Speakers - COSAC

COSAC 2025

Chathura Abeydeera

Director, KPMG (Australia)

Chathura is a Director in the Cyber consulting practice of KPMG Australia. He is also an advisory board member of the CREST Australasia. He has delivered complex technical Cyber security assessment programs and Incident Response engagements for a number of high profile Australian and global organisations.
Daniel Avieritei

IAM Security Architect, Admiral (UK)

Software engineer at heart that somehow managed to fall in the Security Pit and complains he can’t get out of it cause he loves it too much … Spends most of his time talking about IAM, Security, Architecture, how stuff should work. Has experienced industries like Telecoms, Utilities, Financial Services (Banking), OEMs (Manufacturing) and as of late Insurance. Still enjoys building stuff with his own hands, although he’d talk to death about building and making plans than doing anything …
Øystein Balstad

CISO, Defendable AS (Norway)

In 1909, the Nobel Prize-winning Norwegian poet and writer Bjørnstjerne Bjørnson wrote a comedy named “When the new wine blossoms”, and 100 years later a gang of Norwegian artists re-used the name of the comedy to describe themselves – “The new wine”, claiming that they were the young professionals that surpass and displace the old.

Although Øystein is no famous writer or artist, he does consider himself “the new wine” in the space of Norwegian cybersecurity – one that dare to speak up, challenge perceptions and provide a new and more modern approach to the role of security in business.

Øystein has a M.Sc. from the University of Oslo and began his career within national healthcare and high-availability environments. Not even three years into his cybersecurity career he was offered to become the CISO of a scale-up MSSP in Norway and later headed the certification process that led to Defendable becoming the first MSSP in Norway to hold the ISO27001:2022 certificate for the totality of the company.

By combining his skills as a CISO with his love for security architecture, Øystein can achieve balanced and appropriate solutions to complex challenges whilst exploring any space to maneuver within defined business goals & objectives. Øystein always defaults back to making governance & management of cybersecurity valuable in a practical context for the business – it’s the practical impact that matters.
Chris Blunt

Enterprise Security Architect, ESO (Northern Ireland)

Chris is the Enterprise Security Architect for a SaaS provider specialising in software and data analytics for health and fire services. He is a seasoned cybersecurity professional and is passionate about business-driven security and delivering pragmatic advice that enables organisations to achieve their business objectives.
Ghariba Bourhidane

CyberSecurity Consultant, TreeBridgeMosaic srl (Belgium)

Ghariba is a dreamer, sensitive and unconditional coffee lover. She is currently working as Cybersecurity Transformation Consultant providing services in CyberSecurity Culture and giving deeper experiences advice in Security Awareness, two main topics which drive her passion for the field. Previously, she worked as Deputy CISO of an insurance group by managing the Third-Party Security, IT project security, responsible for IT-Security communication and becoming a security awareness specialist. She has two degrees in Business Sciences and in Business Financial Engineering.

Recently volunteering as TSI Community Manager, she previously worked as Deputy CISO of an insurance group by managing the Third-Party Security Risk concept, dealing with IT project security aspects, being responsible for IT-Security communication and becoming a security awareness specialist. She has completed two university degrees in Business Sciences and in Business
Financial Engineering.
Hugh Boyes

Honorary Fellow, Loughborough University (UK)

Hugh Boyes is a security adviser and an Honorary Fellow at Loughborough University. He is a Chartered Engineer, Chartered Cyber Security Professional and a Principal member of the UK NPSA-sponsored Register of Security Engineers and Specialists (RSES). Hugh has been the technical author for several standards issued by BSI and is a regular standards reviewer and contributor.

As a security adviser Hugh works across a range of information intensive public sector initiatives, particularly those involving infrastructure and complex geospatial data. His research interests relate to the security of cyber-physical systems, industrial IoT and digital twins, particularly those in the
built environment and the critical national infrastructure.
Steven Bradley

Consulting Security Architect, Cyber Enterprise Modelling (Belgium)

Steven is a Belgium-based independent security consultant at Cyber Enterprise Modelling (CEM) and has been a regular presenter at COSAC since 2018 on the topic of security by design through automation and modelling. He is the principal author of the SABSA Institute / Open Group paper “Modelling SABSA with ArchiMate” and chairs the associated SABSA Working Group. He holds several security, architecture and privacy certifications including SABSA Chartered Practitioner and ArchiMate.
Glen Bruce

Cybersecurity Consultant, GDB Cyber Security Consulting (Canada)

