At COSAC we are proud for our 25th annual event to put together a panel of international, experienced security speakers.
COSAC's residential format allows unparalleled access to industry experts, long after the day's sessions have finished.
Click on a speaker below to view their profile.
Christian ArndtPartner, PwC (UK)
Partner, PwC (UK)
Christian Arndt is a director at PwC based in London. Christian is an experienced consultant with deep expertise in cyber security, technology, and programme management in a wide range of organisations. He has over 18 years’ consultancy experience working for a broad range of international clients.Specific industry experience includes working for some of the words largest telecoms companies , financial services, and central government.
Dave BarnettHead of Cloud Information Protection, Symantec (UK)
Head of Cloud Information Protection, Symantec (UK)
Responsible for Symantec's CASB and associated information protection portfolio, Dave has been in the industry for over 20 years in a variety of roles, recently Dave was the co-author of PAS555, the first nationally ratified standard for cyber security, he has worked with industry & academia to further knowledge of security. Dave is amazed by the innovation coming from users and his talk will focus on methods to identify cloud apps & work with the business to identify their wider value.
Chris BluntDirector, Consulting Partner, Axenic (New Zealand)
Director, Consulting Partner, Axenic (New Zealand)
Chris is a Consulting Partner at Axenic Ltd, a specialist independent information security and privacy consultancy he co-founded in 2009. He has over 22 years of experience in the ICT industry, specialising in security and privacy for the last 11 years. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables his clients to achieve their business goals and objectives.
He is also a committee member for BSides Wellington.
Kris is a Senior security expert with extensive experience in Technology Consulting in general and Information Security in more depth. Kris joined NVISO in 2017 and prior to that worked at Ascure, which was acquired by PwC in 2011. The last decade he has mainly worked on Enterprise Security Architectures (ESA), PKI and (Web) Application Security. This vast experience allows Kris to act as a seasoned project manager on complex and technical assignments, while keeping a close link with business.
Hugh BoyesPrincipal Engineer, University of Warwick (UK)
Principal Engineer, University of Warwick (UK)
Hugh Boyes is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology (IET) and divides his time between working as a Principal Engineer at the University of Warwick and undertaking cyber security consultancy assignments. Hugh is the leading industry expert on cyber threats in the built environment and supports infrastructure protection. He has written four guidance documents for the IET on cyber security in the built environment, ports and vessels.
Independent consultant with 25+ years in IT whose interest in application security began with the Millennium bug and a first-time speaker at COSAC. Based in Brussels, where he has undertaken major assignments for clients in the public sector, agencies, finance, telecoms and utilities and also lends his support to local cyber-security initiatives. Much of his work in recent years has been in the field of developing tools, processes and models to support security analysis.
Mike is a Senior Software Engineer at Tanium, developing large-scale enterprise security and operations software. He spent two decades in networking and low-level embedded software, including writing code for the fastest-ramping mid-range router at Cisco. After a stint in embedded industrial control systems, he has spent the past 3 years working on a threat response solution that enables real-time monitoring of data at rest for indicators of compromise across an entire enterprise.
Glen Bruce is focused on Security Strategies, Architectures and Policies supporting business and governments in their approach to managing information security risk. He has over 42 years of in-depth experience in information security consulting, systems management and technical positions. He has lead many information security engagements, where he has helped clients establish effective strategies, governance, architectures, policies and infrastructure implementations.
Rob CampbellSecurity Architect, Secure Constitution Ltd (UK)
Security Architect, Secure Constitution Ltd (UK)
A Security Architect with 28 years IT experience, the last 20 in Information Security. I have been formally trained in security consultancy and architecture methodologies.These include Togaf (including Archimate) and of course SABSA. I have 10+ years in the financial/insurance sectors and another 10+ years experience in the Government sector. In that time I have developed security strategy,performed risk assessment and compliance roles as well as designed, developed and implemented solutions.
Mr. Ceraolo has been an information security professional for over 25 years in industries ranging from publishing, software, automotive, mobile technology and now healthcare analytics. He has frequently spoken at COSAC and other US-based security conferences. He holds his CISM, CISSP, and CISA as well as his Masters in Information Assurance from Norwich University.
