Speakers

Rodney is an accomplished information security professional with more than two decades of experience across diverse industries including large corporate, telecommunications, energy, healthcare, and major financial sectors. Currently, he is dedicated to giving back to society, as the Head of Information Security & Compliance (aka CISO) at Barnardos Australia. There, he exercises thought leadership by crafting practical, risk-appropriate security visions and roadmaps through a commitment to continual improvement.

Øystein Balstad is the CISO at Defendable, a top 3 MSSP in Norway. Here he bridges the gap between security governance, -management and operational IT. Since 2019, he has focused on information security management, cybersecurity frameworks, and tactical advisory, rooted in a Master’s degree in Managed Digitization from the University of Oslo and his status as ISO27001 Lead Implementer. Alongside his commitment to the SABSA methodology, Øystein operates on the core philosophy that security has no intrinsic value on its own – it is an essential attribute of the system and the businesses it enables.

An INT-J by nature, he is a deeply analytical thinker who thrives on challenging established truths and going deeper than most to uncover the reality behind the surface. While he prefers the quiet of a deep-dive investigation, he is a compelling speaker when presenting complex subjects where knowledge and wisdom meet.

Chris is a SABSA Master with over twenty years of experience demonstrating that security can be a catalyst for growth, not an obstacle. He has advised boards, influenced national cybersecurity policy, and established security functions for governments and global organisations. Known for his knack for turning complexity into clarity, Chris translates complex cybersecurity risk into clear, actionable strategies that give leaders the confidence to act and build lasting resilience.

Hugh is a security adviser and part-time academic. He recently completed his part-time PhD at the University of Warwick, which focussed on the development of a security framework for digital twins. His research interests relate to the security of cyber-physical systems, industrial IoT, digital twins, particularly those relating to the built environment and national infrastructure. Hugh is a Chartered Engineer, Chartered Cyber Security Professional. As a security adviser, he wrote several standards for BSI and is a regular standards reviewer and contributor. Hugh provides security advice across a range of information intensive public sector initiatives, particularly those involving infrastructure and complex spatial data.

Steven is a Belgium-based independent security consultant at Cyber Enterprise Modelling (CEM) and has been a regular presenter at COSAC since 2018 on the topic of security by design through automation and modelling.

He is the principal author of the SABSA Institute / Open Group paper “Modelling SABSA with ArchiMate” and chairs the associated SABSA Working Group.

He holds several security, architecture and privacy certifications including both SABSA Chartered Practitioner certifications and a contributor to the forthcoming ArchiMate Next.

I am an accomplished senior leader with extensive experience in cybersecurity, risk, technology, data privacy and governance within complex global and national enterprises (private, charity, government-aligned and Critical National Infrastructure), and across diverse internal functions and global business models.

I have built a reputation for safeguarding businesses from cyber threats, leading transformation programs and providing expert guidance to senior stakeholders. I have shaped Security strategic direction, influenced business strategy and managed large security teams with capabilities spanning operational delivery, risk management and strategic leadership. These include but are not limited to integrating security programmes on cross-organisational, critical multi-million Pound programmes, ensuring that protective measures remain proportionate, forward-looking and aligned with national and organisational strategy.

With a strong partnering mindset, I work with enterprise leaders and regulators to effectively balance the pursuit of strategic goals with the management of enterprise risk.

With my diverse background, my strengths lie in building high-performing teams, providing clear direction in complex problem-solving, and uniting stakeholders to achieve meaningful outcomes for customers, partners and business.

My leadership has resulted in the successful creation and execution of information security strategies to achieve best practice in security and risk management.

In his 50+ years of in-depth experience in IT and security consulting, systems management and technical implementations, Glen Bruce has focused on Security Frameworks, Strategies, Architectures, PKI and Governance supporting business and governments in their approach to managing information and cybersecurity risk.  He has led many information/cyber security engagements, where he has helped clients establish effective strategies, governance, architectures, frameworks, policies, PKIs and infrastructure implementations in support of a wide range of business and technical requirements. Glen is the leader of the TSI SENC workgroup project.

Robert Campbell is a Security Architect at PA Consulting with over 28 years of experience in security. He is responsible for the development of PA’s security architecture framework, focusing on business driven architecture method which aligns to PA’s values and purpose.

