Category Archives: Conference

Presenting at SANS European Security Awareness Summit

It’s been a pleasure delivering a talk on the psychology of information security culture at the SANS European Security Awareness Summit 2016. It was the first time for me to attend and present at this event, I certainly hope it’s not going to be the last.

The summit has a great community feel to it and Lance Spitzner did a great job organising and bringing people together. It was an opportunity for me not only to share my knowledge, but also to learn from others during a number of interactive sessions and workshops. The participants were keen to share tips and tricks to improve security awareness in their companies, as well as sharing war stories of what worked and what didn’t.

It was humbling to find out that my book was quite popular in this community and I even managed to sign a couple of copies.

All speakers’ presentation slides (including from past and future events) can be accessed here.

Presenting at the IT & Security Forum

ITSF

I was invited to speak at the IT & Security Forum in Kazan, Russia. The conference spanned over three days and combined technical and non-technical talks, round table discussions and vendor presentations.

I spoke about the friction between security and productivity in the Oil & Gas sector. The participants shared their issues, after which we discussed potential solutions.

It was great to see that security managers in the audience recognised the potential negative impact to the business of poorly implemented security policies and controls and that they are willing to tackle such challenges.

Security in an Agile World – NextSec event

Santander have kindly agreed to host our next workshop event in their London offices on the 14th October. View the event flyer here.

Hear from leaders in Digital Innovation and Information Security on:
– The balance of Security and Innovation: The Cyber Threat and Opportunity
– Phishing and Social Media
– The Importance of Communication in Security

Speakers
– Edward Metzger, Head of Innovation, Santander
– Matt Bottomley, Senior Manager, Cyber Risk, Lloyds Banking Group
– Christine Maxwell, Head of Digital Security, Governance and Operational Excellence, BP

Networking and Careers Session
– Opportunity to network with junior professionals, students in Information Security and Technology
– Post event drinks and canapés reception
– Information Security careers stands from Santander, EY and KPMG will be at the event

Date: Wednesday 14th October 2015

Register now

SC Awards, BSides London and Infosecurity Europe

It was a busy week for security professionals in London; InfoSecurity Europe, BSides London and SC Magazine Awards were happening almost simultaneously.

IMG_4721

We were provided with a booth at the InfoSecurity Europe conference & exhibition to host another NextSec event entitled “Finance and Cyber Security: How Banks Are Evolving To Combat The External Cyber Landscape”. Two global financial institutions discussed how they are reacting to the cyber threats that affect them, and how they are looking to combat that threat.

Attendees had an opportunity to gain insight into how financial institutions are dealing with cyber threats on both strategic and operational levels as well as to understand challenges and approaches to managing information security risk in large financial organisations

cyber-academy-service-478x185

I was also invited to attend the SC Magazine Awards as part of KPMG’s Cyber Academy team. I helped to develop KPMGs IT Security Concepts course and also delivered it internally. It was a great honour to know that the course’s quality was recognised beyond the firm.

BSides2015

Finally, BSides London 2015 was great as always. KPMG were running a lockpicking competition, where I managed to make it to the Top 30. It was also nice to catch up with Thom, Javvad, Lawrence, Iggi and other great professionals in the field.

The Changing Face of Cyber Security – NextSec event

NextSec_EY

I was very happy to open our NextSec event in collaboration with EY. We had some great presentations followed by a well-facilitated discussion panel which offered a wonderful knowledge sharing session for everyone who attended.

The main themes of the evening were the changing threat landscape and widening the skills gap. The participants learned about the future of malware from Sian John, a security futurologist from Symantec, and how to address it by developing a security strategy with the help of Robert Coles, GSK. Elena Cinquegrana shared her perspective on being a consultant while Freddie Hult from CyberResilience Ltd. discussed the role of a CISO. Lucy Chaplin from KPMG concluded with a talk on privacy issues in the modern world.
speakers
I would like to say a special thanks to Chinwe and Annabel from EY for their contribution.

Presenting at the ISACA London Chapter event

Goal

I shared some research findings with the ISACA London Chapter members at the November event. We discussed resolving conflicts between security compliance and human behaviour. The talk was followed by a panel discussion with other presenters, where I answered questions regarding human aspects of information security.

During the networking session after the presentation I’ve had many other interesting conversations with the participants. People were sharing their stories and experiences implementing and auditing security controls.

The video of the talk is available on the ISACA London Chapter website.

Back to School

IMG_4243

This week I was really happy to be back at the University College London where I got a degree in Information Security from. I was invited to the Technology & Entrepreneurial Start Ups Insight session organised by the Management Science & Innovation Department. I met many bright students interested in technology, including current MSc Information Security students. It was very interesting to find out how the curriculum changed to address modern industry trends and needs.

UCL

The day after I was proud to represent KPMG at the UCL IT and Technology Careers Fair. It comes as no surprise that there were many students interested in starting a career in the information security field. I was happy to help out with some suggestions, especially remembering that I attended the very same event some years ago.

NextSec Conference: The Changing Face of Cyber Security

NextSec

I am delighted to invite you to the NextSec Cyber Security Conference ‘The Changing Face of Cyber Security’ on 11 December 2014 at EY, 1 More London Place, SE1 2AF, London.

The conference will provide an opportunity for you to hear senior cyber security leaders, from a range of industries, share their cyber security experiences and insights through presentations following three main themes:
1) the changing cyber threat landscape,
2) the diverse techniques that have been adopted in response to the threat, and
3) the range of cyber security roles across different sectors.

