2nd CISO 360 Congress, 20-22 June, 2018 Lisbon

Keynotes by:

Steve Wilson
Head of European Cybercrime Centre (EC3)

Steven originates from Ayrshire, Scotland. He was a Police Officer in Scotland from 1985-2015.
During this time, he served with Strathclyde Police, Scottish Crime and Drug Enforcement Agency, Her Majesty’s Inspectorate of Constabulary and, since 2013, with the reorganisation of policing in Scotland into a national force, Police Scotland. Steven performed a variety of senior Detective roles and was responsible for the national units in Scotland delivering: witness protection, covert technical policing, fugitives, undercover policing, assisting offender programme and all forms of cybercrime and cyber enabled crime including online child protection. Steven was the Scottish representative on UK cyber governmental and policing groups and led on industry and academic partnership groups on cyber resilience in Scotland. Steven has also worked in covert policing, major investigations, sex offender management, Counter Terrorism investigations and represented the UK on International policing matters. Steven commenced as Head of EC3 on 18 January 2016.

Mikko Hypponen
Chief Research Officer

Mikko Hypponen is a worldwide authority on computer security and the Chief Research Officer of F-Secure. He has written on his research for the New York Times, Wired and Scientific American and lectured at the universities of Oxford, Stanford and Cambridge. He sits in the advisory boards of EUROPOL and the Monetary Authority of Singapore.



Chris Mohan
General Manager, Threat Research and Intelligence Security Operations

Chris Mohan has worked for fortune 50 companies security teams, bringing insight and actionable measures to those firms’ security posture and responsibilities. Chris’ career has had him in grow from a world of front line IT operations through to advising and guiding those in boardrooms. His drive is to instil relevant, intelligent and practical security controls and practices that securely enable the business in an unpredictable online world. Chris became one of the few to achieve the prestigious GIAC Security Expert (GSE) certification and holds a number of other security and vendor qualifications.

Martin Borrett
Distinguished Engineer, CTO, IBM Security Europe

Martin Borrett is an IBM Distinguished Engineer and CTO IBM Security Europe. He advises at the most senior level in clients on policy, business, technical and architectural issues associated with security. Martin leads IBM’s Security Blueprint work and is co-author of the IBM Redbooks “Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security” and “Understanding SOA Security”. He is Chairman of the European IBM Security Board of Advisors, represents IBM at GFCE and ECSO, is a Fellow of the British Computer Society, a Chartered Engineer (CEng) and member of the IET. Martin has a passion for sailing and has represented Great Britain; he is also a keen tennis player.

Jonathan Luff

Epsilon Advisory Partner & CyLon

Jonathan Luff is the co-Founder of CyLon, the world’s leading cyber security accelerator and seed investment programme, supporting more than 50 startups and creating more than £175m of value since 2015.  He is also the co-Founder of Epsilon Advisory Partners, where he works with some of the world’s fastest growing technology companies, including Nest, Dataminr, and Rubikloud.

Before founding CyLon and Epsilon, Jonathan was a senior British Diplomat, serving in a variety of roles including as an advisor to Prime Minister David Cameron.

International speaker panel

Adam has 25 years international experience in managing IT and Information Security mainly in Oil & Gas, Pharmaceutical, Consumer Goods, Telecommunication and Financial Services industries. Founding member of ClubCISO, Consumer Goods Security Forum in the UK and Information Security Forum in Malaysia – peer groups of CISOs and Heads of Information Security formed to exchange good practices and experience within specific focus groups. Adam has significant experience consulting and advising boards of directors of FTSE100/Fortune500 companies on Information Security, Privacy, Risk Management and Resilience. The current role is Chief Information Security Officer at Opel Vauxhall Finance.

VP of EMEA , 20 of year’s experience in the Cybersecurity field, representing leading and disruptive security vendors to assist global organisations in securing digital assets and defending cyber-attacks.  Well versed in Endpoint, Network and Internet Defences.

Ali specialises in security transformation of businesses as an executive security consultant and security strategy advisor, delivering global security at strategic, tactical and operational level with security compliance, risk, and audit, across multiple frameworks. He has over 20 years’ experience in IT and Information Security within multiple sectors focusing on bridging the gap between business and security. Alongside heading global security Ali has been appointed as GRC and Group Data Protection Officer for many organisations. Ali is currently Group Chief Information Security Officer and Group Data Protection Officer at MS Amlin. Member of FCA Insurance Sector Cyber Coordination Group (ISCCG), Lloyds Cross Market Cyber Risk Forum and an Advisory Board member for InfoSecurity Europe.

Andy has over twenty five years’ experience in the technology sector, previous to this he spent over 8 years in the UK military. He most recently has spent the past five years building Fox-IT’s from the Netherlands Web & Mobile Analytics business called DetACT, which provides real-time visibility of all Mobile & Webs events. Andy was also responsible for the creation and lead the threat intelligence proposition called InTELL, the same worked on some of the biggest Global Law enforcement investigations including Target, Swift & the hunt for Slavik and his business club. He also played an integral role in M&A process which culminated in a commercial sale to NCC in Dec 2015.