Robert is the founder of assuredcontrol.com, a platform where he shares architectural resources and pragmatic guidance for fellow practitioners. A published author, he contributed the Security Architecture chapter to Mike Brass’s book, Governance, Risk and Compliance: Demystifying the Risk and Data Privacy Landscape.

Beyond his architectural work, Robert is a dedicated mentor and educator, committed to teaching the next generation of security professionals how to bridge the gap between complex risk landscapes and effective enterprise governance.

Jonathan is a Senior Security Architect in the PwC Cyber Security practice with diverse experience across both public and private sectors helping organisations tackle some of their most complex security challenges. He also leads PwC’s Security Architecture Centre of Excellence.

Jonathan has more than 17 years of experience that covers a broad range of areas including, strategy, architecture, policy and procedures and training, with particular focus of security architecture and security operations.

As Enterprise Cloud Security Architect at Admiral Insurance, I spend my time shaping the vision and strategy for cloud security, which is a polished way of saying I help keep modern technology ambitions from turning into modern security problems. With more than a decade of experience in cloud computing and security, I’ve worked across fintech organisations ranging from scrappy startups to FTSE 100 giants. Along the way, I’ve shared my thoughts with the wider industry through speaking engagements and hosted events, usually on the subject of building security in properly rather than bolting it on later and hoping for the best.

Prof Clark is an acknowledged expert in Cryptology, Systems Engineering, Information Forensics and Cyber Security.  He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with more than twenty years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases.  He is a co-author of the SABSA Blue Book and was the first recipient of the COSAC award.

Simon Cross is an Enterprise Security Architect specialising in cybersecurity, cloud and enterprise security architecture. Across leadership, consulting and pre-sales roles,
he has built a reputation for helping organisations tackle complex security challenges with clarity, pragmatism and strong business alignment. Simon is a contributing editor to
The Open Group Zero Trust Reference Architecture, runs the UK chapter of SABSA World, and is a regular conference speaker on Zero Trust, cloud security, DNS and modern security architecture.

Joshua Crumbaugh is a world-renowned ethical hacker, social engineering expert, and the CEO of PhishFirewall. During his career as a penetration tester, he famously never met a network he couldn’t breach or a secure facility—including bank vaults and Fortune 500 data centers—he couldn’t talk his way into. Realizing human psychology is the ultimate exploit, Joshua shifted to defense, pioneering the concept of “Social Engineering for Good.” He is the driving force behind PhishEQ, the industry’s first LLM designed to defeat AI-driven phishing by detecting emotional manipulation. Joshua speaks globally, teaching organizations how to build unbreakable, hero-centric human firewalls.

Martin is an experienced Information Security Professional with a background in Project Management, Service Management and Innovation. He joined VDL Groep as their Chief Information Security Officer in September 2025. In this role he helps VDL Groep realising secure, state of the art and innovative digital facilities to meet the company’s strategy. As digitization comes with risks, he ensures that these are assessed and dealt with in the context of the company’s full risk profile.
CISSP certified

Valerio is a security and technology leader with over a decade of experience working across telecoms and financial services, mostly in large, regulated environments where resilience and security are critical.

Valerio’s background is in telecommunications engineering, and early in his career he worked in fairly hands-on network and security roles. Over time he becomes more interested in the architectural and strategic side of security; how organisations make security decisions, how risk is managed, and how security can actually support business outcomes rather than just act as a control function.

Currently Valerio is the security architecture senior manager currently the Security Architecture Senior Manager within Group IT Security and Resilience where he leads a team of security architects covering areas like cloud, infrastructure, applications, identity, and data security. A big part of his role is making sure security architecture is aligned with business priorities and risk appetite.

Senior Attorney and former U.S. Army Colonel with more than 25 years of distinguished leadership across military, legal, academic, security, and commercial domains. Globally recognized authority in data privacy, cybersecurity law, cyber warfare, intelligence operations, international humanitarian law, and information operations. Trusted advisor to General Counsel and executive leadership on complex multinational contract negotiations, regulatory risk, and strategic governance in high-risk environments. Accomplished graduate-level educator and thought leader known for translating complex legal, operational, and policy challenges into decisive, mission-aligned outcomes.

He is on the adjunct faculty of American Military University where he teaches national security subjects, the Institute for World Politics where he teaches intelligence and policy and the Monterey College of Law where he teaches Negotiation Skills for Law Students.

He is a volunteer with the American Red Cross serving as a Public Affairs Manager and Expert International Humanitarian Law Instructor.