In his 50+ years of in-depth experience in IT and security consulting, systems management and technical implementations, Glen Bruce has focused on Security Frameworks, Strategies, Architectures, PKI and Governance supporting business and governments in their approach to managing information and cybersecurity risk. He has led many information/cyber security engagements, where he has helped clients establish effective strategies, governance, architectures, frameworks, policies, PKIs and infrastructure implementations in support of a wide range of business and technical requirements. Glen is the leader of the SENC workgroup project.
George Bull

Cyber Security Architect, PwC (UK)

George is a Manager in PwC UK’s Cyber Security team, specialising in Security Architecture. He helps organisations design and implement large-scale security transformations, leveraging technology for automation and efficiency. More recently, his focus has been on how emerging cyber security innovations – along with shifting investment trends, are influencing security strategy and technology adoption.
Rob Campbell

Enterprise Security Architect, PA Consulting (UK)

Rob Campbell is a seasoned Enterprise Security Architect with nearly 30 years of experience in cyber and information security. Passionate about advancing the profession, he focuses on innovating security architecture approaches and enabling knowledge-sharing among practitioners.

Rob has developed practical tools, methodologies, and frameworks to help architects navigate complex enterprise environments. His expertise spans security architecture, risk management, compliance, and incident response, with a strong focus on aligning security strategies with business objectives.

At COSAC, Rob shares his deep technical knowledge and pragmatic insights, providing actionable takeaways for building resilient and future-proof security models.
Jonathan Cassam

Cyber Security Senior Manager, PwC (UK)

Jonathan is a Senior Manager in the PwC Cyber Security practice with diverse experience across both public and private sectors helping organisations tackle some of their most complex security challenges. He is also leads our Secure-By-Design proposition and works with a number of clients to securely delivery solutions.

Jonathan has proven delivery capability and offering real value to businesses with experience that covers a broad range of areas including, strategy, architecture, policy and procedures and training, with particular focus on security architecture
James Chinn

Enterprise Cloud Security Architect, Admiral (UK)

As the Enterprise Cloud Security Architect for Admiral Insurance in the UK, I bring more than a decade of cloud computing expertise to the table. In the last 7 years, I have worked with Fintech companies of all sizes, from startups to FTSE 100 Giants. I shape the vision and strategy for cloud security at Admiral, and I have shared my insights and hosted events in the industry as a security Architect.
Andy Clark

Director, Primary Key Associates (UK)

Prof Clark is an acknowledged expert in Cryptography, I.S. Security, Systems Engineering, Information Forensics & Cyber Security. He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with 20+ years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases. He is a co-author of the SABSA Blue Book & was the first recipient of the COSAC award.
Simon Cross

Solutions Architect, Infoblox (UK)

Simon is a Solutions Architect at Infoblox with over 15 years of experience in enterprise security architecture. He has worked with clients across defence, aerospace, and financial services sectors. His career has spanned building cutting-edge security operations centres, exploring the evolving threat landscape, and aiding organizations in recovering from cyber-attacks.

Currently at Infoblox, Simon is focused on security research, leveraging his expertise to help organizations develop resilient security strategies. At COSAC, he will present a practical and thought-provoking session, combining the latest threat research with SABSA’s structured approach to analysis, to address the challenges of securing the modern enterprise.
Martin De Vries

Chief Information Security Officer, Eindhoven University of Technology (Netherlands)

Martin is an experienced Information Security Professional with a background in Project Management, Service Management and Innovation. He joined the Eindhoven University of Technology as their Chief Information Security Officer in 2021. In this role he helps the university realising secure, state of the art and innovative digital facilities to meet the university’s strategy. As digitization comes with risks he ensures that these are assessed and dealt with in the context of the university’s full risk profile.
Dimitrios Delivasilis

CEO, Qiomos (UK)

For over twenty five years, Dimitrios has been a technology executive with a proven success record of delivering future proof information security strategies and helping organisations implement their digital transformation plans with a commensurate level of assurance. Mastering specialisation in business-driven security strategy, architecture and operational resilience, Dimitrios draws strength from the diverse experience in leadership roles, predominantly within financial services, i.e., Head of Enterprise Security Architecture at Visa and Global Head of Information Risk Strategy at HSBC.

