA before embarking on an IT security career. Over the years, her roles and responsibilities have spanned technical security to governance and assurance, and she is currently working in the Joint Venture IT area.

speaker-image
David Wood

Information Security Manager, Kennedys

David Wood has over 14 years’ experience in information security, from access control with Halifax Card Services, to non-compliance management with Lloyds Banking Group. He has worked for Kennedys for over 3 years, overseeing the ISO 27001 certification programme, and general Information Security management.

speaker-image
David Robinson MBE

Head of Global IT Security, Herbert Smith Freehills LLP

David Robinson MBE is the Head of Global IT Security for Herbert Smith Freehills, one of the world’s leading law firms, who advise many of the biggest and most ambitious organisations across all major regions of the globe. David leads the delivery and strategy for IT security services across the firm in a flexible and responsive approach to the business. He has a wealth of experience gained from 22 years as a communications and electronics engineer with the RAF where he worked in numerous sectors including aircraft simulation, Radar, data handling & processing networks, training, procurement and information security; his military career was followed by a little over 13 years in senior security roles in the private sector with both C&W and Fujitsu where latterly he held various posts including company CSO.

speaker-image
Jonathan Gill

Chief Information Officer, Watchfinder & Co.

Jonathan Gill has spent the last twenty years working in the IT sector, specialising in complex IT systems for the education, health, engineering, accountancy and retail industries. His experience with web front-end systems dates back to 1999, but his core focus is on developing bespoke information management systems. His most recent work has been for Watchfinder & Co., a Sunday Times Virgin Fast Track Hot 100 ‘Ones to Watch’ company, building the company’s entire IT infrastructure to support rapid growth and maintain a stock roster of well over 4,000 high-value luxury items across multiple locations whilst catering to 1 million website visitors each month.

speaker-image
Algy Booker

Group Head of Information Security, RSA Insurance Group

Algy has worked for RSA for over 30 years in a variety of technology-oriented roles. He has been working in Information Security for over 10 years, developing capability from an initial basic IT Security focus into a wider Information Security framework aligned with Enterprise Risk Management practises.