His degrees include JD, Suffolk University Law School; Master of Strategic Studies, US Army War College; LLM in European Law, University of Leicester, UK; MBA (With Distinction), Babson College and BS in BA, Northeastern University. He is a member of the Bars of the US Supreme Court, State of California and District of Columbia.

Dr. Liz Dietz, EdD, MSN, BSN, FAAN is a highly qualified leader in community and public health with over five decades of service at local, national, and international levels. A Lieutenant Junior Grade in the United States Public Health Service during the Vietnam era, she served as the Evening Charge Nurse of a 65-bed surgical unit at Brighton Marine Hospital, demonstrating early her capacity for leadership, crisis response, and ethical decision-making in complex environments.

Over the course of 56 years in Community and Public Health, Dr. Liz has combined academic, clinical, and humanitarian expertise. She is Professor Emerita at San José State University, where she taught Community and Public Health Nursing across undergraduate and graduate programs and served as administrator of the Family Nurse Practitioner Program.

A dedicated volunteer with the American Red Cross for 46 years, Dr. Liz has served in numerous leadership roles, including Pacific Division Advisor for Disaster Disability Integration. Her field experience spans critical global and national events—serving in Guam during Super Typhoon Paka, leading Disaster Health Services at the Pentagon following 9/11, and collaborating with the National Transportation Safety Board (NTSB) during two aviation disasters. She continues to support service members and their families as a Service to the Armed Forces Partner and Manager of the Red Cross team at the Northern California Military Entrance Processing Station.

An Expert International Humanitarian Law Instructor, Dr. Liz brings to her work a deep understanding of the principles that guide international legal frameworks in times of crisis and conflict. Her advanced education includes a Doctor of Education (EdD) from the University of San Francisco, a Master of Science in Nursing (MSN) in Community Health/Adult and Pediatric Nurse Practitioner from Boston University, and a Bachelor of Science in Nursing (BSN) from Cornell University–New York Hospital School of Nursing.

With her lifelong dedication to health equity, humanitarian service, and global ethics, Dr. Liz exemplifies the professional and moral insight essential to serve as an Observer for International Law.

Gavin is a senior security and technology leader with broad experience in architecture, risk management, and enterprise transformation. He is recognised for his talent in turning complex technical challenges into actionable business strategies, enabling organisations to develop stronger, more effective operating models.

Isaac is an enterprise security architecture, data management, and technology consultant with over 20 years of experience across the MENA region and global markets. He has worked across BFSI, government, defence and intelligence, aviation, energy, and a wide range of industry sectors, helping organisations align cybersecurity, data management, governance, privacy, and emerging technologies such as AI with business objectives. His focus is on enabling organisations to achieve their mission securely, efficiently, and with resilience in an increasingly complex digital landscape.

He is the founder of an independent consultancy, Eternal Nexus LLC, focused on enterprise security architecture, cybersecurity, data, and technology.

His work spans SABSA-aligned security architecture, TOGAF-aligned enterprise architecture, and a range of domain-specific international standards and frameworks. He holds a PhD in Computer Science and multiple advanced certifications across enterprise security architecture, cybersecurity, data governance, and privacy, including SABSA SCF, DAMA CDMP MASTER, IAPP FIP, and ISACA CISA/AAIA/CISM/AAISM/CRISC/AAIR credentials.

He is particularly interested in how complex modern environments challenge traditional conceptualisations of risk, governance, and architecture, and how systems thinking and evidence-driven approaches can improve risk prioritisation and architectural decision-making.

Todd Fitzgerald promotes CISO/CPO leadership via advising CISOs, advisory board participation, podcasts, and international speaking engagements. Todd authored 5 books, including #1 Best-selling (2019-2024) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers and #1 New Release (2024) The Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs with Dr. Valerie Lyons. Todd founded the successful CISO STORIES leadership podcast and hosted the first 190 episodes. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include CyberRisk Collaborative, Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines. Todd earned MBA with highest honors from Oklahoma State University, Business Administration from UW-Lacrosse, and earned certifications of CISSP, CISA, CISM, CIPP/US, CIPP/E, CIPP/C, CGEIT, CRISC, PMP, ITILv3, HI TRUST, and ISO27000. Todd also serves as an adjunct professor teaching Cybersecurity Leadership and IT Risk Management courses for Northwestern University.