Ben is the SailPoint EMEA Security IQ Sales Director, where he is responsible for leading SailPoint’s Identity & Access Governance for Files and Data platform across the EMEA region working with the local sales teams, partners and customers.  He works across the organisations lines of business in the evolution of the product and go to market strategy and speaks on the topic of Identity Governance for Files and Data for SailPoint in the EMEA region.  With over 25 years’ experience in software sales leadership positions; Ben’s knowledge of Software Identity Market is extensive.


Ben has travelled extensively throughout Europe, Middle East & America both through his work responsibilities and with his family.  He has spoken at numerous events on matters such as security, identity management, software compliance, system mapping and Global Account Management.

Ben serves as an Account Director of Cyber Security division at Nominet.  In this role, he leads the efforts of helping enterprise customers manage their cyber risk and compliance requirements. Prior to joining Nominet, Ben held sales positions at Cognosec, NTT Europe and others, where he was responsible for taking cyber risk solutions to market. Ben holds a BA degree from the Bournemouth University.

As the CISO at Channel 4 Television, Brian reports into the Chief Technology Officer and has responsibility for the Cyber Security of the company’s staff, systems and data. During the 6 years that he has worked at Channel 4, Brian has worked to deliver a robust and comprehensive security capability, incorporating not only the technical aspects of his role but also the ongoing governance and assurance necessary to protect the estate. Prior to Joining Channel 4, Brian spent 13 years at the BBC in roles that covered cyber security oversight of areas including Worldwide, Journalism, Monitoring and Radio, rising up to Interim Head of Information Security. In 2017 Brian was nominated as a top 100 global CISO ‘s and was awarded the Unsung Hero award for Media and Entertainment.

Brian has been at Ericsson since 2005, working across several different areas including software development, product management and information security. He has been the CISO since 2015, and he is primarily focussed on Information Security Risk Management in Telecommunications & cyber security strategy

Carole has worked in the world of Information Security since the turn of the century, first in Royal Mail as the Compliance, Communications and Awareness manager for the whole Group, having spent the 20 years ‘learning the business inside out’. She then spent 6 years at Prudential Group Head Office working on group-wide Information Security compliance. Since leaving the Pru in 2014, Carole has worked at BMJ Publishing Group as their Information Governance and Data Protection Lead. As you can imagine much of her time and effort has been taken up in getting a small
Publishing house with an international reputation ready for GDPR.”

Chris joined Bridewell Consulting in early 2018 as the Director and Practice Lead of Governance, Risk and Compliance, he is responsible for supporting clients with successfully gaining security certifications, such as ISO27001, creating unifying security architectures, and advising on value adding cyber security governance, risk and compliance measures. Before joining Bridewell Consulting, Chris worked in PWC’s Cyber Security Practice focused mainly on public sector and critical national infrastructure providers. Prior to this he worked in KPMG’s Information and Business Protection practice working with multinational telecommunication firms and several major UK government departments. Before working in consulting, Chris served as a Commissioned Officer within the Communications Engineering branch of the Royal Air Force serving in numerous roles within the UK and Afghanistan.

Colette has a proven track record of interpreting security and privacy regulatory and industry requirements for the corporate environment. She has held leadership roles in Microsoft, global banking and the gaming industry focussing on designing, implementing and maintaining security and privacy programmes. She has led international Tier 1 organisations to successful PCI DSS certification and managed global ISO/IEC 27001:2005 certification programmes. As Global Head of Privacy for Nokia Group, she is responsible for overhauling privacy across the business and ensuring it becomes embedded in Nokia’s diverse range of activities, operations, products and services. Her motivation and objective is comprehensive reduction of privacy risk for the business and for the individual, as well as confidence that data-driven innovation is ethical.  Colette gained a Distinction, MSc. Information Security at Royal Holloway, University of London. She is CISSP, CISM, CIPP, CIPM and holder of BCS Certificate in IT Law.

In 1999, designed in and created the first Portuguese data recovery lab. Since then, I’ve been working as Technical Manager of the lab. In 2007, designed a new company department related to computer forensics services and I’ve been working as Technical Manager with it too.
Besides that, I’m leading the R&D projects inside the company. Specialties: Data Recovery; Information Security; Incident Response; Computer Forensics and Log analysis; Cyber Fraud Investigation; Malware and Vulnerability Analysis; ISO27001 Consulting and Auditing; Penetration Testing.

David Higgins is the Director of Strategic Accounts, EMEA at CyberArk. With over 10 years’ experience in Privileged Account Security, David is one of the leading experts in understanding the requirements and drivers for managing privileged access security within an organisation, both private and public. David has led some of the largest design and implementation programs of privileged account security with companies across all sectors, many of which are in the Fortune 100. Leveraging this experience, David now works with clients on best practices around privileged management and driving innovative approaches when looking to reduce the risk associated with privileged escalation and exploitation, even more so as organizations embrace cloud platforms and automated processes.

Derek is an experienced information security leader with over 19 years of professional experience in information and cyber security, IT, risk management, privacy and data compliance. Derek has recently joined TalkTalk as their Chief Security Officer, where he is building and leading the cyber security strategy and team to protect TalkTalk’s critical infrastructure, assets, and customer data. Previously, he was the Global Head of Security and Risk Management (CISO) at Electronic Arts (EA) where he led a large, global team to protect EA’s intellectual property and sensitive data. Prior to EA, Derek spent over 6 years at Deloitte & Touche where he managed and performed a multitude of information security and risk management engagements for several global Fortune 500 companies across various industries including financial services, technology, consumer business, manufacturing, and public sector. His primary areas of expertise include developing and leading tactical and strategic security strategies, building and maturing security teams, and ensuring executive governance around security to manage risks appropriately. Derek has also published information security articles and white papers and has been a presenter/panellist at CISO conferences. Derek holds a Bachelor Degree in Computer Science from the California Polytechnic State University, San Luis Obispo CA.