Driven by his vision to shift the resilience risk paradigm by challenging core beliefs and driving better decision making, in 2020, Dimitrios founded Qiomos and started providing value-driven services to guide organisations into building resilient services and products. In 2024, this extensive experience led to the launch of the innovative QnousTM solution – a single source of truth to strengthen operational resilience by modelling the organisation’s security posture and centralising security-related information into a single data model. Dimitrios is now working with organisations, across the globe, streamlining their security risk management and truly simplifying their security decision-making.
Paul Dorey

Visiting Professor, Royal Holloway University of London (UK)

Paul Dorey is facilitator for the UK Energy Emergencies Executive Cyber Security Task Group (E3CC), the UK Aviation Cyber Security Forum and is co-lead for the UK NCSC ICS Community of Interest Supply Chain Expert Group. His leadership roles have included Global CISO at BP and Barclays and other CISO roles in financial services, technology and pharmaceutical sectors. He currently advises security leaders, business executives and governments on cyber security strategy and risk reporting and acts as an expert witness. He is a Visiting Professor in Information Security at Royal Holloway, University of London.
Todd Fitzgerald

CISO, Cybersecurity Leadership Author and Advisor, CISO SPOTLIGHT, LLC (USA)

Todd Fitzgerald promotes CISO/CPO leadership via advising CISOs, advisory board participation, podcasts, and international speaking engagements. Todd founded the successful CISO STORIES leadership podcast and hosted the first 190 episodes. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2024) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta,
IMS Health and American Airlines. Todd earned MBA with highest honors from Oklahoma State University, Business Administration from UW-Lacrosse, and certifications of CISSP, CISA, CISM, CIPP/US, CIPP/E, CIPP/C, CGEIT, CRISC, PMP, ITILv3, HI TRUST, and ISO27000.
Kaleb Frye

Student, Marshall University (USA)

Kaleb Frye is a student intern at Marshall University where he is a senior studying Computer Science and has branched into cybersecurity. Kaleb is a student intern, and he is exploring various cybersecurity career paths.
G. Mark Hardy

President, National Security Corporation (USA)

G. Mark Hardy serves as President of National Security Corporation and co-host of the award-winning CISO Tradecraft podcast. He has been providing cyber security expertise to government, military, and commercial clients for over 35 years, and is the author of over one hundred articles and presentations on security, privacy, and leadership. A graduate of Northwestern University and Loyola University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and is designated as a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).
Lynette Hornung

Principal Security Architecture Manager, Iowa State University (USA)

Lynette Hornung is a Principal Security Architecture Manager at Iowa State University. She has her MS in Information Assurance from Iowa State University, CIPP-US and SABSA security architecture certifications. Senior Member of IEEE. She enjoys researching a variety of topics in information security, such as Artificial Intelligence and its many complexities, such as ethics, privacy and security. She likes to study and analyze the many aspects of security architecture, cybersecurity, financial technology and the intersection with the legal landscape and geo political events.
Jaco Jacobs

Director - Cybersecurity Advisory, David Lynas Consulting (Netherlands)

Jaco is the Director of Consulting Services for David Lynas Consulting based out of the Netherlands. He has been a “security guy” for more than 25 years during which time he has provided security consulting services to many of the largest organizations around the world. He has spent most of his career developing security IP, training and services for the largest global security providers as well as co-authoring several security publications.
Gordon Jenkins

Head of Security Architecture, Admiral (UK)

Dr Gordon Jenkins heads up the security architecture team at Admiral Insurance in the UK. He has 25+ years’ experience in IT and security for large financial services organisations in the UK and US, across investment banking, life & pensions, asset management, and general insurance. He has worked as a security architect for the last 14 years, providing guidance to dozens of major business and infrastructure projects and helping to shape enterprise security functions.
Siân John MBE

Chief Technology Officer, NCC Group (UK)

Siân John MBE is Chief Technology Officer at NCC Group responsible for intelligence, insight and innovation within the company. Siân has worked in Cybersecurity for 25 years across strategy, business risk, privacy, and technology. She is a Fellow of the UK Chartered Institute of Information Security, Chair of the techUK Cybersecurity committee, and a council member for the Engineering and Physical Sciences Council (EPSRC). Siân was awarded an MBE in the Queen’s 2018 New Year’s Honours List for services to Cybersecurity.
Dr. Connie Justice

Professor Emeritus, Indiana University (USA)

Dr. Connie Justice is Professor Emeritus at Indiana University. Dr. Justice has an extensive background in cybersecurity education and research where she built and maintained the Indiana Cybersecurity Living Lab where she taught students in a hands-on integrated environment in both building and attacking cybersecurity solutions. Dr. Justice has research interests in education, fake news and Artificial Intelligence
Lesley Kipling