Ben Hanson is global Field CTO and Director of Field Engineering at Zenity, a leading research and technology voice in agentic AI security. Operating at the cutting edge of agentic AI, he works with CISOs and security teams at the world’s most sophisticated organisations, helping them transition from static security controls and guardrails to the fundamentally different challenge of governing intent and agency. Ben is a leading voice on applying systems thinking to cybersecurity and AI, a member of Edinburgh University’s respected Game Theory and Systems Thinking Lab, and an influential keynote speaker with talks at Cambridge University, Oxford University, ISACA, SANS, Cloud Security Alliance, and UK Cyber Security Council. Previously he was Senior Security Strategist & Advisor at Microsoft, and led the Cyber practice for a top US management consultancy.

G. Mark Hardy serves as President of National Security Corporation and co-host of the award-winning CISO Tradecraft podcast.  He has been providing cyber security expertise to government, military, and commercial clients for over 40 years, and is the author of over one hundred articles and presentations on security, privacy, and leadership.   A graduate of Northwestern University and Loyola University, he holds a BS in Computer Science, a BA in Mathematics, a Master’s in Business Administration, a Master’s in Strategic Studies, and is designated as a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

Dr Gordon Jenkins heads up the security architecture team at Admiral Insurance in the UK. He has 30+ years’ experience in IT and security for large financial services organisations in the UK and US, across investment banking, life & pensions, asset management, and general insurance. He has worked as a security architect for the last 17 years, providing guidance to dozens of major business and infrastructure projects and helping to shape enterprise security functions.

Nthusi Kaisara is a cybersecurity governance, risk, and compliance professional with over 24 years of experience spanning IT consulting, project management, digital transformation, and cybersecurity. For the past 15 years she has specialized in enterprise cybersecurity, focusing on security governance, risk management, and security architecture oversight, where she has led and supported initiatives to strengthen organizational security posture and architectural governance.

Nthusi holds a Master’s degree in Systems Security and Assurance and is a certified SABSA Security Architect (Foundation Certificate Holder – FCF). She has also recently completed the SABSA Security Architecture Practitioner program.

Her work focuses on bridging cybersecurity governance and enterprise security architecture in complex environments where legacy infrastructure and evolving technology ecosystems present significant architectural challenges.

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 24 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

Onur Korucu currently serves as Managing Partner, Non-Executive Director, and Advisory Board Member across corporate and academic institutions in EMEA and the US, where she shapes strategies in data protection, cybersecurity, and AI governance. She is also a shareholder in companies specializing in data protection, cybersecurity, and AI automation.

Onur was honored by Business Post as one of the “Top 100 Most Powerful People in Tech in Ireland.” Recognized for her groundbreaking contributions, she was awarded the IAPP Privacy Vanguard Award, a highly esteemed honour given to only one individual per continent. She is also a globally recognized TEDx speaker and was named Cybersecurity Leader of the Year at the 2025 The Women in Tech Global Awards.

Onur brings a unique multidisciplinary expertise to her work: she is both a qualified engineer and a lawyer with an LL.M. in Information and Technology Law, and she further enhanced her leadership profile with an Executive Master’s in Business Analytics from the University of Cambridge.

As an author and thought leader, she has contributed a book on risk-based global approaches to enhancing data protection and published articles in prestigious outlets such as the Harvard Business Review, covering trends in technology, cybersecurity, data protection, and AI innovation.

Onur is a Women in Tech Global Ambassador and the International Association of Privacy Professionals (IAPP) Advisory Board Member and she has successfully held security and privacy leadership roles in multiple geographies as Dublin and Istanbul Knowledgenet Chapter Chair.

Her achievements have been further recognized with nominations and awards, including the PICASSO Europe Privacy Award in the Privacy Executive category, GRC Role Model of the Year, Technology Consulting Leader, Cyber Women of the Year, Risk Leader of the Year, and The Technology Businesswoman awards.

Marcel Krawczyk is a Defence-aligned cyber security professional, security assessor, and architecture practitioner with extensive experience in delivering risk management, assurance, and accreditation outcomes across Australian Government and complex Defence environments. He currently works as a Cyber Security Principal at Bastion Defence Consulting, where he helps translate risk appetite, policy requirements, and mission priorities into practical security requirements and develop uplift strategies aligned with business outcomes.

