View our 2019 panel of international speakers below.
COSAC's residential format allows unparalleled access to industry experts, long after the day's sessions have finished.
Click on a speaker below to view their profile.
Harley AwCISO, Phoenix HSL (Australia)
Harley Aw
CISO, Phoenix HSL (Australia)
Harley is an Information Security and IT industry veteran based in Sydney Australia with over 20 years in multiple sectors including retail, hospitality tertiary education, sporting and gaming multi-nationals, as well as consulting in the financial, government and resources sectors. He is a certified digital forensic examiner, cybersecurity incident handler, a member of the GIAC Advisory Board and a Founding Member of the SABSA Institute. He is currently the CISO of the Phoenix Group.
Chris BluntChief Strategy Officer, Axenic (New Zealand)
Chris Blunt
Chief Strategy Officer, Axenic (New Zealand)
Chris is the Chief Strategy Officer at Axenic Ltd, a specialist independent information security and privacy consultancy he co-founded in 2009. He has over 26 years of experience in the ICT industry, specialising in security and privacy for the last 14 years. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables his clients to achieve their business goals and objectives.
Steven is a SCP with 10+ years experience in the SABSA methodology. He works as an independent Security Architect and develops a research interest in model-driven approaches to security architecture - a topic on which he has presented at COSAC 2018 and authored a paper for the SABSA Institute.
Mike is a Senior Software Engineer at Tanium, developing large-scale enterprise security and operations software. He spent two decades in networking and low-level embedded software, including writing code for the fastest-ramping mid-range router at Cisco. After a stint in embedded industrial control systems, he has spent the past 3 years working on a threat response solution that enables real-time monitoring of data at rest for indicators of compromise across an entire enterprise.
Glen Bruce is focused on Security Strategies, Architectures and Policies supporting business and governments in their approach to managing information security risk. He has over 42 years of in-depth experience in information security consulting, systems management and technical positions. He has lead many information security engagements, where he has helped clients establish effective strategies, governance, architectures, policies and infrastructure implementations.
Prof Clark is an acknowledged expert in Cryptography, I.S. Security, Systems Engineering, Information Forensics & Cyber Security. He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with 20+ years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases. He is a co-author of the SABSA Blue Book & was the first recipient of the COSAC award.
Bonnie is a Security Analyst and Information Security Manager with two years experience in the application of security to Agile and Scaled Agile projects. She has also worked with Steven in the development and practical application of the model-driven approach.
Mary is an IT Security Architect for TEK systems. She has worked on projects in advanced cyber defense for RSA & Program Manager for Vendor Solutions/Integrations for Google headquarters in Mountain View, CA. Mary is the former CTO for Pro-Tec Design where clients included DHS, MSP, Best Buy, City of Minneapolis, FBI and departments at all levels of government. She also provided consulting services for Attorney General Settlement Agreement and Office of the Comptroller of the Currency.
Todd has led information Fortune 500/large security programs for 20 years. He was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books- CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), Information Security Governance Simplified: From the Boardroom to the Keyboard, ground-breaking CISO Leadership: Essential Principles for Success, E-C Council Certified Chief Information Security Officer BoK.
Louise comes from a strong business background having spent many years in different retail sectors. After completing a Masters in Information Systems Management, Louise moved into an IT Support Analyst role, providing assistance to multiple end users across two company divestitures. In 2017, Louise moved into a Cyber Security role working in a 24x7 SOC environment responsible for incident prevention, detection, analysis, eradication and recovery across corporate IT systems.
Tomer HadadTechnical Lead & Researcher, EY Cyber Security Center (Israel)
Tomer Hadad
Technical Lead & Researcher, EY Cyber Security Center (Israel)
Working in EY advanced cyber security center in Israel for the past 3+ years. My role as the SME of application security, includes performing vulnerability research, pen testing and developing attack & penetration strategies for Web applications, Thick-Client/Native applications, Mobile applications, Multi-platforms products, including custom-made physical products, Health care systems, RFID systems. I have trained and developed consultants, written training courses & developed tools.