Dinis Cruz is the CISO of the PhotoBox Group and highly involved with OWASP (project leader for OWASP O2 Platform, OWAPS Maturity Models tool and key organiser of the OWASP Summits in 2009, 2011 and 2017).

Daniel Brunner, Head of Security and Architecture, RUAG AG Switzerland is a Senior Information Security expert & Project Manager with an MBA and 15 years of experience. Recognized ability to manage Complex IT Environments inside multiple business organizations. Specific expertise in Project Management, Risk Management within the IT Domain. ISMS (Information Security Management System) installed and developed during several years. Proven ability to design security solutions with in-depth operational supervision of incidents and emergency disaster recovery. IT Governance and audit conformity experience coupled with investigation coordination with legal departments and Human Resources to produce proof or policies to defend and protect the company from threat – yet still enabling business to continue in a secure manner. He was previously CISO of Leumi Private Bank and has held senior positions at UBS. He is the VP at DEFCON Switzerland.



Dr. Eduardo Solana is Senior Lecturer of Cryptography and Security in the University of Geneva and in the University of Applied Sciences also in Geneva, Switzerland. Amongst others, he has worked for IBM and PricewaterhouseCoopers where he was Global Subject Matter Expert for authentication solutions. He has more than twenty years of experience in the fields of cryptography and information security both in the private sector and the academia.

Edward Ayman Ganom is a senior cybersecurity expert with over 15 years of international experience in information security architecture and technology risk management. He currently holds the position of CISO at The Commercial Bank in Qatar. Previously, Edward held several key technology and risk management positions in the financial and public sectors in the USA and the Middle East. He participated in drafting national cyber security policies and strategies and cybercrime legislation. Edward holds two bachelor degrees, one in Electronics Engineering and one in Political Science from two American universities. He is a Certified Information Systems Security Professional (CISSP) and is a recognized speaker at technology, security and risk conferences.

Prior to joining BitSight, Ewen was part of the founding team in OpenPages EMEA, the market leading Governance, Risk and Compliance solution, that was acquired by IBM in 2012.He headed up financial services, where he helped expand the business, most notably in Europe, Africa and Asia

Francisco has over 15 years’ experience in the telecommunication industry implementing and managing email platforms for corporate and ISP environments. He previously founded Crashless, and worked at Vodafone Portugal. He is also Vice President of the National Association of Young Business People and has taught at Moderna and Nova Universities.

George Eapen is Chief Information Security Officer (CISO) for GE in Middle East, North Africa & Turkey In his role, George is responsible for defining Cyber Security strategy for Enterprise IT & OT for the region and provide strategic leadership to IT Security related projects & initiatives for all GE businesses in the region. George is also responsible for protecting GE critical assets in a growing region which spans 18 countries and 7000 work force George joined GE in 2006 with GE Healthcare in India and has since held roles of increasing responsibilities and progressed to his most recent role as Chief Information Security Officer for MENAT. During his tenure with GE, George worked in multiple domains (Product Life cycle management, ERP, Infrasrture, Supply Chain & Commercial IT) and multiple businesses (GE Healthcare, GE Appliances, GE Capital, GE O&G, GE Aviation and GE Corporate) George is a graduate of GE IT leadership program (ITLP), GE Six Sigma Black Belt program and graduate of GE Executive leadership program (CAS)

Gadi is the Founder and CEO of Cymmetria, a cyber security startup that is pioneering the space of cyber deception. He is also Founder and Chairman of the Board of the Israeli CERT, Founding Chairman of the Cyber Threat Intelligence Alliance (CTIA), and Founder of the Israeli Government CERT. Gadi is widely recognized for his work in Internet security operation and global incident response, and is considered the first botnet expert. Prior to founding Cymmetria, Gadi was VP of Cybersecurity Strategy for Kaspersky Lab, led PwC’s Cyber Security Center of Excellence (located in Israel), and was CISO of the Israeli government’s Internet operations. He has authored two books on the topic of information security, organizes global professional working groups, chairs worldwide conferences, and is a frequent lecturer.

The first 16 years of Graham’s career were spent in the Diplomatic Service engaged in technical security for the Foreign and Commonwealth Office.  He then moved to the financial services sector where he has held senior security posts with Abbey National, Standard Chartered, Barclays, RBS, HBOS and ING.  Through these roles he has developed a holistic approach to risk management and security, holding responsibility for information risk, IT security, physical security, fraud, money laundering, business continuity planning, compliance, crisis management and intelligence.  He has also worked outside of the banking industry as the Group Head of Information Risk for Centrica. He currently holds the position of Director of Data Security at Nationwide Building Society. Graham has a master’s degree in Information Security from Royal Holloway.