Marcel has worked across some of Australia’s most sensitive and strategically significant environments, including Defence Cyber Command, Defence Digital Group, the Future Submarine Program, and the Australian Criminal Intelligence Commission. His experience includes producing security artefacts and authorisation briefs, conducting independent security assessments, guiding and advising system owners through an Authority to Operate process, and providing security architecture support through design assurance, control intent mapping, and risk acceptance. He has supported critical capabilities across cloud systems, Enterprise Resource Planning programs, Navy communications, Army operational simulations, drone development and Defence exercises.

A SABSA Chartered Architect with IRAP, CISSP, CISM, CRISC, and ISO 27001 credentials, Marcel is recognised for translating complex cybersecurity concepts into practical, relatable insights for executives, engineers, and delivery teams alike. His work is grounded in real-world implementation, secure-by-design principles, and the challenge of embedding meaningful architecture and assurance into programmes where cyber maturity is still developing.

Robert is an experienced Enterprise Security Architect with an information security career spanning more than 20 years in cyber security roles. Robert has a great deal of experience working with medium to large organisations in Government, Higher Education and Critical Infrastructure sectors.

Rob’s recent experience involves successful delivery of security projects with organisations in the education, finance, utilities and petrochemical sectors in Australia, Saudi Arabia, UAE, Vietnam and the United States.

Rob’s experience also includes high-profile roles such as Chief Information Security Officer (CISO) at the University of New England, leading multiple pivotal cyber security projects.

Rob is highly experienced in defining information security risk strategy, security architecture design and alignment with business processes, transformation and automation of security and architecture processes, as well as planning and integration of security services and mechanisms to clearly support business goals.

Rob is a certified SABSA, ISACA and (ISC)2 instructor and is committed to contributing to the wider information security community, currently sitting as the Chair of the Western Australia branch of AISA (Australian Information Security Association), Founder/Treasurer of the ISC2 Western Australia Chapter and Deputy-Chair of the ISC2 Chapter Regional Management Committee (CRMC) APAC.

Anne Leslie is a cloud risk and security leader whose work sits at the intersection of digital sovereignty, enterprise architecture and organisational resilience. With a career spanning global financial services, cloud transformation programmes and public–private advisory roles, she specialises in helping organisations navigate the geopolitical, regulatory and architectural constraints that shape modern security strategy.

Her work focuses on surfacing the hidden dependencies that undermine resilience — from control planes and identity flows to cross border legal exposure — and on helping leaders build sovereignty dispositions grounded in system behaviour rather than marketing narratives. She is known for applying complexity aware methods to cut through oversimplified assumptions and reframe difficult cloud and risk challenges into tractable, directional choices.

Anne regularly advises executive teams, regulators and industry bodies on cloud risk, digital sovereignty and emerging technology governance. She has spoken internationally on topics ranging from quantum era preparedness to cloud operating models and sovereign by design architectures, and is recognised for her ability to translate abstract policy goals into practical, architecture aligned action.

Her work is anchored in a simple principle: sovereignty, security and resilience are not products — they are dispositions shaped through constraints, design choices and the ability to operate under real world pressure.

Dr. Muhammad Malik is a cybersecurity strategy executive with over 25 years of experience building and transforming security programmes across defence, government, media, and regulated industries. He holds a PhD in Computer Science and Engineering from UNSW and advanced certifications from Carnegie Mellon (CISO and CDAIO programmes), alongside SABSA Chartered Architect – Foundation (SCF), CISSP, CISM, and CISA credentials.

He currently leads cybersecurity strategy, AI security governance, and enterprise security architecture at beIN Media Group, where he has designed and implemented security operating models for large-scale OTT broadcasting, live sports streaming, and digital transformation initiatives. His work spans SABSA-driven security architecture, Zero Trust implementation, AI and GenAI risk governance, and board-level cyber risk quantification.

Dr. Malik was recognised with the IDC CISO Excellence Award in 2025 for his contributions to enterprise security leadership. He writes CISO Strategy Blueprint, a cybersecurity strategy newsletter on LinkedIn with over 1,200 subscribers, focused on the intersection of security architecture, risk governance, and board-level decision making. His research has been published in academic journals and practitioner publications including the ISACA Journal.

Prior leadership roles include IBM, KPMG, HP Enterprise Services, and the Australian Department of Defence, where he led security programmes across hybrid-sourced environments spanning multiple classification levels and international standards frameworks.

Colin Manson is a Technical Security Manager working within the UK public sector, where he is leading efforts to turn security ambition into operational reality.

