Stephen Bonner
Managing Director of Information Risk Management (IRM), Barclays

Based in London, Mr Bonner is responsible for managing the global information risk team that safeguard the integrity and security of Barclays information, infrastructure and applications by identifying, managing and leading all aspects of Information Risk.

Mr. Bonner who holds a CISSP, CLAS and SANS GIAC certifications and is a member of the British Computer Society and a founder associate member of the Institute of Information Security Professionals, joined Barclays in 2003 from LIFFE, where he was Information Security Manager responsible for protecting transactions worth $12 trillion per month.

Speaking at: ISL Manchester and Bristol

Session Details: Stephen’s talk will cover how transforming threats and technologies lead to a need for transformed techniques and teams to make sure agile business needs are met and empowered by well-managed information risk.

Paul Fisher
Editor, SC Magazine

Paul Fisher has 20 years experience as an IT journalist and editor, working with some of the world’s biggest technical publishing groups, including IDG and VNU. During the PC boom of the1990s he edited two market leading computing titles, Personal Computer World and PC Advisor, and also helped launch Internet World.

He has worked as an adviser to IBM on corporate communications and produced technical marketing material for other leading high-tech companies including Alcatel-Lucent and Schlumberger. He has also worked as a Senior Editor at AOL UK and was Editor in Chief at DirectGov, the government’s flagship public services web portal.

He is currently the UK editor of SC Magazine, the only global brand devoted to information security and risk professionals and produces magazines and websites in London, New York and Sydney.

Speaking at: ISL Manchester, Edinburgh, Bristol and London

Session Details: Coming soon

Mike St John Green
Office of Cyber Security & Information Assurance, Cabinet Office

Mike joins the OCSIA (Office of Cyber Security and Information Assurance) on secondment following a long career in GCHQ and latterly its sister organisation CESG, where he was responsible amongst other things for relations with industry and international relations. As Deputy Director of OCSIA, Mike is the “public face” of the organisation both in the UK and internationally.

Speaking at: ISL London

Session Details: Coming soon

David Ross
Head of Technology Risk & Security for National Australia Group Europe (NAGE)

As the Head of Technology Risk & Security for National Australia Group Europe (NAGE), David has responsibility for Clydesdale & Yorkshire banks IT security in the UK and governance oversight of operational risks for the Technology division in the UK. This includes security provisioning and risk assessments across applications, infrastructure, projects and data; it also involves cross-business-unit collaboration with teams in Australia & New Zealand. David has been in numerous Senior Management roles in a variety of disciplines within NAGE including Application Development, Project & Programme Delivery and more recently in Information Security.

Speaking at: ISL Edinburgh

Session Details: Information Stewardship: Systems Perspectives, Systems Solutions

Paul Wood MBE
CSO, Aviva

Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist and executive protection. He has worked in a number of security roles within government from 1974 as well as Head of Corporate Security for the Civil Aviation Authority, Information Security Consultant for Zergo, Chief Security Officer for UBS Investment Bank and Group Chief Security Officer for Aviva Group.

Speaking at: ISL London

Session Details: Influencing the Board – a CSO view

Selling your approach to the board or senior executives can be a daunting task. In this presentation Paul will outline some of the lessons he has learnt and some of the tips he thinks are useful in preparing yourself and your pitch to the Board.

Ian Lawden
IT Security Operations Manager for DWP

Ian is a career Civil Servant who has worked in both the operational side of UK Government as well as 'back office' Infrastructure and Supplier Management roles. As an Information Systems Security Professional (CISSP) and an ITIL v3 ‘Expert’, Ian has been instrumental in coordinating and shaping the security services provided by 3rd party IT service providers within the DWP.

Speaking at: ISL Manchester, Bristol and Edinburgh

Session Details: IT Security Operations Management – From Art to Science
Hear how it really is possible to reduce the risk of making a bad decision and mitigating its consequences by considering certain techniques and strategies.

    •    What are the pressures that lead us to make inappropriate decisions when dealing with day to day issues?
    •    Why are sound decisions vital to the overall security posture of the organisation?
    •    Can we be sure that security controls are appropriate, effective and comprehensive?
    •    How deep is your "defence in depth?
    •    How can security analytics help in making immediate, medium term and longer term decisions?
 