Brian Contos is the CISO & VP Technology Innovation at Verodin. Brian has over 20 years experience in the security industry. He is a seasoned executive, board advisor, security company entrepreneur & author. After getting his start in security with the Defense Information Systems Agency (DISA) and Bell Labs, Brian began the process of building startups, taking multiple companies through successful IPOs & acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks.
Joshua is one of the world's leading security awareness experts and a world-renowned cyber security speaker. He is the developer of the Human Security Assurance Maturity Model (HumanSAMM) and Chief Hacker at PeopleSec. He is also an expert social engineer who has talked his way into bank vaults, fortune 500 data centers, corporate offices and restricted areas of casinos. His experiences highlighted a significant need for a better "human solution" leading to a passion in social engineering.
Andreas is an Enterprise Security Architect in Deloitte’s Cyber Risk Advisory Services line with over 25 years of experience in IT and security consulting. He has worked on defining the security architectures and models for various global organisations across various industries and global locations.
In addition to his work at Deloitte Andreas is a long standing member of the ISACA Melbourne Chapter board where he held various positions as director and president.
Mary is an IT Security Architect for TEK systems. She has worked on projects in advanced cyber defense for RSA & Program Manager for Vendor Solutions/Integrations for Google headquarters in Mountain View, CA. Mary is the former CTO for Pro-Tec Design where clients included DHS, MSP, Best Buy, City of Minneapolis, FBI and departments at all levels of government. She also provided consulting services for Attorney General Settlement Agreement and Office of the Comptroller of the Currency.
Hafiz FarooqChief Cyber Security Architect, Saudi Aramaco (Saudi Arabia)
Chief Cyber Security Architect, Saudi Aramaco (Saudi Arabia)
Hafiz Farooq is currently serving as a Senior Cyber Security Architect for Saudi Aramco's Global Security Operations Centre (SOC). With 15 years of research and professional experience in Cyber and Network Security domain, harnessing the first-line-of-defence against huge spectrum of targeted and untargetted cyber attacks from adversaries. His acute academic and professional experience helped him orchestrating the security processes for Saudi Aramco after the well-known Shamoon attack in 2012.
Todd is SVP and Chief Administrative Officer – Information Security and Technology Risk, Northern Trust. He led multiple Fortune 500/large company information security programs for 19 years, was named 2016 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive and authored 3 books on Information Security.
Duncan GreavesPostgraduate Researcher, Coventry University (UK)
Postgraduate Researcher, Coventry University (UK)
Duncan has 25 years experience in software development and information architecture in the UK and Australia. He is currently transforming the practice of Cybersecurity Management and Trust into theory by studying for a PhD at Coventry University.
Rob is a Lockheed Martin Fellow with over 25 years of experience in information systems and security. During his career he has been responsible for conducting and supporting information assurance and cyber security activities for federal, state and commercial organisations in the defense, law enforcement, financial services, utility and healthcare industries. Additionally, he has designed and implemented secure networks to support nuclear emergency response teams and top US banks.
Michael HirschfeldCyber Security Adviser, Envista (Australia)
Cyber Security Adviser, Envista (Australia)
Michael is a Cyber Security Adviser with Envista providing high level assistance on Cyber Related matters. He was formerly the Chief Information Officer and CISO at the Australian Commonwealth Department of Finance and where he had executive responsibility for ICT as well as physical security within that agency. He has previously held senior roles with a number of Australian government agencies including as Assistant Secretary for ICT Planning and Governance at the Australian Department of...
Lynette Hornung is a Senior Enterprise Security Architecture and Privacy Manager with TCG, Inc. She has her SABSA Foundation and SCPR in Risk Assurance and Governance and SCPA in Architectural Design and her CIPP-US. She has over 20 years of experience in information security and privacy. She has worked with a variety of federal agencies providing various enterprise security architecture, computer security and privacy solutions and services working with a variety of stakeholders.