His career started in Security Operations, where he quickly learned that having tools doesn’t mean having security, a lesson that continues to shape his approach to architecture today. Colin now focuses on building security capability in environments that don’t start from a position of maturity: limited visibility, legacy infrastructure, and small teams expected to deliver large outcomes.

Rather than approaching security as a technology problem, Colin treats it as a design challenge, translating business risk into practical, sustainable controls that people can actually operate. His work spans detection engineering, identity and access management, and security architecture, with a strong focus on ensuring that what is designed can genuinely be delivered and maintained.

He applies frameworks such as SABSA pragmatically, adapting them to real-world constraints rather than ideal models. Colin is particularly interested in the gap between architectural intent and operational reality and why so many transformation programmes struggle to bridge it.

Outside of work, Colin has a background in sports coaching, which continues to influence his approach to leadership and security, focusing on fundamentals, team development, and building systems that work under pressure, not just on paper.

Claudio Marforio is co-founder and CEO of Futurae Technologies, a Swiss cybersecurity company building the authorization layer for regulated digital actions and AI-driven systems. Futurae secures millions of users worldwide and processes hundreds of millions of trusted actions annually across banking, payments, and digital identity platforms.

Claudio’s work focuses on authentication, authorization, and verifiable delegation in complex digital ecosystems. He began his research on usable and secure authentication during his PhD at ETH Zurich, exploring how strong cryptographic security can be deployed at scale without compromising user experience. That research later evolved into Futurae, which today powers advanced authentication, trust signals, and delegated authorization for enterprises operating in regulated environments.

Beyond Futurae, Claudio is also active in the European startup ecosystem as an early-stage investor focused on cybersecurity and digital infrastructure. He works closely with founders and institutions shaping Europe’s digital sovereignty and the next generation of trust infrastructure for the AI economy.

Sophia is a Manager in the Cyber Security Practice at PwC UK, specialising in security architecture and engineering. She owns PwC’s Threat Modelling proposition, leading its development and delivery across client engagements. Her core expertise lies in cloud security, working with a range of cloud-native and platform technologies, including Kubernetes.

Her experience spans the private sector, public sector, and governmental bodies, where she has supported organisations in designing secure architectures and embedding security across the system lifecycle. Sophia has a strong technical background, holding an MSc in Cyber Security, and focuses extensively on threat modelling and cyber recovery across diverse environments from cloud-native systems to Operational Technology.

Fouad Mulla has spent 15 years in cybersecurity, most of it uncomfortably close to the incidents that keep CISOs awake.

His experience spans cloud and AI security architecture, secure development, and enterprise risk management, but his perspective on security architecture is shaped primarily by what he’s seen break during incident response. He currently focuses on the gap between how we design AI-dependent systems and how we actually respond when they fail or come under attack. Fouad holds CISSP, CISM, and SecurityX certifications.

Lori is a cybersecurity architect with over 20 years of experience advancing secure, resilient, and user-friendly security solutions. She has led global initiatives in security architecture, threat detection, and cyber resilience at organizations including Microsoft, General Dynamics Mission Systems, and others. . A CISSP with a Ph.D. in Computer Engineering, Dr. Murray has presented and published on AI risks, cyber resilience, and autonomous systems.

Stephanie Park is a cybersecurity professional specialising in information security governance. She is dedicated to making complex information accessible and practical for organisations. In her current role, she oversees assurance for the .au domain supply chain, helping the organisation stay agile and responsive to emerging challenges.

David Porter has over 30 years’ experience in operational risk and resilience. Originally an AI researcher, his work has covered fraud and money laundering detection, computer security, threat intelligence and incident response. He has worked for both public and private sector organisations.

At the Bank of England, he works on a variety of internal security projects including threat mitigation, incident review and response exercising. He is the author of the original version of the Bank’s CBEST intelligence-led penetration testing manual.

David holds an MSc in Advanced Methods in Computer Science and is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Fraud Examiner. His book contributions include Analysis for Knowledge-Based Systems, Guide to International Money Laundering Law and Regulation, Corporate Fraud and Handbook of Research on Information Security.

Robert Rost has been focused on cybersecurity for the last 21 years. Robert Rost was the Cybersecurity Architecture Director from 2019 to 2024 at one of the largest non-for-profit healthcare systems in the US. Prior to this role, Robert Rost held the position of IT Operations Director, Defensive Services at the same company. He is currently the Cybersecurity Architecture Director for US-based fortune 500 chip manufacturing company. He was hired by the CISO to build the company’s cybersecurity architecture function. To achieve this outcome, Rob is leveraging his experience, trusted relationships, SABSA training and experience using the Agile Security System by Andrew Townley.