Chief Security Advisor, Microsoft (UK)

Previously lead investigator for Microsoft’s detection and response team (DaRT), Lesley has spent 16+ years responding to Microsoft customers’ largest and most impactful cybersecurity incidents. As Chief Security Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning.
Jason Kobes

Sr. Staff Cyber Architect & Research Scientist, Northrop Grumman Corporation (USA)

Jason Kobes works as a Sr. Staff Cyber Architect & Research Scientist in Washington, DC for Northrop Grumman Corporation. Jason has over 20 years of experience concentrated in security digital transformation, systems engineering, information systems design analytics, business/mission security architecture, enterprise risk management, information assurance research, and using AI for automation. Jason has a Master’s of Science in Information Assurance (MSIA) and a Bachelor’s of Science in Computer Science from Iowa State University. Jason holds a SABSA Practitioner of Risk and Governance as well as Architecture. Jason’s areas of research include enterprise risk architecture, accountable anonymity systems and applying actionable enterprise security architecture. Jason is also an adjunct professor at Marymount University for the Criminal Justice department Cyber Crime and Digital Terrorism class.
Karel Koster

Manager Cyber Security, FedEx Express Corporation (Netherlands)

Karel Koster is an information security professional with over 15 years of experience is various information roles. He currently manages a global
information security team for FedEx.

Prior to FedEx Karel fulfilled positions as Head of information security, information security officer, security architect and operational risk manager within financial services companies. Karel is a People, Process and Technology person, in that order.
Shubham Kumar

Sr. Security Analyst, Transunion LLC (India)

Shubham Kumar is a passionate cybersecurity and OSINT researcher with an unquenchable thirst for exploring the intricate world of technology and uncovering the threads that tie it all together. In his role as a Senior Information Security Analyst, he brings his expertise to the forefront, ensuring the digital landscape remains secure. Beyond his daytime responsibilities, Shubham is a dedicated CTF enthusiast, consistently honing his skills as an integral member of the dynamic team Fs0ciety00. Shubham Kumar also presented his research and was selected as the speaker for SANS OSINT Summit 2023 and 2024 as well as for DEFCON DC 9111 OSINT Village and Bsides Mumbai, Dehradun, and EOCON.
Anne Leslie

Cloud Risk & Controls Leader, IBM (France)

Anne Leslie is the Cloud Risk and Controls Leader for EMEA at IBM. With 18+ years of experience spanning financial services and technology, she is a distinguished expert at the intersection of AI, cloud, operational resilience, and cybersecurity.

Since joining IBM, Anne has been instrumental in guiding clients worldwide in securely accelerating their adoption of public cloud and AI technologies, while also preparing them for the future landscape shaped by quantum computing. Her work ensures these organisations can adapt their operating models and enhance their resilience in a rapidly changing digital environment.

Co-editor of The AI Book and co-author of The RegTech Book, Anne excels at facilitating outcome-oriented dialogue on complex industry issues, building positive relationships across diverse stakeholder groups. She is actively driving industry momentum around post-quantum readiness by advising clients on strategies to mitigate risks and embrace quantum-resistant solutions. Well-established as a trusted voice in the industry, Anne regularly contributes her thought leadership to C-level conferences and working groups convened by public authorities.

Irish by nature and French by design, Anne lives with her family in Paris, France, which has been her home for almost 30 years.
David Lynas

Chairman, COSAC (Northern Ireland)

David Lynas is currently enjoying his 42nd year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute and CEO of David Lynas Consulting.
Valerie Lyons

COO, BH Consulting (Ireland)

Included in the ‘Top 100 Women in Cybersecurity in Europe’, Dr. Valerie Lyons is executive director and COO at BH Consulting, where she leads data protection, cybersecurity, and AI governance consulting initiatives. Prior to BH Consulting, Valerie spent 13 years leading the cybersecurity risk management team in KBC Bank. She is a recognised expert in building cybersecurity and data protection governance into corporate strategies, and in 2024 published The Privacy Leader Compass: A Comprehensive Business-Oriented Roadmap for Building and Leading Practical Privacy Programs. This book has been adapted into a sold-out workshop at several IAPP conferences. Valerie holds an award-winning PhD researching the influence of Privacy as a CSR on consumer trust and privacy concerns and is currently undertaking a Post Grad in Corporate Governance. She is a Certified Data Protection Systems Engineerௗ(CDPSE), a Certified Information Privacy Professional (CIPP/E), and a Certified Information Systems Security Professional (CISSP). She is a member of the Institute of Directors, honorary fellow of the Irish Information Security Forum, a member of the EDPB pool of experts, a member of the Privacy as a CSR Stakeholder Group (Maastricht University), and a committee member of the Irish Internet Governance Forum.
Vriti Magee

Enterprise Security Architect, Transurban (Australia)

Vriti Magee is an experienced technology strategist specialising in enterprise security, AI, and digital transformation. With a background in top-tier global consulting firms, she has advised executive leadership on navigating complex, technology-driven change.