Mahbubul IslamHead of Secure Design, Department for Work and Pensions (UK)
Head of Secure Design, Department for Work and Pensions (UK)
I have 10+ years of experience in numerous aspects of security from GRC to Security Architecture. Currently Head of Secure Design at DWP and have held numerous senior security positions in UK Govt, I hold certifications in SABSA SCF, CISM, CESG Certified Professional & ISO27001. I also have an PGDip in Information Security from Royal Holloway and an MSc in IT Consultancy from London Metropolitan University. I am a Chartered Security Professional and a member of the Security Institute.
Jaco is Cyber Defense domain lead for the Gallia region at Accenture Security based out of the Netherlands. He has been a “security guy” for around 19 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US. He has spent a large part of his career developing security IP and services and co-authoring security publications.
Gordon is a security architect, working as an independent consultant since the beginning of 2018. He has 20+ years experience in IT and security for large financial services organisations in the UK and US, across investment banking, life & pensions and asset management. He has worked as a security architect for the last 9 years, providing guidance to dozens of major business and infrastructure projects and helping to shape enterprise security functions.
Jason KobesPrincipal Cyber Architect, Northrop Grumman (USA)
Principal Cyber Architect, Northrop Grumman (USA)
Jason Kobes works as a Principal Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over 20 years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University.
Karel KosterHead of Information Security, (Netherlands)
Head of Information Security, (Netherlands)
Karel Koster is an information security professional with over 15 years of experience is various roles. He currently holds a position as Head of Information Security within Ingenico ePayments, one of the larger payment service providers on the web.
Prior to Ingenico, Karel as an information security officer was responsible for information security awareness, vulnerability management and technical compliance at Aegon the Netherlands.
Michael KrumbakEnterprise Security Architect, DSV A/S (Denmark)
Enterprise Security Architect, DSV A/S (Denmark)
Michael Krumbak has been working with information security, in various roles, for more than 20 years. The last 10 years with main focus on the management part of security, compliance and risk issues. Michael prefers to work in the space between business executives and technology teams, facilitating communication and mutual understanding among stakeholders. Currently, Michael works in the role of EnterpriseSecurity Architect in a global logistics company.
Rosanna is an Architectural Engineer by training and holds a Masters Degree in Building Physics from Kyoto University in Japan. For the past several years, this certified MIT Master Trainer in Educational Mobile Computing, as well as EU Code Week ambassador, has led hands-on, result-oriented workshops in the areas of computer programming, data visualisation, the Internet of Things, and 3D design and Design Thinking, to promote the uptake of digital skills, particularly among girls and women.
Lisa Lorenzin is the Director, Emerging Technologies, Americas at Zscaler, specializing in zero trust networks, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security.
Esther van Luit is a young and driven security advisor for Deloitte Netherlands. She specializes in security skill gaps, cyber risk quantification and security maturity assessments and has worked for many international clients. She was short listed for woman of the year 2015 for the British Cybersecurity Awards and is actively involved in getting more girls and women into the security industry. She is determined to advance the state of security knowledge management and education in her career.
David Lynas is currently enjoying his thirty-fifth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.
Information Privacy Researcher & PhD Scholar, (Ireland)
I am an accomplished Information Security Risk Manager for the last two decades, with extensive experience at senior management level. I am also a fully qualified executive coach, with a Masters in Business and Leadership. I became aware that industry was becoming hugely focussed on addressing security and privacy through the compliance lens. Seeking to find a more sustainable and effective way to address these risks, I traded my senior management position for the opportunity to undertake a PhD.
Gabor MedveChief Information Security Architect, Telenor Group (Hungary)
Chief Information Security Architect, Telenor Group (Hungary)
Gábor is a communication engineer by education and worked as system administrator during his studies where he has been influenced very early by the information security area. Working with information security since 2000 across different areas but always having the main aspect of how to deliver & maintain secure solutions, with respect to being able to spot & analyse unauthorised access. In recent years he is focusing mainly on security quality assurance in global delivery structures.
Kirsten Meeuwisse is a consultant at Deloitte Netherlands. She graduated from the TU Delft of the study Systems, Engineering, Policy Analysis and Management with her research about the trade-off between security and usability. Next to her work in supporting companies to improve their security, she wants to help children as well by educating them on cyber security & technology. She does that by organising hacklabs and by introducing the Microbit at primary schools.