Larry Ponemon Ph.D.
CIPP, Chairman and Founder, Ponemon Institute

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy and data protection practices. He consults with leading multinational organisations on global privacy management programs and has extensive knowledge of regulatory frameworks for managing privacy and data security. Past roles include being appointed to the Advisory Committee for Online Access & Security for the US Federal Trade Commission, an appointment by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security and to two California State task forces on privacy and data security laws. Dr. Ponemon was also a senior partner of PricewaterhouseCoopers, where he founded the firm’s global compliance risk management group.

Speaking at: ISL Manchester

Session Details: Coming soon

Mark Brown, MBCI
CISO SAB Miller

Mark has eighteen years experience in corporate and information security, information risk management, business continuity and risk consultancy. He began his career as a member of HM Forces (Army) where he specialised in security management before moving into the commercial sector. In his role at SABMiller, Mark assumes responsibility for the global strategic management and oversight of all aspects of information security & compliance, information risk management and IT disaster recovery.

Speaking at: ISL London

Session Details: Often perceived as business blockers and not adding business value, the importance of information security and information risk management is becoming increasingly important as economies and business recovers from the turbulence of the past 2 years.  This change in perception of the function provides Information Security professionals with a platform to finally become listened to at a higher level, potentially all the way up to Board and Director level, however many in the industry are failing to recognise this opportunity, or are unable to step up to the challenges being made of them. 

Key to ensuring acceptance by the business as a "value-add" function is the existence of a strategy aligned to the wider business strategy, yet many Chief Information Security Officers (CISOs) seem unable to embrace this challenge and deliver success, concentrating on policy based tick-box compliance, and therefore are we as an industry not at an inflection point that requires a change in thinking of the modern CISO and indeed should they be IT or business focussed?

Over the past 10 years, Jonathan has written and spoken extensively on security, focusing on trends, innovations, and challenges in security solutions and practices. He provides advice and support about IT security technologies, services, and requirements to vendors and service providers, helping to shape their overall strategies and market positioning, as well as their product, services, sales, and partnering plans. Having previously worked as an engineer and product manager for several high-tech companies, Jonathan came to Forrester in 2003 where he was an analyst covering the areas of both identity management and collaboration.

Speaking at: ISL Manchester and Edinburgh

Session Details: Adapting to the New IT Security Realities in the Changing Enterprise

Security attention and controls have permeated all of IT: in applications, platforms, networks, or devices. Yet trends such as cloud and SaaS, employee mobility, Web 2.0, and consumerization mean that IT is no longer a tightly controlled set of assets within well-defined corporate boundaries. At the same time, organizations are struggling to keep up with the rapidly changing threat landscape and a hacker adversary with significant capabilities and resources. To cope, security managers must devise new ways to maximize the impact of their security controls and minimize business risk while allowing for and even enabling these trends towards a more open IT environment. In this presentation, Jonathan Penn of Forrester Research will discuss the major forces challenging IT security, and will provide insight into how leading organizations are adapting their security practices to embrace these change while protecting their businesses.

Andras is a leading expert on identity management, access management, user account provisioning, entitlement management, federation, privileged identity management, and role design and management. Andras helps clients develop enterprise strategy for creating business value through identity management. Prior to joining Forrester, Andras was a security architect with CA Technical Services. He designed the architecture and led the implementation of Fortune 500 companies' identity and access management and provisioning solutions. Previously, Andras managed business process re-engineering projects.

Speaking at: ISL London and Bristol

Session Details: Adapting to the New IT Security Realities in the Changing Enterprise

Security attention and controls have permeated all of IT: in applications, platforms, networks, or devices. Yet trends such as cloud and SaaS, employee mobility, Web 2.0, and consumerization mean that IT is no longer a tightly controlled set of assets within well-defined corporate boundaries. At the same time, organizations are struggling to keep up with the rapidly changing threat landscape and a hacker adversary with significant capabilities and resources. To cope, security managers must devise new ways to maximize the impact of their security controls and minimize business risk while allowing for and even enabling these trends towards a more open IT environment. In this presentation, Andras Cser of Forrester Research will discuss the major forces challenging IT security, and will provide insight into how leading organizations are adapting their security practices to embrace these change while protecting their businesses.