Her work is increasingly focused on human-machine collaboration—examining how AI can augment creativity and decision-making rather than merely automate tasks. As AI systems become more agentic—integrating multi-agent reasoning, foundation models, and adaptive workflows—the challenge is not just technological but strategic: ensuring these systems are scalable, secure, and trustworthy.

A pragmatic problem-solver, she has led high-performing teams, shaping digital strategies that balance innovation with responsible and secure practices.

At Transurban, she is a key member of the team that established an AI Immersion Centre, convening thought leaders from major players like Microsoft and AWS. Success in this era is about more than just adoption—it requires rethinking how AI, security, and digital strategy converge. As AI’s role expands, her focus remains on ensuring it is human-centric, resilient, and designed for lasting impact.

Vriti Magee is SABSA Foundation SCF certified. She has a Master’s in Business Information Systems. She also holds the following technical certifications—CISSP, AWS Certified Solutions Architect (Associate), AWS Certified Security – Speciality, BizzDesign Enterprise Studio Foundation and Advanced.
Leoŝ Mates

Director, DAIN (Czech Republic)

Leoš is a Director at DAIN (Data + Information = Knowledge): a Prague-based, specialist provider of IT services and solutions, with product design responsibility for the ArchiREPO Enterprise Architecture platform. His career mission is to explain the benefits of EA to governments and enterprises, which he delivers through his roles as Vice Chair of The Open Group ArchiMate Forum and a member of the ArchiMate Coordination Body at NATO.
Sophia Mexi-Jones

Security Architect, PwC (UK)

Sophia is a Senior Associate at the Cyber Security Practice at PwC UK with a keen focus in architecture and engineering. Her main experiences and interests lie in cloud security working with a range of different cloud specific technologies such as kubernetes. Her work spans across different industries such as private sector, public sector and governmental bodies.

Sophia has a strong technical background with a MsC in Cyber Security. Her focus within architecture lies with threat modelling where she has focused on a range of systems such as Cloud to Operational Technology. Asides for this, Sophia has a wide range of knowledge of various cloud platforms such as Google, AWS and Azure.

Sophia is an avid speaker at various security/technology conferences and aims to continue to spread her knowledge in cloud security and threat modelling.
Kathleen Mullin

CIO | CISO, MyCareGorithm (USA)

Kathleen Mullin is an influential information security practitioner and international speaker with over twenty-five years of experience. She started her career in Accounting and Internal Audit before moving into Information Technology and Cybersecurity. She has been CISO at various organizations, focusing primarily on healthcare. Most recently, she is CIO|CISO for MyCareGorithm a SaaS startup focused on transforming the Doctor/Patient experience.

Throughout her career, Kate has volunteered and contributed to information security as a profession, including serving on multiple board and advisory positions. Currently she is a Board member of the SABSA Institute (TSI) and
Chair of the TSI EMEA-NA Liaison Group.
Lori Murray

Staff Security Architect, Adobe (USA)

Lori Murray is a Staff Cyber Data Platform Engineer at Adobe, bringing two decades of expertise in security architecture, systems engineering, machine learning, advanced analytics, and design engineering. Dr. Murray holds a PhD in Computer Engineering with a specialization in Secure and Reliable Computing, as well as a Master of Science in Information Assurance and a Bachelor of Science in Mathematics, all from Iowa State University.
John O’Leary

President, O'Leary Management Education (USA)

John G. O’Leary, CISSP, is President of O’Leary Management Education. A computer security practitioner since 1977, he has designed, implemented, maintained, administered, broken, troubleshot, fixed, re-fixed, managed, consulted on and taught security for networks ranging from single-site to multi-national. Winner of the 2004 COSAC award, the EuroSec 2006 Prix de Fidelite and the 2011 ISC2 Lifetime Achievement Award and the first ever ISS Guardian Award in 2015, his background spans programming, systems analysis, auditing, project management, operations and quality assurance. John taught graduate school at the University of Texas at Dallas for 10 years (yes, there are universities in Texas, some of them even accredited). A few years ago he received breach notification letters from TJX and the VA in the same week. He is still waiting for OPM to reveal that the Chinese now have all his security clearance information. The Target “situation” got him new credit cards. He does not admit to knowing any Russians or CCP members. Although he completely missed out on early bitcoin gathering, the March 2023 Silicon Valley Bank failure cost him nothing. He is firmly convinced that COSAC is the absolute best information security conference on earth.
Mz Omarjee