Rik van HeesSecurity Officer, Alliander (Netherlands)
Rik van Hees
Security Officer, Alliander (Netherlands)
Rik has been working in an ICS / SCADA environment for 10 years as an engineer, security architect and currently as a security officer for grid operator Alliander. He has strong knowledge in designing and securing ICS systems, segmenting OT environments and risk management challenges of a grid operator. He holds a BSc of Electrical Engineering with a specialization in electronics and ‘learned on the job’ security experience. In his spare time he likes to play guitar & hike with his dogs.
Michael HirschfeldExecutive Consultant, Envista (Australia)
Michael Hirschfeld
Executive Consultant, Envista (Australia)
Michael is a Cyber Security Adviser with Envista providing high level assistance on Cyber Related matters. He was formerly the CIO and CISO at the Australian Department of Finance where he had executive responsibility for ICT as well as physical security within that agency. He has previously held senior roles with government agencies including Department of Foreign Affairs.
Group. He has over 25 years experience in technology, primarily in security related fields. In between delivering consultancy he leads security research and solutions innovation with a current focus on security architecture and advisory. He is a strong advocate of business driven security, security architecture and secure software development practices.
Dave Hornford leads vanguard architecture thinking and execution for Conexiam's clients in the digital era. Making the good great and the best even better. Dave is on a mission to improve the profession. He has decades of real-world experience. This experience is shared in real-world case studies, practical EA training and publication of field-tested best practices. Dave has co-authored thought leadership in 'Seven-Levers to Digital Transformation' & pragmatic guidance embedded in TOGAF.
Lynette Hornung is a Senior Enterprise Security Architecture and Privacy Manager with TCG, Inc. She has her SABSA Foundation and SCPR in Risk Assurance and Governance and SCPA in Architectural Design and her CIPP-US. She has over 20 years of experience in information security and privacy. She has worked with a variety of federal agencies providing various enterprise security architecture, computer security and privacy solutions and services working with a variety of stakeholders.
Dan HouserSenior InfoSec Manager, The American Chemical Society (USA)
Dan Houser
Senior InfoSec Manager, The American Chemical Society (USA)
Dan Houser is a practitioner who brings 30 years of experience to his presentations from knowledge learned in the trenches, and is a published author and frequent speaker at international conferences. Mr. Houser has set strategy, lead strategic projects and established EA/Security Architecture practices at several Fortune 500/Global 500 firms, including banking, insurance, finance, healthcare, retail and higher education. He is formerly head of cryptographic practice for a top-20 insurer.
Marc HullegieCEO, Vest Information Security (Netherlands)
Marc Hullegie
CEO, Vest Information Security (Netherlands)
Marc is founder and CEO of Vest Information Security (est. 2002). Holds BSc for both electrical engineering (Datacom) and Higher Management along with a handful of security certificates. Marc is known as a ‘people’-man, building bridges in complex, political situations. Applied his skills in a variety of roles: CISO, Security Architect, Risk Analyst, Subject Matter Expert, Teacher, Coach, Presenter. Social Media followers think he’s an outdoor chef, radio station owner, music producer or biker.
Jaco is Cyber Defense domain lead for the Gallia region at Accenture Security based out of the Netherlands. He has been a “security guy” for around 19 years during which time he has provided security services to a number of companies in Africa, Europe, the Middle East and the US. He has spent a large part of his career developing security IP and services and co-authoring security publications.
Gordon is a security architect, working as an independent consultant since the beginning of 2018. He has 20+ years experience in IT and security for large financial services organisations in the UK and US, across investment banking, life & pensions and asset management. He has worked as a security architect for the last 9 years, providing guidance to dozens of major business and infrastructure projects and helping to shape enterprise security functions.
Siân John MBEChief Security Advisor, Microsoft (UK)
Siân John MBE
Chief Security Advisor, Microsoft (UK)
Siân John MBE is Chief Security Advisor for E MEA in the Cybersecurity Solutions Group at Microsoft. Siân leads the EMEA security advisors who work with Microsoft’s customers to help them to develop their cyber security strategy, security best practices and to understand how Microsoft’s technology and services can help support digital transformation and cloud services. Sian was awarded an MBE in the Queens New Years Honours List for 2018 for services to Cybersecurity.