Kate Mullin is an influential information security practitioner with more than 30 years of experience in various accounting, audit, risk, governance, and information security roles. She has been a CISO at various organizations including publicly traded, private, not-for-profit, and governmental entities. Kate established the role of CISO at Tampa Airport and at Healthplan Services.
Lori MurrayPhD Student, Iowa State University (USA)
PhD Student, Iowa State University (USA)
Lori Murray is a Senior Advanced 3 Information Assurance Systems Engineer, currently enrolled at Iowa State University as a PhD student studying Computer Engineering. She has her Masters of Science degrees in Information Assurance and Business Analytics from Iowa State University, along with her CISSP. Lori has 15 years of experience between Systems Engineering as a Cyber Security SME building security architecture from requirements definition to design.
Ms Nejib has 33+ years of system engineering and program protection experience and 27+ years of technical leadership & DoD acquisition management experience. Currently part of the Advanced Cyber Technology Center (ACTC) as one of its senior engineering consultants & is deployed to the Missile Defense & Protective Systems Division (MDPS) as Cyber Solutions Architect. In this role she supports key programs, serves as stakeholder on MDPS IRADs and provides SSE subject matter expertise.
John O'LearyPresident, O'Leary Management Education (USA)
President, O'Leary Management Education (USA)
John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.
Helvi Salminen has worked in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development.
Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA, CISSP & SABSA & was awarded as CISO of the year in Finland 2014.
Char SampleResearch Fellow, ICF Army Research Labs (USA)
Research Fellow, ICF Army Research Labs (USA)
Dr. Char Sample is research fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.
William SchultzPrincipal Security Architect, Vanderbilt University Medical Centre (USA)
Principal Security Architect, Vanderbilt University Medical Centre (USA)
Bill Schultz is security architect who has worked in the Information Technology field for over 14 years, with s focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. Bill has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.
John SherwoodChief Architect, The SABSA Institute (UK)
Chief Architect, The SABSA Institute (UK)
John Sherwood is the Chief Architect of SABSA, working at The SABSA Institute, leading the development of the SABSA framework by engaging with the global SABSA Community to harness new thinking and innovation in the practice of security architecture. He also leads the collaboration between the institute and The Open Group in this area of work.
Maurice SmitTrustee, The SABSA Institute (Netherlands)
Trustee, The SABSA Institute (Netherlands)
Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals.
Maurice delivers accredited SABSA training in Europe, India and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
I lead Cloud Security proposition nationally and am growing a team of 'hands-on' security architects that can assist our clients with everything from an assessment & definition of cloud security strategy to technical architecture advisory & system integration work. The primary objective of my role is to leverage a vast network of bleeding edge technology start-ups and vendors to help our clients in finding and deploying new, more effective and efficient ways to manage cyber risk.
Andrew S. TownleyFounder & CEO, Archistry (South Africa)
Andrew S. Townley
Founder & CEO, Archistry (South Africa)
Andrew is an international speaker, published author and thought leader on business execution, security, risk and technology who has extensive practical, hands-on experience working in the US, Europe, Middle East, Africa and Brazil. His Enterprise and Security Architecture experience includes leading SABSA adoption organizational change initiatives for Fortune Global 300 customers and is built on not only SABSA certification but personal mentoring by two of SABSA’s principal authors.
Martin De VriesInformation Security Officer, Rabobank (Netherlands)
Martin De Vries
Information Security Officer, Rabobank (Netherlands)
Martin has been working for Rabobank his whole working life. Starting in project management in 1998. Then moved to the international side of the organization in 2005 starting as a Service Manager for Rabobank's direct banking initiatives. And finally as of 2008 he changed to security. First as a Security Officer for the direct banks and later (2012) as a Global Security Officer with a focus on Retail (until 2014) and IT and Software Development. As of October 2016 he has a focus on innovation.
Andy WallChief Security Officer, Office for National Statistics (UK)
Chief Security Officer, Office for National Statistics (UK)
Andy Wall is a cyber, information security & assurance leader with 25+ years’ experience within global & national commercial organisations and UK Govt providing business focused security advice & management. Currently Chief Security Officer at the Office for National Statistics, developing new approaches to secure operations of leading edge big data analytics that support the organisational mission of statistics production on a range of key economic, social & demographic topics.