At COSAC we are proud for our 24th annual event to put together a panel of international, experienced security speakers.
COSAC's residential format allows unparalleled access to industry experts, long after the day's sessions have finished.
Click on a speaker below to view their profile.
Chris BluntDirector, Consulting Partner, Axenic (New Zealand)
Director, Consulting Partner, Axenic (New Zealand)
Chris is a Consulting Partner at Axenic Ltd, a specialist independent information security and privacy consultancy he co-founded in 2009. He has over 22 years of experience in the ICT industry, specialising in security and privacy for the last 11 years. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables his clients to achieve their business goals and objectives.
He is also a committee member for BSides Wellington.
Lex Borger is security consultant at I-to-I and advises large enterprises on the application of security in their environment.
Lex has more than 20 years of experience in information security and system security. He was involved in the development of operating systems, where he learned how to apply security from the inside out. He broadened his view on information security to all aspects of business automation. Lex gathered most of his experience in the United States of America.
Hugh BoyesPrincipal Engineer, University of Warwick (UK)
Principal Engineer, University of Warwick (UK)
Hugh Boyes is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology (IET) and divides his time between working as a Principal Engineer at the University of Warwick and undertaking cyber security consultancy assignments. Hugh is the leading industry expert on cyber threats in the built environment and supports infrastructure protection. He has written four guidance documents for the IET on cyber security in the built environment, ports and vessels.
Glen Bruce is focused on Security Strategies, Architectures and Policies supporting business and governments in their approach to managing information security risk. He has over 42 years of in-depth experience in information security consulting, systems management and technical positions. He has lead many information security engagements, where he has helped clients establish effective strategies, governance, architectures, policies and infrastructure implementations.
Andreas is an Enterprise Security Architect in Deloitte’s Cyber Risk Advisory Services line with over 25 years of experience in IT and security consulting. He has worked on defining the security architectures and models for various global organisations across various industries and global locations.
In addition to his work at Deloitte Andreas is a long standing member of the ISACA Melbourne Chapter board where he held various positions as director and president.
Lawrence DietzGeneral Counsel & Managing Director - Information Security, TAL Global (USA)
General Counsel & Managing Director - Information Security, TAL Global (USA)
Lawrence Dietz, has extensive military and commercial intelligence and security experience. At TAL Global he has managed a variety of technically complex investigations involving intellectual property, sensitive data compromise, potential international illegal shipments, and celebrity reputation issues. As the company’s chief legal officer he is responsible for a variety of legal transactions. Prior to joining TAL Global Dietz served in senior roles at Symantec Corporation.
Todd is SVP and Chief Administrative Officer – Information Security and Technology Risk, Northern Trust. He led multiple Fortune 500/large company information security programs for 19 years, was named 2016 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive and authored 3 books on Information Security.
Rob is a Lockheed Martin Fellow with over 25 years of experience in information systems and security. During his career he has been responsible for conducting and supporting information assurance and cyber security activities for federal, state and commercial organisations in the defense, law enforcement, financial services, utility and healthcare industries. Additionally, he has designed and implemented secure networks to support nuclear emergency response teams and top US banks.
G. Mark HardyPresident, National Security Corporation (USA)
G. Mark Hardy
President, National Security Corporation (USA)
G. Mark Hardy serves as President of National Security Corporation, an information security management consulting firm he founded in 1988. He has been providing cyber security expertise to government, military and commercial clients for over 30 years and is the author of over 100 articles and presentations on security, privacy and leadership. He serves on the US National Science Foundation’s CyberWATCH Advisory Board and is a retired US Navy Captain.
Michael HirschfeldFirst Assistant Secretary, Department of Finance (Australia)
First Assistant Secretary, Department of Finance (Australia)
Michael is acting Chief Information Officer and First Assistant Secretary, IT and Workplace Division in the Australian Commonwealth Department of Finance and has executive responsibility for ICT as well as physical security within that agency.He has previously held senior roles with a number of Australian government agencies including as Assistant Secretary for ICT Planning and Governance at the Australian Department of Foreign Affairs and Trade.
Martin HopkinsPrincipal Consultant, Gotham Digital Science (UK)
Principal Consultant, Gotham Digital Science (UK)
Martin is a Principal Security Consultant and Head of R&D at Gotham Digital Science. He has over 24 years experience in the IT industry notably including development and testing of emulation and virtual machine technology, development of host and network security products, security architecture consultancy and penetration testing. During his career he has worked on a wide range of systems and platforms ranging from small embedded devices to mid-range and mainframe systems.
Lynette Hornung is a Senior Enterprise Security Architecture and Privacy Manager with TCG, Inc. She has her SABSA Foundation and SCPR and SCPA and her CIPP-US. She has over 20 years of experience in information security and privacy. She has worked with a variety of federal agencies providing various enterprise security architecture, computer security and privacy solutions and services working with a variety of stakeholders.
Andrew HutchinsonExecutive Director, Vanderbilt University Medical Center (USA)
Executive Director, Vanderbilt University Medical Center (USA)
Andrew Hutchinson is the Executive Director of the Vanderbilt University Medical Center Information Technology (VUMC IT) Architecture and Portfolio Services groups. In this role, he oversees IT strategy, information security strategy, IT resource management (including service and portfolio strategy), and customer relationship management for VUMC IT Services delivered to Vanderbilt University Medical Center.
Jaco is Cyber Defense domain lead for the Gallia region at Accenture Security based out of the Netherlands. He has been a “security guy” for around 19 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US. He has spent a large part of his career developing security IP and services and co-authoring security publications.