Holly Foxcroft NeuroDiversity consultant and Cyber Security Lead at Highbury College. Holly started her career in electronic and  communications warfare. Stepping aside from a technical discipline Holly is a NeuroDiversity Consultant and leads Cyber Security apprenticeships and course development for Highbury College. Holly has worked as a consultant in the cyber security industry alongside employers to engage, recruit and retain a cyber security workforce.

Joe Dauncey has been working in security for over 20 years, across energy, telecoms, maritime and aviation sectors. Joe led an (award winning) programme of transformational security change in the energy sector, chaired the Energy Networks Association Cyber Security Group, represented security stakeholders on the UK smart metering programme, and is currently embedding Security Engineering capabilities and competencies in the satellite communications sector. Joe has supported a number of academic and research programmes in the field of critical infrastructure and security, but has not yet established a sustainable control for his childrens Internet usage.

James Kwaan has worked for a number of blue chip companies in Simulation, Energy and Financial Services. He is a former director of Information Security (CISO) and Global data protection officer. In his spare time he is President of (ISC)2 Scotland and Vice President of ISACA Scotland. He is a recognised expert in

Information Security and in 2017 was awarded three prizes for his contribution: Malcolm Turner Memorial Prize for outstanding contribution to Risk Management and Information Security, Wayne K. Snipes prize for best European Chapter and Cyber Evangelist of the year at the Scottish Cyber Awards. James is currently working for Lloyds Banking Group.

James da Lança is a Senior Cyber Security Manager at Darktrace. He currently works with a broad range of clients in EMEA. He leads Darktrace’s efforts in Portugal and is responsible for the company’s expansion in the country’s market. Prior to Darktrace, James worked with a number of different start-ups, with a focus on early stage development, before moving into the artificial intelligence industry of cyber defense. He now supports organisations across all verticals in the implementation of Darktrace’s end-to-end detection and response platform, thus managing their enterprise security risks.

Working within the John Lewis Data Privacy and Information Security Office, James is responsible for PCI compliance and Information Security, both of these areas enable the John Lewis Partnership to protect the data of our Customers and Partners. Working closely with the Data Privacy Office allows a holistic view of compliance to data protection laws, information security frameworks and regulations allowing delivery of the transformation programmes that provide trust and transparency – resulting in greater brand experiences across our digital, mobile and e-commerce channels.

Technology Services Head of Cyber Security. Developing & delivering live security services for DWP Digital; incubating future technologies that meet Digital 2020 user stories whilst ensuring great outcomes for the customer.

Jamie currently heads up IBM Resilient’s business development efforts in the UK. Jamie has over 13 years experience in information security, and has spent the last 3 years working with some of the largest organisations in Europe helping them build out and transform their cyber response capability.

Kieran is the Red Team manager at Marks and Spencer. He has a background in ethical hacking and penetration testing working as a consultant across a wide range of organisations including banking, financial services, government, defence, retail, pharmaceutical and NGO’s.

Having worked in Security for over 10 years Kieran has a wealth of experience in breaking into computer systems and organisations, he now uses that knowledge to develop, prioritise and execute red team scenarios at Marks and Spencer

Lady Olga Maitland, Founder, Defense and Security Forum and Chairman, Copenhagen Compliance – has wide experience in all major Governance, risk Management and Compliance issues in general and global Fraud and Corruption problems in particular. She is a special adviser to a number of dignitaries and a widely sought after speaker at all Major Conferences on several Corporate Governance issues. Lady Olga is a former British MP for the Conservative party. Prior to her political career she was a reporter for the Fleet Street News Agency, a columnist in the London.-

Matthias Muhlert is a dedicated and highly qualified IT Security Professional with a consistent track record of success spanning over 19 years of diversified experience developing and implementing IT security processes as well as leading IT security governance programs.
Main areas of expertise are in the development and implementation of solid IT infrastructure and network security systems, polices, governance and crisis response, with especial skills in security infrastructure, analysis, response, compliance and ISMS according to ISO 27001.

Matthias Muhlert works currently as Chief Information Security Officer of HELLA in
Lippstadt and is responsible for global information security management in more than 30 countries.
Before HELLA, Matthias Muhlert worked as department head at the Chief Security Office of UniCredit Bank in Munich being responsible for the complete IT Security Management of several large international branches.

Mark Howell is the Attivo Networks Vice President of UK and Ireland /European Operations. Mark is responsible for scaling the Attivo customer development efforts around its ThreatDefend™ Deception and Response Platform by leveraging his 20+ years’ experience in developing enterprise and channel distribution partnerships throughout the region.
Prior to joining Attivo Networks, Howell was the UK and Ireland Country Manager for BDNA (acquired by Flexera), where he managed the software supply chain company’s operations in the region for the past two years. Before joining BDNA, Howell was the Country Manager of fast-growing wireless LAN provider Meru Networks (acquired by Fortinet). At Meru, Howell received the International Sales Manager of the Year Award in 2009. Howell also brings extensive experience managing the EMEA distribution channel for Juniper Networks and Cisco.

Michael has been the head of security for AXA in the UK for more than five years.  Prior to that he was a director of Downtown Associates, an information security and privacy consultancy, where he assisted firms in the Lloyd’s Insurance market.   Previously to that he was the Global Head of Information Security as well as the Global Head of Privacy and Data Protection for the investment bank Dresdner Kleinwort,  Michael has a strong side-interest in computer forensics and in the management of digital evidence. He graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics and Computer Science. He has since lived in three continents and has lectured globally on security technology issues. Since 1996 has been working in Security and Technology in Financial Services in London.

