10-11 Carlton House Terrace, London, Westminster, SW1Y 5AH

CISO 360 Think Tank: Cyber Risk Quantification

How are CISOs Measuring and Communicating What Matters in Cybersecurity Risk?

How Are Expectations Evolving at Pace with AI?

Wednesday 18 March 2026
{10-11} Carlton House Terrace and Gardens – Westminster – London

Timings:
14:00-14:30       Guests Arrivals and Afternoon Tea
14:30-17:10       Fireside Chat and Roundtable Discussions 
17:10-19:00       Networking Reception 

Register
Download Guest PDF Invitation
Download "I am attending" Social banner

Add to Calendar


AppleGoogleOffice 365OutlookOutlook.comYahoo

 

You are warmly invited to an exclusive half-day – CISO 360 Think Tank on Cyber Risk Quantification taking place on Wednesday, 18 March at 10–11 Carlton House Terrace. This iconic London venue overlooks St James’s Park, Whitehall, and The Mall, offering a setting worthy of this senior-level, strategic conversation.

Hosted by Pulse Conferences and kindly sponsored by Qualys, this CISO 360 Think Tank brings together a group of  CISOs and senior cybersecurity practitioners for a closed-door, peer-led conversation focused on a topic that is close to the hearts of many CISOs today: how is cyber risk quantified, prioritised, and communicated in a way that boards can genuinely act upon? How are expectations evolving at pace with AI?

 Start with afternoon tea, CISOs and cybersecurity practitioners are then invited to share their experiences and knowledge on measuring and communicating what matters most in cybersecurity risk in smaller roundtables co-steered by a prominent CISO and senior Qualys executives.

Questions:

  • How do CISOs measure, quantify, and communicate cyber risk?
  • What does CRQ “success” look like at board level?
  • Are we confident our organisation is managing the right risks?
  • What metric gets the best reaction when you share it?
  • How are we balancing ROI in innovation with security?
  • How are we communicating cyber risk to the Board?  
  • What are our predictions on what risk reduction and measures will look like in the next 5-10 years?

Be part of the conversation!

Held under The Chatham House Rule.

  • Benchmark and share learnings with CISO peers 
  • Actionable takeaways and future-facing risk perspectives to enhance cybersecurity posture
  • Learn from real-world journeys and experience shared, what works, what doesn’t
  • Forge connections to expand your professional network with CISO peers

The day concludes with a networking reception, keep talking with peers in a more relaxed setting.

Many thanks and we look forward to meeting you there.

CISO 360 Team
Pulse Conferences

Please note:

Places are limited and reserved for CISOs and Senior Cybersecurity Practitioners.

Moderator

Matt Middleton-Leal, Managing Director, EMEA North, Qualys
With 20 years spent working in the security industry, Matt brings significant experience to his role at Qualys. He has worked for many organisations, specialising in areas such as risk management, identity and access management, application, network and database security. Matt most recently held the position of General Manager EMEA and Board member at Netwrix Corporation.  Previous to this role Matt held senior roles at CyberArk Software, IBM Security Systems, and CA where he had spent six years, working on their largest information security projects. Matt is a CISSP® – Certified Information Systems Security Professional.

Sponsored by

Hosted by

About Qualys

Qualys is a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions with over 19,000 active customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

For more information, please visit www.qualys.com

Why Participate?

  • Hear directly from peers how cyber risk quantification is landing at board level
  • Benchmark your approach against other CISOs and senior security leaders facing similar challenges across sectors
  • Engage in trusted, closed-door discussion under The Chatham House Rule
  • Build peer relationships during the roundtable discussions, afternoon tea and the reception

Practicalities

  • Chatham House Rule applies. Discussions are confidential and non-attributed, creating the space for honest exchange, challenge, and insight among peers.
  • This invitation-only Think Tank is complimentary for CISOs and senior cybersecurity practitioners and intentionally limited to ensure meaningful, high-value discussion.
  • Seating is strictly limited, with places allocated on a first-to-confirm basis.

Speakers include

Ivan Milenkovic is the VP of Cyber Risk Technology at Qualys and a certified S-CISO with global experience leading security programs across five continents. He has built and led cyber teams of 100+, managed €30M+ budgets, and established global resilience centres. Ivan is a mentor for SECO’s CISO 2.0 Program and a founding member of the pan-European CISO Tribe, focusing on strategy, resilience, and risk communication.

Thomas Eeles, Head of IT & IT Security, Gumtree.com
Thomas has been working in commercial Cybersecurity Incident Response for over ten years, running a CSIRT’s across Europe and responding to hundreds of incidents a year. Prior to his current role, Thomas was working as Security Operations Manager with Rightmove. 

 

Michael Colao, CISO/CSO. Former Chief Underwriter – Direct and Indirect Risks, AXA XL
Experienced CSO/CISO and Cyber Underwriter with than 25 years experience in financial services. Has a strong side-interest in computer forensics and in the management of digital evidence. Graduated from the Massachusetts Institute of Technology (MIT) in 1987 where he studied Mathematics and Computer Science. He has since lived in three continents and has lectured globally on security technology issues. Since 1996 has been working in Security and Technology in Financial Services primarily in London.