The second half of the conference will address the changing dynamics required for leadership in cyber security including gender diversity and inclusiveness.

An open Q&A panel discussion will close the conference sessions.

Event Details:

  •  Date:           11 December 2014
  • Time:            5.00pm – 8.30pm followed by networking and drinks
  • Location:     Mulberry Restaurant, EY, More London Place

 Chairs

  • Cheryl Martin, Partner, EY
  • Leron Zinatullin, NextSec Committee Member and Information Security Advisor, KPMG

Confirmed speakers and panellists:

  • Cheryl Martin, Partner, EY
  • Sian John, Security Futurologist, Symantec
  • Robert Coles, Chief Information Security Officer, GlaxoSmithKline
  • Elena Cinquegrana, Associate Director, Navigant
  • Lucy Chaplin, Assistant Manager, KPMG
  • Freddie Hult, Senior Cyber Resilience Adviser, Cyber Resilience Ltd

Please visit the website to register for free.

NextSec is a networking group of young professionals working in cyber security and information risk management in the UK. The group exists since January 2012 and currently has over 290 members. These 290 members work for over 59 organisations in the UK. We have a diverse representation of young professionals working in financial services, oil and gas industry, industrial goods and retail, marketing, telecommunications, software, technology, professional services, and public sector. For more information about NextSec, please visit our website and LinkedIn group.

Cyber Security EXPO

Expo

During the 8th and 9th of October 2014, I attended the Cyber Security EXPO in London. It was co-located with IP EXPO Europe and presented the participants with an opportunity to partake in knowledge sharing discussions, various talks, trade stands and many more.

expo1

(ISC)² London chapter were running their regular community meeting. Everyone could also participate in the RANT event

The selection of presentations was great, ranging from fairly technical to business-oriented.

expo2

Bruce Schneier also took part in the event delivering a talk on incident response. It was an interesting discussion on economics and psychology of information security in the context of modern trends.

bruce1

Finally, it was a great opportunity to finally catch up with my friends, including Javvad Malik, Jitender Arora, Mo Amin and many others.

Managing the Cyber Threat: Insights from Senior Leaders

I’m happy to announce that the registration for the NextSec June 2014 Conference is still open.

Location: Investec Bank plc, 2 Gresham Street, London, EC2V 7QP, United Kingdom
Date: 5th June, 2014

Agenda:

18:00 – The role of a CISO in a cloud, mobile and social world

Speaker: David Cripps, Investec CISO

David is the Information Security Officer for the Investec Group and is responsible for the Group’s information security programme; ensuring that the risks to their information assets are identified and appropriately managed. He has a strong technical and networking back- ground in the finance and telecommunications industry. David has also worked as an elec- tronics instructor in Sri Lanka.

David has been awarded a master’s degree in Internet and Telecommunications Law (LLM). He is a Certified Information Security Manager (CISM), Information Systems Auditor (CISA) and Information System Security Professional (CISSP). David has also been awarded an Ad- vanced Professional Certificate in Investigative Practices (APCIP).

18:25 – The rule of three: cyber resilience in a fast-changing world

The rule of three: cyber resilience in a fast-changing world

  • Three walls to structure controls and contingencies against cyber attack
  • Three principles to drive the design of practical and focused cyber defences
  • Three strategies to maintaining agile, adaptive and sustainable counter-measures to meet the cyber challenge

Speaker: Daniel Barriuso, BP CISO

Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cyber security across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contribu- tor at security forums and events. Prior to joining BP, Daniel was CISO at Credit Suisse and coordinated a number of security initiatives across the financial services sector including the ‘Waking Shark’ response exercise. Daniel also dedicates his time as a Professor at the ‘Universidad Politecnica de Madrid’, where he lectures and researches in the areas of IT governance and information security investment.

18:50 – From Graduate to VP: My journey in the realm of Network Security

Speaker: Raghu Nandakumara , Citi Network Security Manager

Following completion of his MSc, Raghu joined Citi in 2004 as part of the UK Technology Graduate Programme and was placed in the EMEA Information Security Services team. Initially working in Operational Support he was part of a team that were responsible for the maintenance and stability of all perimeter security infrastructure in EMEA, including firewalls, proxies and remote access. He moved into the Network Security Engineering organisation in 2008 and was initially responsible for security service delivery on business projects (including handling large scale divestitures and acquisitions) as well as build out of security infrastructure in Citi’s new strategic data centre in the region. Having spent the last few years being the SME for a few Network Security products he now runs the Net- work Security Engineering Tools and Automation team.

19:10 – ISACA’s Cyber security Nexus (CSX) Program

Overview of ISACA including Cybersecurity Nexus (CSX), ISACA’s recently launched pro- gram that provides insights and resources for cybersecurity professionals.

Speaker: Allan Boardman, ISACA International Vice President

Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, is a risk officer at Morgan Stanley and International Vice President at ISACA. He began his career with Deloitte in Cape Town and has over 30 years experience in IT assurance, risk, security and consultan- cy roles at organizations including JPMorgan, Goldman Sachs, KPMG, PwC, Marks and Spencer, and the London Stock Exchange. He is a past president of ISACA London Chapter and has served on the BCS’ Information Risk Management and Audit Committee. He is a member of ISACA’s International Board of Directors, currently chairing its Credentialing and Career Management Board, and is a member of ISACA’s Strategic Advisory Coun- cil. He has served on ISACA’s Leadership Development Committee and chaired ISACA’s CISM Certification Committee. He was a volunteer at the Paralympics in London 2012 and Sochi 2014, and is a school governor where he chairs the Finance Committee.