Diana Kelley is the Cybersecurity Field Chief Technology Officer for Microsoft where she provides guidance to C-level executives at large, global companies. She is a Faculty Member with IANS Research, an Industry Mentor at the CyberSecurity Factory and a Guest Lecturer at Boston College’s Master of Science in Cybersecurity program. Previously, she was the Global Executive Security Advisor at IBM Security and a GM at Symantec.
Zahra is the founder and CEO of Firmalyzer SPRL, a Belgian company specialized in providing security solutions for IoT/connected devices. Their key product is the first automated firmware security analysis platform for IoT device vendors, security labs and enterprise device users. They also provide IoT security and privacy consultancy services for companies in terms of audit and compliance check with regulations, standards and leading practices.
Lesley KiplingChief Security Advisor, Microsoft (UK)
Lesley Kipling
Chief Security Advisor, Microsoft (UK)
Previously lead investigator for Microsoft’s detection and response team (DaRT), Lesley has spent 16+ years responding to Microsoft customers’ largest and most impactful cybersecurity incidents. As Chief Security Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.
Miroslav KisDirector - Strategic Initiatives, Toronto Stock Exchange (Canada)
Miroslav Kis
Director - Strategic Initiatives, Toronto Stock Exchange (Canada)
Dr Kis provides strategic guidance related to cybersecurity characteristics and readiness for experimental and operational use of FinTech innovative technologies including blockchain, crypto-currencies, cognitive and quantum computing, machine learning, big data, and cloud technologies. He has been providing consulting services to major Canadian, US, and UK financial institutions. Author and coauthor of more than thirty papers and presentations at national and international conferences.
Jason KobesPrincipal Cyber Architect, Northrop Grumman (USA)
Jason Kobes
Principal Cyber Architect, Northrop Grumman (USA)
Jason Kobes works as a Principal Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over 20 years of experience concentrated in information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and business consulting. Jason has a Master's of Science in Information Assurance (MSIA) and a Bachelor's of Science in Computer Science from Iowa State University.
Shelby is currently leading Cognizant and Verizon Wireless in the development of a IoT design security process. Shelby has been working with a client, developing and designing how their internal departments align with the security mission of the business. Shelby has used the SABSA and ITIL frameworks to develop guidelines and matrix to help align current security services with the strategic mission of the organization.
Karel KosterHead of Information Security, TNT (Netherlands)
Karel Koster
Head of Information Security, TNT (Netherlands)
Karel Koster is an information security professional with over 15 years of experience is various roles. He currently manages an international team of security analysts for FedEx - TNT express
Prior to FedEx Karel fulfilled positions as Head of information security, information security officer, security architect and operational risk manager within financial services companies.
Rosanna is an Architectural Engineer by training and holds a Masters Degree in Building Physics from Kyoto University in Japan. For the past several years, this certified MIT Master Trainer in Educational Mobile Computing, as well as EU Code Week ambassador, has led hands-on, result-oriented workshops in the areas of computer programming, data visualisation, the Internet of Things, and 3D design and Design Thinking, to promote the uptake of digital skills, particularly among girls and women.
Lisa Lorenzin is the Director, Emerging Technologies, Americas at Zscaler, specializing in zero trust networks, and co-chair of Trusted Network Connect, a work group of the Trusted Computing Group that defines an open architecture and standards for endpoint integrity and network security. She has worked in a variety of Internet-related roles since 1994, with more than a decade of that focused on network and information security, and is currently concentrating on enterprise security.
David Lynas is currently enjoying his thirty-fifth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.
I am an accomplished Information Security Risk Manager for the last two decades, with extensive experience at senior management level. I am also a fully qualified executive coach, with a Masters in Business and Leadership. I became aware that industry was becoming hugely focussed on addressing security and privacy through the compliance lens. Seeking to find a more sustainable and effective way to address these risks, I traded my senior management position for the opportunity to undertake a PhD.