Mike was a police officer for 30 years.  The latter 5 years of his career he was a senior officer seconded to a central government agency involved in the security of the Police National Network, a UK wide IP comms and data network. He is now Head of Security at the National Crime Agency. He is a fellow of the Institute of Information Security Professionals (IISP) an elected member of the Information Assurance Advisory Council’s (IAAC) management committee and a Government Liaison Panel representative on the IAAC Board.  His qualifications include an MSc in IT Security; ISO27001 lead auditor and a SANS GIAC holder. He has presented at numerous national and international conferences. Mike is currently working on a PhD (part time), at the Defence Academy, Cranfield University, Shrivenham, where he is researching the Critical Success Factors required to improve security incident reporting.

Mark is a recruitment and executive search specialist who heads the Security Practice at Barclay Simpson Corporate Governance Recruitment. He has 16 years’ experience of recruiting information security leadership roles in the UK and Europe.

“I am interested in building security fundamentals into the software development lifecycle. I believe that giving developers the power to build secure software is the most effective way to protect against cyber attacks. No technology can be as creative and effective as a curious person with solid understanding of security issues. As the CEO of Avatao, I am responsible to build a hands-on, online exercise platform where developers and security professionals can try new security techniques, learn how to use developer tools securely and get to know the basic concepts in software security. In a former life, I was a security researcher at UC Berkeley, USA where our team used large-scale data analysis to understand and disrupt the underground economy of spammers.

 Marc is a senior security practitioner with over 20 years of experience crossing multiple industry sectors, from financial services to publishing. For the past 7 years, he has led security improvement programmes for the likes of Pearson, T-Systems and Symantec. He is currently the CISO at Company85, where he runs the security practice with a focus on ensuring information security enables and supports business goals.

Having worked in IT for nearly 40 years, specialising in information risk, protection, security and compliance for the latter 26 years or so, Marcus decided to retire in mid-2017 but was quickly lured back to take on an advisory role for a Tier 1 UK bank.  At the start of 2018, Marcus also joined the Cymmetria Advisory Board as Chief Risk Officer.

In his previous role at Lloyd’s Marcus was responsible for ensuring that risks to IT and information were understood and correctly mitigated in a cost effective manner throughout the corporation, both in the UK and in its overseas locations.  His role extended to providing second line of defence assurance to this effect to Executive, Senior and Line Management.  Marcus also had corporate responsibility for Data Protection and Privacy and provided thought leadership on emerging digital related risks pertinent to the Lloyd’s market.

Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory and specialising in information security strategy definition and implementation.  Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, a leading card issuer and merchant acquirer and part of Barclays plc.

Marcus doesn’t have much spare time but what he has he enjoys in Dorset on the South Coast of England where he and his husband live.

Max Robin, Senior Cyber Security Manager at Darktrace, has extensive experience in the Cyber Security space, primarily in the world of SaaS and network security across all of EMEA and the US. From spending several years working at the centre of the technology industry in Silicon Valley, he has a firm grip on the challenges modern businesses are facing, and a strong pulse on the issues that are next to come. At Darktrace, Max continues to help organizations of every size and across all sectors to mitigate their enterprise vulnerabilities, both internally and externally.

Neil is one of the few IT Directors with an Information Security background.  With over 25 years’ experience in both commercial and government information systems security and a proven track record in the specification, design and implementation of complex IT and security infrastructure solutions to meet business requirements. This experience includes network infrastructure, server infrastructure, operating systems, applications, information security, penetration testing, business requirements gathering, analysis, interpretation and delivery of pragmatic cost-effective solutions.

Nuno Teodoro is an information security expert with over 10 year of experience having its expertise on Cybersecurity & Threat Intelligence Strategies, CSIRT & SOCs, Data Privacy and Application Security Programs. With a background of B.Sc. and M.Sc. in computer engineering, he is pursuing a Ph.D in Cybersecurity, with several published papers. Currently he is the Global Chief Information Security Officer (CISO) for Truphone, and as served as an Information Security Expert and Information Security Officer in multinational Organizations like Vodafone and Allianz. He is a board member of ISACA Portugal and is currently an invited professor in several universities scoping his lectures in Cybersecurity Strategies and Data Privacy initiatives

Paul is the Group CISO for Unipart Group of Companies. With nine years’ experience in the cyber security world, including consulting to some of the world’s biggest brands, he engages with the business at board level to enable trusted secure commerce. With an ‘ethical hacker’ background, he is able to address complex security challenges but is equally passionate about driving effective change through unambiguous leadership and communication. Paul is a regular speaker at various industry conferences such as the e-Crime Congress, PCI London and the GBI CISO Summit. When he isn’t keeping Unipart safe, you can find him tinkering with code

and figuring out how to inspire the next generation of cyber security professionals. Paul is proud to be shortlisted as CISO of the Year 2017. You can reach him on LinkedIn or on Twitter at @pjh_22.

Garrison was founded in 2014 to solve one of cyber security’s most intractable problems: how to enable users to use the Internet without exposing themselves to its risks. Garrison has developed patented web isolation technology to provide hardware-enforced secure remote browsing for enterprise customers. I joined Garrison in 2017 to develop and manage its business across Europe’s commercial sectors.