Professor David Pym is 6th Century Chair in Logic, and SICSA Professor of Computing Science, at the University of Aberdeen. He is also Head of the School of Natural and Computing Sciences. Until recently he worked in HP Labs, where he led the research that gave rise to HP Information Security's 'Security Analytics' offering. Previous positions include Professor of Logic & Computation at the University of Bath, a Royal Society Industry Fellowship at HP Labs, and Professor of Logic at Queen Mary, University of London. Pym holds doctorates from Cambridge (ScD, Mathematics) and Edinburgh (PhD, Computer Science) and is a Fellow of the British Computer Society and the Institute of Mathematics. He is a member of CESG's Information Assurance Academic Advisory Group, and continues to work closely with HP Labs via several projects supported by the UK's Technology Strategy Board.

Speaking at: ISL Edinburgh

Session Details: Information Security: Systems Perspectives, Systems Solutions

Simon Shiu (PhD M.Inst.ISP)

Simon manages HP Labs research in information security. Areas we focus on include security analytics, situational awareness, trusted infrastructure and privacy. Simon has worked in security for over 10 years managing a series of collaborative research projects, customer pilots and publishing several papers and articles. Simon gained a PhD in computer science from Durham University and is a visiting professor at Newcastle University.

Speaking at: ISL Bristol

Session Details: HP Labs Research on how to transform the security management lifecycle

Speaking at: ISL Manchester & Edinburgh

Session Details: Enterprise security – time to transform?

Speaking at: ISL Manchester & Edinburgh

Session Details: Moving beyond the illusion of consumerisation

Consumerisation represents the legitimate advancement of personal technology - smart phones and tablets are all part of this. Only backward looking enterprises will try and resist this trend, surely?
Attackers care little about hardware and operating systems, they attack data and applications and infrastructures. We need to stop obsessing about brands, platforms and devices: Apple, Windows, Android, iOS, iPads, Blackberrys, etc. Instead we look at all of these as containers; we need to think about how to secure the containerisation of data.

How can you monitor and secure the data flows across enterprises, in and out of consumer devices, and onto personal mailboxes. When will we develop compliant, platform agnostic and geo-aware data security? Can we? Do we have a choice not to?
Ninety nine per cent of vulnerabilities could be resolved by writing better code in the first place. But code is written by fallible humans. Where is the innovation that will enable errors and vulnerabilities to be designed out of critical software application and eliminate human error?

Speaking at: How to profit from change

Session Details: Embracing Changing IT Paradigms & Addressing New Data Security Risks

Speaking at: ISL Edinburgh & London

Session Details: Managing Privilege in today’s agile business

Speaking at: ISL Edinburgh & Manchester

Session Details: Is technology ubiquity a chance to reconnect security?

With annual smart devices shipments expected to reach 150million by 2015, the nature of IT usage is changing, as traditional IT usage boundaries evolve. With new business opportunity comes potential new risk. During this session we will define the key risks and assess if and how security must evolve to keep pace with technology, our increasingly diverse use cases and the ever changing threat-scape. With such breadth how will we turn the current tide and re-connect increasingly fragmented security solutions across the spectrum of our IT systems? Significantly, how do we achieve all this without costs spiralling when traditionally more security = most cost. Can we redefine the security model to achieve more with less?

Speaking at: ISL Bristol & London

Session Details: Is technology ubiquity a chance to reconnect security?

With annual smart devices shipments expected to reach 150million by 2015, the nature of IT usage is changing, as traditional IT usage boundaries evolve. With new business opportunity comes potential new risk. During this session we will define the key risks and assess if and how security must evolve to keep pace with technology, our increasingly diverse use cases and the ever changing threat-scape. With such breadth how will we turn the current tide and re-connect increasingly fragmented security solutions across the spectrum of our IT systems? Significantly, how do we achieve all this without costs spiralling when traditionally more security = most cost. Can we redefine the security model to achieve more with less?