Mark McKenzieDirector - Information Security, Dept. of Agriculture & Water Resources
Mark McKenzie
Director - Information Security, Dept. of Agriculture & Water Resources
Mark leads the Information Security program at the Australian Dept of Agriculture, where he has overall responsibility for risk management, security architecture and incident detection and management. He has held similar roles in other Australian Govt agencies, including Dept of Finance and Dept of Human Services, and prides himself on building security programs that are focussed on managing organisational risk in ways that provide good security outcomes as well as good business outcomes.
Lori MurrayPhD Student, Iowa State University (USA)
Lori Murray
PhD Student, Iowa State University (USA)
Lori Murray is a Senior Advanced 3 Information Assurance Systems Engineer, currently enrolled at Iowa State University as a PhD student studying Computer Engineering. She has her Masters of Science degrees in Information Assurance and Business Analytics from Iowa State University, along with her CISSP. Lori has 15 years of experience between Systems Engineering as a Cyber Security SME building security architecture from requirements definition to design.
John O'LearyPresident, O'Leary Management Education (USA)
John O'Leary
President, O'Leary Management Education (USA)
John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. John was the recipient of the 2004 COSAC award.
Alex ParkinsonSenior Security Architect, Thales (Australia)
Alex Parkinson
Senior Security Architect, Thales (Australia)
Alex is a Senior Security Architect with in Thales Australia Cyber Security team with 20+ years' experience in Information & Communication Technology in the defence (national security), critical infrastructure and financial services sectors. Alex's role is to provide specialist security advice, design decisions and engineering review to enable projects and Thales' customers to devise, develop, acquire and maintain reliable, secure, accreditable and economically viable technology solutions.
Matthew PembleTechnical Director, Goucher Consulting (UK)
Matthew Pemble
Technical Director, Goucher Consulting (UK)
Matthew has been Technical Director of Goucher Consulting Ltd since its founding, having previously worked for the UK Government (as a regular and reservist military officer & as a civilian consultant), an international banking group and several testing and security consultancies. Goucher provide specialist security advice to a range of private and public sector clients. Perhaps best known for his contributions to security testing, incident management & counter-fraud strategies.
Mark RaschChief Counsel, National Security Corporation (USA)
Mark Rasch
Chief Counsel, National Security Corporation (USA)
Mark Rasch is an internationally recognized cyber attorney and technology risk executive, with a distinguished record establishing and leading world-class data privacy and resiliency, security consulting, incident response and investigations practices for commercial and government organizations. More than 30 years’ in information security, and high-technology litigation and advisory across the critical infrastructure. Highly sought as one of the world’s leading legal (cyber) experts.
Helvi Salminen has worked in information security since June 1990, first as security analyst and since April 2000 as information security manager. Before starting information security tasks she has 12 years experience in systems development.
Helvi is founder member of Finnish Information Security Association which celebrated its 10th anniversary in 2007. Helvi is qualified CISA, CISSP & SABSA & was awarded as CISO of the year in Finland 2014.
Char SampleResearch Fellow, ICF Army Research Labs (USA)
Char Sample
Research Fellow, ICF Army Research Labs (USA)
Dr. Char Sample is research fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and with the University of Warwick, UK. Dr. Sample has over 20 years experience in the information security industry. Most recently Dr. Sample has been advancing the research into the role of national culture in cyber security events. Presently Dr. Sample is continuing research on modeling cyber behaviors by culture, other areas of research are information weaponization and complexity.
Esther van Luit is a young and driven security advisor for Deloitte Netherlands. She specializes in security skill gaps, cyber risk quantification and security maturity assessments and has worked for many international clients. She was short listed for woman of the year 2015 for the British Cybersecurity Awards and is actively involved in getting more girls and women into the security industry. She is determined to advance the state of security knowledge management and education in her career.
William SchultzAssociate Director, Vanderbilt University Medical Centre (USA)
William Schultz
Associate Director, Vanderbilt University Medical Centre (USA)
Bill Schultz is a security architect who has worked in the Information Technology field for over 14 years, with s focus on Enterprise Architecture, Security Architecture, Risk Management & Compliance. Bill has built security programs, risk management programs, and developed strategic architectures and technical system architectures. Bill has led risk management & security architecture initiatives to build secure systems that comply with Federal, Healthcare, or PCI Standards.