My previous experience includes: telecoms and security consulting; account management and mineral exploration – prospecting mainly for gold.

I also like to blog on topics that interest me such as the psychology of risk decision-making, cyber security, forecasting and the utility of allegedly world-saving new technologies. I try to give readers a wryly original point of view that in some way makes their lives better.

Experience of more than 15 years in IT Governance, Risk and compliance, auditing, consulting (information systems and processes) and Project Management. Experience in the Stock Market exchange (Euronext), Finance and Banking(Banco BPI) and other markets (Energy, Telecommunications, Government, , Retail). Experience in innovation processes, projects and creative problem solving.


Peter has a UK military background and led troops during Counter-Insurgency and CT operations in Afghanistan, Iraq, Northern Ireland, Kenya and Somalia. He now delivers holistic security risk management solutions for CNI, corporates, private wealth firms and major events.  Peter specialises in hybrid (physical, personnel and technical) Red Team Penetration Testing which replicates the sophisticated threats facing CNI and businesses.  He blends open source research; Wi-Fi attack; hostile reconnaissance; surveillance; phishing; spoofing; social engineering (by phone, online and in person); physical intrusion; and computer network exploitation.

Quentyn Taylor is Director of Information Security for Canon Europe. He has a wealth of experience in both the IT and information security arenas and, in recent years, has focused his attention on building business relationships across the world.

Quentyn has driven Canon’s strategy to highlight the importance of document security and help business customers to minimise their security risk. Quentyn strongly believes in educating users about the importance of a comprehensive, overall security framework that will allow Canon’s business customers to improve security in a cost-effective way.

During his career, Quentyn has worked in a variety of industries for a number of organisations including outsourced service providers, Internet service providers as well as Dotcom businesses, before moving to Canon in 2000.

Robert is a security, intelligence and EOD executive with a UK Military background. He has broad strategic and operational experience and has advised senior staff, diplomats and government officials on aspects of security, intelligence, threat analysis, crises management, and resilience strategies. He has been the UN Security and EOD Advisor; Liaison officer for the UNMAS and UNOPS and has experience with NATO, the GCC, African Union, OSCE, EUPOL, FCO and others. Robert is a respected expert, has specialist research background on suicide bombing and has provided thematic briefs on worldwide security issues relevant to UNMAS/UNOPS missions.

Robert Coles is a Visiting Professor at Royal Holloway, University of London, where he is conducting his research into security culture change. He also runs his own consulting business. Prior to this, Robert was the first Chief Information Security Officer at GSK from 2013 to 2018.

Robert held several CISO roles prior to joining GSK. He was the first CISO at National Grid and Merrill Lynch before that. In all these roles, he owned the information security risk and was responsible for providing global leadership. He was accountable to the Executive and PLC Boards for establishing information security strategy and direction. Building global information security capabilities and overseeing all of the information security initiatives across the organisations has been his primary career focus.


Robert has been working in the field of Information Security for over 30 years, including “head of” roles at Royal Bank of Scotland, and the lead partner in KPMG’s Information Security Services for EMEA.

Robert has extensive links with major industry information security networking groups and government security agencies.  He also has links with a number of universities and participates in leading edge research, particularly with Royal Holloway where he is an Executive Sponsor for the Institute of Information Security Innovation, and Cranfield University where he is a External Advisory Board member. He was awarded a PhD in psychology at the University of Leeds in the perceptions of information and IT risk and has published and presented on this and other topics.

As an advisor to CISOs and CIOs, Rob has first hand experience of helping security teams assess their position, build their strategy and deliver successful programmes. At Lisbon 2018, Rob will be sharing his experience of working alongside Skanska and the NSPCC to build target operating models for a new era of cybersecurity. Rob has the insider track on CISO thinking on Cloud Security, Supply Chain Risk, GDPR, and Operating Models. Join him and Adam Drabik of Opel Vauxhall Finance on 21st June at 8.20 for a breakfast meet up.

Previously the CISO for a large online retailer with revenues approaching £1B, Richard is familiar with the cybersecurity capabilities required to meet the challenges facing digital first organisations. Having worked in IT for much of his career, he has over twenty years of hands on experience to rely upon. Richard was lucky enough to remember a period when IT was merely a recreational activity. A keen 1980’s gamer and C64 programmer, Richard’s IT hobby quickly became a career after short but promising accountancy debut. On the road to his Information & Cyber Security career, Richard got the opportunity to work in various IT Operational roles; starting with desktop and server infrastructure and many years later, leading the network security. Richard has also been fortunate enough to have seen first-hand how our personal and professional reliance on technology has dramatically changed. Only ten years ago, an IT department controlled what a user had access to and how they connected; now the user demands access to applications of their choosing at a time they specify and on a device and platform they mandate. The external perception of information security has also changed dramatically, establishing itself as a key business function; an important business unit adding strategic value – historically seen only as the expensive retrospective checkbox! Now the Group CISO for SecureLink, Richard has the responsibility for directing internal Information Security & Compliance across both European and emerging markets.

Assistant Professor at University of Lisbon (ISEG) and Atlantica University. More than ten years’ experience as a consultant in the fields of information systems management, IT auditing and information security. Several professional certificates from organizations such as: CISSP, CISA, CISM, CEH, CPTS, APOGEP/IPMA-D, COBIT, ITIL. 