AGENDA


AGENDA

14:00 – 14:30

Guest Arrivals and Afternoon Tea 

14:30 – 14:45

Introductions
Matt Middleton-Leal, Managing Director for EMEA North, Qualys
Clive Room, Director, Pulse Conferences

14:45 – 15:25

Fireside Chat: From Quantified Cyber Risk to Strategic Advantage in an AI Era: How are CISOs Measuring and Communicating What Matters in Cybersecurity Risk? How Are Expectations Evolving at Pace?

  • What does CRQ “success” look like at board level?
  • Are we confident our organisation is managing the right risks?
  • Why does early adoption often fail?
  • What risk–reward trade-offs have helped you to secure investment for AI, innovation, or transformation?
  • How do you justify security spend using loss avoidance, resilience, or confidence metrics?
  • What metric gets the best reaction when you share it?
  • How defensible are your numbers when capital allocation is on the line?
  • In a crisis, what information do boards expect in the first 24-72 hours?

Moderated by: Matt Middleton-Leal, Managing Director for EMEA North, Qualys
Panellists including:
Thomas Eeles, Head of IT & IT Security, Gumtree.com
Michael Colao, CISO/CSO. Former Chief Underwriter – Direct and Indirect Risks, AXA XL 
Ivan Milenkovic, VP of Cyber Risk Technology, Qualys
James Gosnold, Head of Cyber Security, Ilkari
Jason Coupe, CISO, Monument

15:20 – 15:40

Coffee Break and Networking

15:40 – 17:00

Roundtable Discussions: Cyber Risk Quantification – Comparing Successes and Challenges on the what, how – and why’

Discussions on two tables. Each table has two table hosts to facilitate the input and discussion, a senior strategist from Qualys and a CISO.  Guests rotate table once after 30 minutes giving everyone the opportunity to drive this conversation forward.

Roundtable 1: What matters most – and why?

  • What are we really measuring and why?
  • Are boards ready to engage with financial cyber risk models?
  • What framing resonates most with your board – trends, thresholds or scenarios?
  • What cybersecurity metrics do you actively rely upon today?
  • Which metrics influence prioritisation and which create noise?
  • What metrics survive escalation to ExCo or Board level?
  • If you could only take three cyber metrics to your board tomorrow, what would they be and why? What decision would they support?
  • What metric gets the best reaction when you share it?

Table Hosts: Qualys + CISOs

Roundtable 2: Why are we measuring – and how?

  • Can cyber risk truly be expressed in financial terms and does this really matter?
  • Which metrics have you stopped using and why?
  • If you had to express your top vulnerability in financial exposure terms tomorrow, could you?
  • How are we linking vulnerability and visibility intelligence to real-world business risk?
  • How do you communicate risk to the Board? How do assumptions and uncertainty get challenged?
  • How do you present uncertainty without losing credibility?
  • How do you identify and protect crown-jewel assets?
  • What metric gets the best reaction when you share it?

Table Hosts: Qualys + CISOs

17:00 – 17:10

Closing Statements

 17:10 – 19:00

Networking Reception 

VENUE


VENUE

{10-11} Carlton House Terrace
London, SW1Y 5AH
www.10-11cht.com

Once the former residence of Prime Minister William Gladstone {10-11} Carlton House Terrace sits at the very heart of the capital, overlooking St James’s Park, Whitehall and the Mall. Superbly located just a short walk from Piccadilly, Charing Cross, and Embankment stations, the picturesque setting of St James’s gives the venue an air of distinction and the peaceful nature of Carlton House Terrace provides a rare reprieve from the hustle and bustle of the West End. The British Academy (housed within 10-11 Carlton House Terrace) is a forum for debate and engagement – a voice that champions the humanities and social sciences. Both through its convening power and an enhanced role as a funder of research, the Academy is developing programmes to address the great challenges of our time – nationally and internationally

The event will be hosted in the Council Room, a grand space, with impressive paintings on the walls, on loan from the National Portrait Gallery. Bright and airy with high ceilings and well-ventilated rooms that look out onto wrap around balconies, we have chosen this modern venue that is steeped in history with safety in mind and in keeping with a sense of the occasion. 

The networking hub will be in the Barnard Room, with its soaring ceilings, ornate guilt carvings and painted ceiling that will wow our guests! Located on the first floor of the venue, guests make their way to the Barnard Room room via a beautiful black marble staircase. Be enthralled by the Trompe L’oeil painted ceiling, commissioned by the Ridley family in the style of Eugene Delacroix, the leader of the French Romantic school. This unique painting remains unfinished due to the outbreak of war, during which the room was turned into a ward for wounded officers. During this transformative period, the nurses would push the beds to the open windows and people would cheer the heroes from the steps outside.

Directions to {10-11} Carlton House Terrace

{10-11} Carlton House Terrace is conveniently located just a short distance from many major transport links. Charing Cross station is an 8-minute walk. The venue is located a 2-minute walk from Trafalgar Square, behind the Institute of Directors (off Pall Mall). 

LONDON UNDERGROUND
Piccadilly Circus, Charing Cross, Embankment

MAINLINE TRAINS
Charing Cross, Waterloo.

BUS
Buses to all parts of London run every minute from Trafalgar Square.

PARKING INFORMATION
Please click here to get discounted parking rates at Trafalgar Parking.
For further travel information or to plan your journey, please click here.

Back to Pulse Conferences

You currently have JavaScript disabled!

This site requires JavaScript to be enabled. Some functions of the site may not be usable or the site may not look correct until you enable JavaScript. You can enable JavaScript by following this tutorial. Once JavaScript is enabled, this message will be removed.