Malcolm ShoreChief Security Architect, David Lynas Consulting (New Zealand)
Malcolm Shore
Chief Security Architect, David Lynas Consulting (New Zealand)
Dr Shore completed a BSc in Computer Science at the University of London before emigrating to New Zealand where he held positions with RNZAF & Government Communications Security Bureau before completing his PhD at Otago University.
He has held Head of Security positions in both Telecom New Zealand, and in NBN Co, where he was responsible for satisfying compliance with the Australian Protective Security Policy Framework.
Malcolm was also the Technical Director for BAE Systems Australia.
Bobby SinghCISO & Global Head of Infrastructure, Toronto Stock Exchange (Canada)
Bobby Singh
CISO & Global Head of Infrastructure, Toronto Stock Exchange (Canada)
Bobby Singh is responsible for delivering secure & highly available technology services across TMX. A member of the executive leadership team, Bobby is defining TMX's cyber security and technology vision & strategy, to advance the organizational agenda. Responsible for corporate information and IT systems & services, as well as all aspects of security and GRC, he has broad expertise in developing and implementing security programs for public & private sector.
Ajay Pratap Singh has 5+ years of experience in security & research. He is working as a Product security engineer in Philips healthcare where his responsibility is to make Philips medical devices hack proof. His interest lies in breaking the secured medical devices & infrastructure. Speaker at c0c0n & Nullcon international conference.
Maurice SmitPrincipal Security Architect, David Lynas Consulting (Netherlands)
Maurice Smit
Principal Security Architect, David Lynas Consulting (Netherlands)
Maurice is a Principal Security Consultant and SABSA Instructor at David Lynas Consulting, with over 15 years of experience in IT Security operations, management, governance and architecture, in a variety of industries including finance, healthcare and pharmaceuticals. Maurice delivers accredited SABSA training in Europe, India, Africa and the Middle East and is a founding member of the SABSA Institute Board of Trustees.
Anton TkachovChief Security Architect, FinServ, PwC (UK)
Anton Tkachov
Chief Security Architect, FinServ, PwC (UK)
I lead Cloud Security proposition nationally and am growing a team of 'hands-on' security architects that can assist our clients with everything from an assessment & definition of cloud security strategy to technical architecture advisory & system integration work. The primary objective of my role is to leverage a vast network of bleeding edge technology start-ups and vendors to help our clients in finding and deploying new, more effective and efficient ways to manage cyber risk.
Andrew S. TownleyFounder & CEO, Archistry (South Africa)
Andrew S. Townley
Founder & CEO, Archistry (South Africa)
Andrew is an international speaker, published author and thought leader on business execution, security, risk and technology who has extensive practical, hands-on experience working in the US, Europe, Middle East, Africa and Brazil. His Enterprise and Security Architecture experience includes leading SABSA adoption organizational change initiatives for Fortune Global 300 customers and is built on not only SABSA certification but personal mentoring by two of SABSA’s principal authors.
Martin De VriesInformation Security Officer, Rabobank (Netherlands)
Martin De Vries
Information Security Officer, Rabobank (Netherlands)
Martin is an experienced Information Security Professional with a background in Project Management and Service Management. Recent years his focus is on innovation, both security innovation as secure innovation. In this role he scouts for security innovations, trends and technologies, and provides security advice to startups and scale-ups helping them to properly address their cyber security risks.
Patrick WheelerMentor / Director, CyberWayFinder (Belgium)
Patrick Wheeler
Mentor / Director, CyberWayFinder (Belgium)
Patrick Wheeler is an enterprise security architecture lead where he is leading the effort to secure the Kubernetting of Europe’s financial ecosystem merging design thinking and ESA for one of Europe’s largest banking groups (8-12% of Europe’s GDP). He considers this the least most important activity and acts in support of Rosanna’s efforts ushering in new cyber resources. A native of California, via years in Silicon Valley, he now identifies as Belgian.