Rob has a passion for cybersecurity architecture, but also for educating everyone, especially the youth and their parents, about Internet safety. He enjoys researching and writing about cybersecurity (www.robertrost.com).

Above all, He enjoys life and has adventures with his wife of 17 years and three children in Southwest United States. He also enjoys serving and volunteering in the Church of Jesus Christ of Latter-Saints and in his community. Rob enjoys strength training, pickleball and ice baths.

Jasper is a cybersecurity architect specialized in application security and cryptography. He has studied under prominent cryptographers at KU Leuven’s COSIC, and he currently serves as cryptography capability lead and secure system development lifecycle operator at one of Belgium’s major banks. He is known for his enthusiasm, curiosity and can-do mentality, and being able to explore any technical topic. He is an avid speaker, teacher and workshop facilitator.

Abdul works as a Cybersecurity Architect at PwC UK and brings more than 20 years of experience across cybersecurity architecture, risk management, and secure systems engineering. His work spans telecommunications, public sector, and critical infrastructure organisations including British Telecom, Etisalat, and Nortel Networks and the Abu Dhabi Police. He specialises in designing security architectures that translate policy, legal, and regulatory requirements into practical technical controls and operating models.

In recent years Abdul has focused on cloud security and sovereign cloud strategy. He supports organisations adopting public cloud while maintaining compliance with data protection law, national security requirements, and sector regulations. His work includes development of security guardrails, threat modelling frameworks, and governance models aligned with standards such as the Cloud Security Alliance Cloud Controls Matrix, NIST architecture guidance, and leading international security frameworks.

Abdul has led the design of secure privileged access architectures for high security environments, including law enforcement networks requiring controlled administrative access to isolated infrastructure. He has also developed enterprise risk and threat modelling frameworks used to embed security requirements into technology programmes and digital transformation initiatives.

His current research and advisory work focuses on sovereign cloud, jurisdictional control of data, and secure architectures for AI and critical national workloads. He contributes to industry discussions on how governments and regulated sectors adopt cloud technologies while maintaining national control, resilience, and trust.

Abdul holds a BSc (Hons) in Software Engineering and an MSc in Information Security.

Malcolm’s career spans many years in government and industry, and as an adjunct academic. As the Director of Information Systems Security in GCSB, he developed and managed the national information security programme for New Zealand. His Technical Director roles include CES Communications where he was responsible for developing embedded cryptography products and BAE Systems Applied Intelligence where he managed the security evaluation, reverse engineering and penetration testing teams. He has held a number of Chief Security Officer roles in the telecommunications field, including Telecom NZ, NBN Co, and Huawei Australia. He is currently Chief Architect for David Lynas Consulting providing security and AI architecture training and consultancy both in Australia and offshore. Malcolm is an adjunct PhD Supervisor at Deakin University in Melbourne and is the author of numerous online cybersecurity and programming courses published through Linkedin Learning and Offensive Security.

Martin is a senior cyber security leader with a proven record of building and scaling enterprise cyber capabilities across government and global media. He has established security functions from inception in central UK Government and previously created the first coordinated global cyber capability for the Financial Times, enabling secure digital publishing and commercial operations across multiple continents. Currently Chief Information Security Officer at the UK Department for Education, Martin shapes national-scale cyber strategy for the department and UK education sector, supporting sector-wide resilience through collaboration and practical, outcome-driven security. He specialises in measurable, investment-aligned cyber strategies that enable—rather than obstruct—modern digital delivery. A Global Top 100 CISO, Martin speaks on cyber strategy, resilience and digital risk at UK and international forums.

Stuart brings more than 25 years of experience in PKI and cryptography management across a wide range of industries.

He has worked at the intersection of standards, policy, and enterprise practice — contributing to NIST NCCoE’s Cryptography Discovery and Inventory initiative, the GSMA Post-Quantum Task Force, and most recently the Post-Quantum Financial Forum (PQFF).

Stuart works with large enterprises on building robust cryptography governance frameworks and implementing crypto-agile architectures designed to withstand the transition to post-quantum cryptography.

His work spans certificate lifecycle management, cryptographic discovery and inventory and the design of PQC migration strategies that balance operational continuity with long-term security resilience.