Speaking at: ISL Edinburgh, Manchester, Bristol & London

Session Details: Transforming Security:  people, policy and enforcement

Speaking at: ISL Edinburgh and Bristol

Session Details: Unified Content Security—It’s All About Your Data

Content security is about protecting your data as data loss can mean fines, loss of reputation, loss of revenue, IP theft, etc, etc. These are all issues that will concern the board. Information Security solutions that enable business processes (rather than disable them) and deliver a competitive edge will be of interest to the Board.

Move from point, outdated solutions, like AV, to consolidated and unified solutions that protect against the very latest advanced persistent threats in real time. Move to a solution that enables IT to remain efficient in the way it provides protection to office-based employees, and remote offices/workers - i.e. hybrid.

Speaking at: ISL London

Session Details: Unified Content Security—It’s All About Your Data

Content security is about protecting your data as data loss can mean fines, loss of reputation, loss of revenue, IP theft, etc, etc. These are all issues that will concern the board. Information Security solutions that enable business processes (rather than disable them) and deliver a competitive edge will be of interest to the Board.

Move from point, outdated solutions, like AV, to consolidated and unified solutions that protect against the very latest advanced persistent threats in real time. Move to a solution that enables IT to remain efficient in the way it provides protection to office-based employees, and remote offices/workers - i.e. hybrid.

Speaking at: ISL Manchester

Session Details: Unified Content Security—It’s All About Your Data

Content security is about protecting your data as data loss can mean fines, loss of reputation, loss of revenue, IP theft, etc, etc. These are all issues that will concern the board. Information Security solutions that enable business processes (rather than disable them) and deliver a competitive edge will be of interest to the Board.

Move from point, outdated solutions, like AV, to consolidated and unified solutions that protect against the very latest advanced persistent threats in real time. Move to a solution that enables IT to remain efficient in the way it provides protection to office-based employees, and remote offices/workers - i.e. hybrid.

Speaking at: ISL Bristol & London

Session Details: Enterprise Security: Time to transform

Speaking at: ISL Edinburgh

Session Details: Virtualisation and the cloud: new security for a new era

Forward-thinking organisations are replacing physical servers and desktops with virtual machines to reduce costs, be green and increase scalability. Cloud computing is changing the traditional IT infrastructure to drive costs down further, moving servers from behind perimeter defence barriers to outside the conventional security perimeter. These new IT approaches require new security defences.

This presentation from Trend Micro discusses the critical security issues in the virtual world and outlines solutions to these challenges, detailing how choosing the right solutions can enable your business to get the best return on your virtualisation investment, while providing “better than physical” security

Speaking at: ISL Bristol & Manchester

Session Details: Virtualisation and the cloud: new security for a new era

Forward-thinking organisations are replacing physical servers and desktops with virtual machines to reduce costs, be green and increase scalability. Cloud computing is changing the traditional IT infrastructure to drive costs down further, moving servers from behind perimeter defence barriers to outside the conventional security perimeter. These new IT approaches require new security defences.

This presentation from Trend Micro discusses the critical security issues in the virtual world and outlines solutions to these challenges, detailing how choosing the right solutions can enable your business to get the best return on your virtualisation investment, while providing “better than physical” security.

Speaking at: ISL London

Session Details: Virtualisation and the cloud: new security for a new era

Forward-thinking organisations are replacing physical servers and desktops with virtual machines to reduce costs, be green and increase scalability. Cloud computing is changing the traditional IT infrastructure to drive costs down further, moving servers from behind perimeter defence barriers to outside the conventional security perimeter. These new IT approaches require new security defences.

This presentation from Trend Micro discusses the critical security issues in the virtual world and outlines solutions to these challenges, detailing how choosing the right solutions can enable your business to get the best return on your virtualisation investment, while providing “better than physical” security.

Speaking at: ISL Edinburgh, Manchester & Bristol

Session Details: 10 minute warning – a glimpse into the modern threat landscape

Speaking at: ISL Edinburgh & London

Session Details: Transforming your IT Security Posture

Speaking at: ISL Bristol

Session Details: Transforming your IT Security Posture

Speaking at: ISL Edinburgh

Session Details: TBC

Speaking at: ISL Bristol

Session Details: TBC

Speaking at: ISL London

Session Details: TBC