Dr. Sally Leivesley, Director, Newrisk Ltd and Co-Founder, TEG7 Group LLP – advises companies and governments on catastrophic risk where losses to companies and governments may involve critical functions essential for operations and reputation. She runs exercises to stress test critical function failures and resilience capability. Dr. Leivesley is known for her appearances on aviation terror attacks, ISIS, Al Qaeda, Al Shabaab and other international terrorism, cyber breaches, CNI protection and government policy on the BBC World Service, ITV This Morning and other UK based media and European, Middle East and Australian media. She raised the forensic importance of the risk of cyber hijacking of flight MH370 which was the subject of a Discovery Channel documentary and has been a commentator on the risks relevant to Donald Trump economic, terror and nuclear influences during his Presidential campaign and on his election. Dr Leivesley works in conjunction with The Exercise Group7 (TEG7) a London based group of companies that specialise in resilience operations for cyber-attacks, international terrorism and nation state threats and solutions for business and government-critical infrastructure.  The focus is on testing through exercises, assurance and pen tests using an integrated approach to all hazards including social factors. ( In the UK she has been a member of the technical committee for the first IET (formerly IEE) guidance document on Resilience and Cyber Security of Technology in the Built Environment which was supported by the Centre for the Protection of National Infrastructure. She is also a member of the British Register for Security Engineers and Specialists established to advise at a strategic level on terrorist and other extreme threats to critical infrastructure. She interfaces with a USA company to extend exercising for aviation and energy industries.  Dr Leivesley originally trained as a Scientific Advisor with the British Home Office. She is a specialist in CBRN.

 Stephen Khan is currently Head of Technology and Cyber Security Risk with HSBC Group Information Security Risk. Before joining HSBC, Stephen was at RBS and held the position of Global Head Security Strategy, Architecture and Engineering; and Global Head of Security Transformation programmes.

Stephen has extensive’ experience in Information and Cyber Security including experience of establishing, delivering, and managing global cyber security organisations & global services for complex global and highly regulated organisations to effectively manage information assurance; privacy; and cyber security risk & Cyber security operations to drive strategic business value.

Stephen’s experience spans across multiple business functions; industry verticals including Finance; Pharmaceutical and Manufacturing.

Stephen combines business acumen and commercial experience with deep cyber security expertise to deliver long term strategic business value by building high performing capable teams and strong stakeholder management.


Stephen is on the board of White Hat Events which runs information security charity events including White Hat Ball; and White Hat Rally to support NSPCC ChildLine & Barnardo’s.

Stephen contributes to the wider Cyber Security community via industry forms, coaching and mentoring future leaders; and executive engagements with his peers across multiple sectors.”

Steve joined The John Lewis Partnership in April 2016 and is responsible for both the Information Security and Data Privacy, both of these enable the John Lewis Partnership to protect the personal data of our customers and partners, to be compliant with data protection laws and regulations, and to provide trust and transparency – resulting in greater brand experiences across our digital, mobile and ecommerce channels. Steve is passionate about big data and all things digital. With more than 20 years’ experience, designing, developing, managing and delivering transformational data, governance, privacy and security programmes, Steve’s vast experience as a pragmatic and charismatic leader, ideally places him as a ‘trusted advisor’ at board level on all privacy and security related matters. Steve is also a published author, a non-executive director and is regularly invited to speak at industry events, trade associations and thought leadership working groups, working towards continually finding new ways to increase trust and transparency in respect of consumer services, business functions and product vendors.

Steve strongly believes that governance, cyber security and privacy are all inextricably linked as they share common objectives and principles, and therefore, require satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘data trust and assurance’ programmes based on the fundamental principles of transparency, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime. Having once served as a CISO, and held senior roles at, Unilever, Deloitte, PwC, Siemens and Capita, Steve has a full appreciation of what is required to get the job done in a cost effective, pragmatic and timely fashion with a natural ability to lead from the front, to coach others and to take responsibility consistently, courageously and with integrity.

Tim founded 2|SEC in 2011, with the vision of becoming the UK’s best Cyber Security Resilience partner for Financial Services firms in the City. Since then 2|SEC has grown from strength to strength; and engage in a number of high profile Cyber Security projects, including penetration testing of some of the world’s best known brands. Tim is an avid cyclist and winter sports enthusiast.

Dr Vasileios Karagiannopoulos holds an LLB from Athens Law School and an LLM in Information Technology and Telecommunications Law and a PhD in Law from the University of Strathclyde, School of Law. He has taught Information Technology Law, Intellectual Property Law, E-commerce Law and Human Rights Law for Strathclyde and Edinburgh Law Schools and is now a Senior Lecturer in Law and Cybercrime working for the Institute of Criminal Justice Studies (ICJS), University of Portsmouth. Vasileios has designed and is the course leader for the new ICJS BSc in Criminology and Cybercrime starting this September. He is also the Director of the Portsmouth Cybercrime Awareness Clinic, a project funded by Hampshire Constabulary, aiming to increase awareness and build resilience to cybercrime in the local community through research and public engagement activities with SMEs and vulnerable populations. Vasileios is the Chair of the ICJS Research Ethics Committee and Vice-Chair of the Faculty Research Ethics Committee and is also an IISP Certified Forensic Investigations Practitioner. He has published in UK and US peer reviewed journals on the topics of computer misuse law and insider unauthorised access, the impact of social media during the Arab Spring and also Internet regulation in the People’s Republic of China. His new monograph by Palgrave Macmillan, Living with Hacktivism: From Conflict to Symbiosis, focuses on hacktivism and discusses the challenges faced by the US and UK criminal justice systems when dealing with such phenomena. In this book, Vasileios puts forward an alternative rationale and practical responses to hacktivism with the aim of ameliorating the inefficiencies and injustices identified in current approaches.