Mark KeatingGlobal Information Security Architect, Deloitte (UK)
Global Information Security Architect, Deloitte (UK)
Mark is currently serving as a Global Information Security Architect for Deloitte, where he is responsible for helping define the global technology strategy and roadmap for over 250,000 people spread across 150 countries. He has been with Deloitte since 2002, and prior to his current position, was the Network & Security Architect for the UK & Switzerland where he was responsible for the design and implementation of most of the UK’s network and security platforms supporting 18,000 staff.
Karel KosterHead of Information Security, Ingenico ePayments (Netherlands)
Head of Information Security, Ingenico ePayments (Netherlands)
Karel Koster is an information security professional with over 15 years of experience is various roles. He currently holds a position as Head of Information Security within Ingenico ePayments, one of the larger payment service providers on the web.
Prior to Ingenico, Karel as an information security officer was responsible for information security awareness, vulnerability management and technical compliance at Aegon the Netherlands.
Lisa Lorenzin is the Director, Emerging Technologies, Americas at Zscaler, specializing in zero trust networks, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security.
Esther van Luit is a young and driven security advisor for Deloitte Netherlands. She specializes in security skill gaps, cyber risk quantification and security maturity assessments and has worked for many international clients. She was short listed for woman of the year 2015 for the British Cybersecurity Awards and is actively involved in getting more girls and women into the security industry. She is determined to advance the state of security knowledge management and education in her career.
David Lynas is currently enjoying his thirty-fifth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.
Information Privacy Researcher & PhD Scholar, (Ireland)
I am an accomplished Information Security Risk Manager for the last two decades, with extensive experience at senior management level. I am also a fully qualified executive coach, with a Masters in Business and Leadership. I became aware that industry was becoming hugely focussed on addressing security and privacy through the compliance lens. Seeking to find a more sustainable and effective way to address these risks, I traded my senior management position for the opportunity to undertake a PhD.
Lori MurrayPhD Student, Iowa State University (USA)
PhD Student, Iowa State University (USA)
Lori Murray is a Senior Advanced 3 Information Assurance Systems Engineer, currently enrolled at Iowa State University as a PhD student studying Computer Engineering. She has her Masters of Science degrees in Information Assurance and Business Analytics from Iowa State University, along with her CISSP. Lori has 15 years of experience between Systems Engineering as a Cyber Security SME building security architecture from requirements definition to design.
Peter NikitserDirector, ALC Cyber Security (Australia)
Director, ALC Cyber Security (Australia)
Peter Nikitser is in his 30th year of IT, most of which has been spent in information security. He is a co-founding member of both AusCERT and SL-CERT. When he is not travelling teaching students or consulting, Peter spends time renovating his acreage, and can tell you all about lantana.
John O'LearyPresident, O'Leary Management Education (USA)
President, O'Leary Management Education (USA)
John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.
Business Solution Architect, SEAM Advisory & Consulting (UK)
Narendra Ramakrishna is an accomplished Enterprise and Solution Architect specializing in delivering solutions in the areas of Cybersecurity, CloudSecurity, and PCI-DSS.
He has worked in a variety of roles across security development design and security architecture since 1999, with more than a decade of that focused on various transformation programs which include process changes, implementation of various industry strength methods and is currently focusing on enterprise security.
Mark RaschChief Counsel, National Security Corporation (USA)
Chief Counsel, National Security Corporation (USA)
Mark Rasch is an internationally recognized cyber attorney and technology risk executive, with a distinguished record establishing and leading world-class data privacy and resiliency, security consulting, incident response and investigations practices for commercial and government organizations. More than 30 years’ in information security, and high-technology litigation and advisory across the critical infrastructure. Highly sought as one of the world’s leading legal (cyber) experts.
Helvi Salminen has worked in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development.
Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA, CISSP & SABSA & was awarded as CISO of the year in Finland 2014.
Char SampleResearch Fellow, ICF Army Research Labs (USA)
Research Fellow, ICF Army Research Labs (USA)
Dr. Char Sample is research fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.
William SchultzPrincipal Security Architect, Vanderbilt University Medical Centre (USA)
Principal Security Architect, Vanderbilt University Medical Centre (USA)
Bill Schultz is security architect who has worked in the Information Technology field for over 14 years, with s focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. Bill has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.
John SherwoodChief Architect, The SABSA Institute (UK)
Chief Architect, The SABSA Institute (UK)
John Sherwood is the Chief Architect of SABSA, working at The SABSA Institute, leading the development of the SABSA framework by engaging with the global SABSA Community to harness new thinking and innovation in the practice of security architecture. He also leads the collaboration between the institute and The Open Group in this area of work.
Maurice SmitTrustee, The SABSA Institute (Netherlands)
Trustee, The SABSA Institute (Netherlands)
Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals.
Maurice delivers accredited SABSA training in Europe, India and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
Ross SpelmanManager Cyber Risk Services, Deloitte (Ireland)
Manager Cyber Risk Services, Deloitte (Ireland)
Role: Manager - Deloitte Advisory - Cyber Risk Services 10 years+ IT Technical and Service Delivery Management 5 years in Information Security specialising in information governance and cloud security
Qualifications: MSc in Cloud Computing MSc in Software Engineering Numerous industry qualifications (CISM, ISO 27001, Prince2, ITIL, CCSK, SSCP etc.)
Marc Verboven is an experienced IT Security Architect with over 30 years of experience. After working for Dow Chemical, IBM and startups in Belgium, always in the area of IT Security, he joined ING Belgium in 2003. Since then he mainly worked on projects in the area of Retail & Commercial Banking Channels, acting both as a security & application architect. Since 2006 Marc is member of the Enterprise Architecture group of ING with continued focus on the area of Risk & Security.