NextSec – Cyber Security Leadership

Managing the Cyber Threat: Insights from Senior Leaders

I’m happy to announce that the registration for the NextSec June 2014 Conference is still open.

Location: Investec Bank plc, 2 Gresham Street, London, EC2V 7QP, United Kingdom
Date: 5th June, 2014

Agenda:

18:00 – The role of a CISO in a cloud, mobile and social world

Speaker: David Cripps, Investec CISO

David is the Information Security Officer for the Investec Group and is responsible for the Group’s information security programme; ensuring that the risks to their information assets are identified and appropriately managed. He has a strong technical and networking back- ground in the finance and telecommunications industry. David has also worked as an elec- tronics instructor in Sri Lanka.

David has been awarded a master’s degree in Internet and Telecommunications Law (LLM). He is a Certified Information Security Manager (CISM), Information Systems Auditor (CISA) and Information System Security Professional (CISSP). David has also been awarded an Ad- vanced Professional Certificate in Investigative Practices (APCIP).

18:25 – The rule of three: cyber resilience in a fast-changing world

The rule of three: cyber resilience in a fast-changing world

Three walls to structure controls and contingencies against cyber attack
Three principles to drive the design of practical and focused cyber defences
Three strategies to maintaining agile, adaptive and sustainable counter-measures to meet the cyber challenge

Speaker: Daniel Barriuso, BP CISO

Daniel Barriuso is the Chief Information Security Officer (CISO) at BP. He is responsible for cyber security across the Group, including strategy, governance, architecture, education, counter threat operations and incident response. Daniel is a frequent speaker and contribu- tor at security forums and events. Prior to joining BP, Daniel was CISO at Credit Suisse and coordinated a number of security initiatives across the financial services sector including the ‘Waking Shark’ response exercise. Daniel also dedicates his time as a Professor at the ‘Universidad Politecnica de Madrid’, where he lectures and researches in the areas of IT governance and information security investment.

18:50 – From Graduate to VP: My journey in the realm of Network Security

Speaker: Raghu Nandakumara , Citi Network Security Manager

Following completion of his MSc, Raghu joined Citi in 2004 as part of the UK Technology Graduate Programme and was placed in the EMEA Information Security Services team. Initially working in Operational Support he was part of a team that were responsible for the maintenance and stability of all perimeter security infrastructure in EMEA, including firewalls, proxies and remote access. He moved into the Network Security Engineering organisation in 2008 and was initially responsible for security service delivery on business projects (including handling large scale divestitures and acquisitions) as well as build out of security infrastructure in Citi’s new strategic data centre in the region. Having spent the last few years being the SME for a few Network Security products he now runs the Net- work Security Engineering Tools and Automation team.

19:10 – ISACA’s Cyber security Nexus (CSX) Program

Overview of ISACA including Cybersecurity Nexus (CSX), ISACA’s recently launched pro- gram that provides insights and resources for cybersecurity professionals.

Speaker: Allan Boardman, ISACA International Vice President

Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, is a risk officer at Morgan Stanley and International Vice President at ISACA. He began his career with Deloitte in Cape Town and has over 30 years experience in IT assurance, risk, security and consultan- cy roles at organizations including JPMorgan, Goldman Sachs, KPMG, PwC, Marks and Spencer, and the London Stock Exchange. He is a past president of ISACA London Chapter and has served on the BCS’ Information Risk Management and Audit Committee. He is a member of ISACA’s International Board of Directors, currently chairing its Credentialing and Career Management Board, and is a member of ISACA’s Strategic Advisory Coun- cil. He has served on ISACA’s Leadership Development Committee and chaired ISACA’s CISM Certification Committee. He was a volunteer at the Paralympics in London 2012 and Sochi 2014, and is a school governor where he chairs the Finance Committee.

Security in the Energy Sector

Another successful event organised by NextSec and hosted by KPMG.

Great speakers and fantastic networking opportunities for junior security professionals.

I feel very proud to be a NextSec committee member.

NextSec Information Security Conference 2014

Join us on our first 2014 conference focused on sharing knowledge of cyber security for the energy sector. We have a mixture of senior security leaders and NextSec members delivering a rich content to help you on your professional development

Attend this event, to meet and talk with technical experts, and network with like minded professionals from several industries

Information Security – Who is accountable?
Emma Leith BP IST CISO.
This session will discuss the role of Information Security teams in managing information security risks and who is truly accountable for the risks. It will cover some real-life example from BP in how they approached this whilst providing an insight into how they are starting to achieve their goal to ‘make security part of everyone’s job’.

The Importance & Limitations of Cross-Company Collaboration in the Infosec Industry
Adam Wood, National Grid and Michael Ramella, AstraZeneca.
This talk is aimed at covering what it means to truly collaborate within the Infosec industry. Expanding on lessons learned, guidance for successful collaboration will be presented, allowing the audience members to leave with next steps: The ability to understand and clarify their individual and their team levels of collaboration, and how to increase said levels if they so choose.

Securing Industrial Control Networks
Ian Henderson, BP Lead PCN Security Architect.
Ian will introduce Industrial Automation systems explaining how these critical systems have become a security issue. He will explain what can be done to secure these systems and highlight approaches that work. He will also explore the cultural and human aspects related to securing these systems and the perceived divide between the IT security and Engineering communities.

Securing data flows in the Energy sector with an API Gateway
Mark O’Neill, VP Innovation and Antoine Rizk, VP Vertical Markets, Axway.
The energy sector faces new challenges in governing all types of data flows with un-precedent volumes and security requirements. These data flows include; mobile device access for employees and field personnel, customer access for smart meter monitoring and bill payment, public access for locating charging stations and smart grid data exchanges. The speaker will illustrate technical security features and case studies of work with the energy sector.

The impact of major data losses on corporations and individuals
Yiannis Chrysanthou, Cyber Security Analyst.
The recent Adobe data breach exposed account information for 153 million users. This session will describe the means by which an attacker can leverage the Adobe leaked information to launch attacks against corporations and individuals.

Time & Date: 7th March, 2014 15:15 to 19:45
Location: KPMG – Canary Wharf, London

To sign up please complete the form.

Image courtesy of kongsky / FreeDigitalPhotos.net

NextSec: Junior Professionals Network

I’ve recently joined the NextSec committee to help deliver opportunities to young professionals, so that they can meet and support each other through the first years of their career. We aim to bridge the gap between employers and students, and offer insight to inspire the next generation to join our profession.

NextSec is a networking group for junior professionals working in Information Security and students aspiring to begin a career in this industry.

NextSec’s Aims and Objectives

Networking and Collaboration. We aim to enable networking, drive active participation and collaboration of junior professionals in cyber security coming from a vast range of industry sectors.

Education. Facilitate educational events, seminars and workshops delivered at parent organisations by industry experts and leaders, passionate in preparing today’s “next generation” to be tomorrow’s information security workforce.

Inspiration. Mentor students by providing them with networking opportunities, career advice, job fairs and real insight into the industry to enable them to make informed decisions about their career aspirations.

I’m going to help organise the next event in the first quarter of1 2014. The conference would be hosted by KPMG and be dedicated to information security trends in the oil and gas industry.

The dates and speakers would be confirmed in the near future.
Meanwhile, please feel free to check out the website and join the LinkedIn group.