Dr. Viktor Polic, Adjunct Faculty, Webster University Geneva & CISO, International Labour Organization United Nations. The ILO is a specialized agency of the United Nations. Viktor’s 25-year career in the IT spans different roles across financial, humanitarian, standardization and development multilateral public sector organizations (ITU, UNCC, UNHCR). Viktor conducts research in cryptography, data protection regulation, and risk management. Since the Internet bubble, he is teaching computer science and telecommunications courses as adjunct faculty at Webster University in Geneva. Viktor is a member of the Scientific Committee for Advanced Studies in Information Security at University of Geneva. He advocates for advancement in information security as an author in journals and his personal blog (, and as a speaker at numerous international security conferences.  Viktor holds a Ph.D. in Cryptography and Advanced Protection Systems, MA in Computer Resources and Information Management, and BSc in Computer Science. He is a member of (ISC)2, ISACA and IACR.

Victoria Baines is a leading author and speaker in the field of cybersecurity. Her areas of research include electronic surveillance and evidence gathering, the changing face of online identity, and the politics of cybersecurity. She has appeared on the BBC, CNN and other major broadcast media outlets as an authority on the misuse of emerging technologies, including Virtual Reality. She serves on the Advisory Board of the International Association of Internet Hotlines (INHOPE).

For several years, Victoria was Facebook’s Trust & Safety Manager for Europe, Middle East and Africa. Her work focused on operational support to law enforcement, and strategic engagement with policy makers on criminal activity online. Before joining Facebook, Victoria led the Strategy & Prevention team at Europol’s European Cybercrime Centre (EC3), where she was responsible for the European Union’s cyber threat analysis. She designed and developed the iOCTA, Europe’s flagship product on cybercrime, and authored 2020, scenarios for the future of cybercrime that were the basis for Trend Micro’s successful short film series of the same name.


Earlier in her career Victoria was Principal Analyst for online child protection at the UK Serious Organised Crime Agency (SOCA), and was responsible for the UK’s threat assessment of online child safety issues. She began her career in law enforcement in 2005 as a Higher Intelligence Analyst for Surrey Police. In 2008, the International Association for Law Enforcement Intelligence Analysts recognised Victoria’s work for the public sector with an award for outstanding achievement.

Victoria is a graduate of Trinity College, Oxford and holds a doctorate in classical literature. She is a Visiting Associate of the Oxford Internet Institute (Oxford University), and a Visiting Fellow at Bournemouth University School of Computing.

Yolande has had a broad career not only in cyber security and information protection, but also procurement, commercial management and pricing strategy. She is fascinated by the opportunities of the digital economy and how these can be appropriately balanced with individuals’ privacy. She is currently retained by a major telco to advise on a transformation strategy, having recently stepped down as the Chief Information Security Officer for pharmaceutical distributor McKesson’s European region. McKesson is Fortune 5, has revenues of $198bn per annum and operations in 14 European countries, employing 35,000 people.
Yolande served as Global Chief Information Security Officer for FTSE10 consumer goods giant SABMiller until its acquisition by ABInbev. As Global CISO, Yolande briefed the Audit Committee on cyber risk, regularly reported all information security matters to SABMiller’s ExCom, collaborated with Group Legal to implement the privacy policy, cookie policy, consumer data handling policy and information security policy, and mobilised a multi-million dollar capital investment programme to enhance security tooling. She has previously worked for the Metropolitan Police Services as ICT Procurement Director running a department that oversaw £300m in annual spend. Prior to this, she shaped her early career as a Management Consultant for PA Consulting Group and PricewaterhouseCoopers, with clients including PepsiCo, GSK, Tetley Tea, NXP and HMRC. She led specialist teams to drive transformation, cost reduction and security improvements.

Enquire about becoming a speaker

 We are always looking for:

  • keynote insights, cutting-edge ‘live’ demos
  • new best practice corporate case studies, fresh ideas, forward thinking topics on security and governance matters
  • sessions with actionable takeaways and positive contributions to the output reports
  • the world’s smartest thinkers and doers in security, cyber, privacy, resilience, risk, governance, compliance

We welcome your input into shaping the agenda and speaker panels.

Our programmes are highly researched with practitioners who do the job day in and day out. They are organic to ensure that we remain agile to meet the most current requirements.

For further information, please contact Sara Hook
+44 (0)20 7936 8989 or

Back to Pulse Conferences

You currently have JavaScript disabled!

This site requires JavaScript to be enabled. Some functions of the site may not be usable or the site may not look correct until you enable JavaScript. You can enable JavaScript by following this tutorial. Once JavaScript is enabled, this message will be removed.