Head: IT Client Security and Moonshots, Standard Bank Group (South Africa)

Muhammed Zubair (MZ) Omarjee, is a former Enterprise Security Architect providing advisory to leading banking institutions in South Africa and abroad. He is instrumental in crafting technology strategies as it relates to digital transformation, mobile banking and cyber security. He plays a pivotal role in shaping information technology practices as a transformative business driven and risk-oriented discipline.

Having a proportionate balance of real-world practical experience and technical competence, Muhammed Zubair excels in changing the mind-set required for Digital Transformation. He has a unique ability to operate end to end working interchangeably from strategy development, product design, solution engineering, and full stack software development. His current scope of responsibility covers 18 countries across the African subcontinent.
Mark Rasch

Attorney, Law Office of Mark Rasch (USA)

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland and is the General Counsel of Threat Intelligence firm Unit 221B, and of-counsel to KJK law.

Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. This includes expertise in GDPR, CCPA, and US and international privacy laws and regulations. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high- technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. He was also the Chief Privacy Officer of Fortune 100 company, SAIC and Chief Security Evangelist for Verizon

Mark has taught white collar crime, computer law, and legal ethics courses, at various institutions including GW, AU and Catholic University Law Schools. He is a frequent media contributor on issues related to technology and the law.
Robert Rost

Design Lead, Cybersecurity, onsemi (USA)

Robert Rost has been focused on cybersecurity for the last 21 years. Robert Rost was the Cybersecurity Architecture Director from 2019 to 2024 at one of the
largest non-for-profit healthcare systems in the US. Prior to this role, Robert Rost held the position of IT Operations Director, Defensive Services at the same company. He is currently the Cybersecurity Architecture Director for US-based fortune 500 chip manufacturing company. He was hired by the CISO to build the company’s cybersecurity architecture function. To achieve this outcome, Rob is leveraging his experience, trusted relationships and SABSA training.

Rob has a passion for cybersecurity architecture, but also for educating everyone, especially the youth and their parents, about Internet safety. He enjoys
researching and writing about cybersecurity (www.robertrost.com).

Above all, He enjoys life and has adventures with his wife of 17 years and three children in Southwest United States. He also enjoys serving and volunteering in the Church of Jesus Christ of Latter-Saints and in his community. Rob enjoys strength training, pickleball and ice baths.
Diyar Saadi

Security Operations Center, Spectroblock (Iraq)

Diyar Saadi Ali is a formidable force in the realm of cybersecurity, renowned for their expertise in cybercrime investigations and their role as a certified SOC and malware analyst. With a laser-focused mission to decode and combat digital threats, Diyar approaches the complex world of cybersecurity with precision and unwavering dedication. At the core of their professional journey lies real-time security event monitoring—a task Diyar executes with exceptional vigilance and expertise. As a respected MITRE ATT&CK Contributor, they have made invaluable contributions to the global cybersecurity community, sharing insights and strategies that help organizations bolster their defenses against evolving cyber threats. Diyar’s impact is further amplified by their role as the discoverer and owner of critical Common Vulnerabilities and Exposures (CVEs), including CVE-2024-25400 and CVE-2024-25399. These achievements underscore their commitment to identifying and addressing systemic vulnerabilities that could otherwise threaten digital ecosystems. Currently, Diyar is making waves on the international stage as a speaker at prestigious cybersecurity events such as Arab Cyber Security in Cairo, DeepSec in Vienna, and SulyCon in Sulaymaniyah, Iraq. They’ve also actively participated in GISEC in the UAE, showcasing their commitment to staying at the forefront of industry trends and challenges. With a wealth of experience, an impressive track record of contributions, and a dedication to advancing cybersecurity knowledge, Diyar Saadi Ali continues to inspire and lead in the ever-evolving digital landscape.
Char Sample

Professor, Marshall University (USA)

Dr. Char Sample is a cybersecurity researcher and professor at Marshall University where she currently teaches Cybersecurity and Computer Science. Dr. Sample has over 40 years of industry experience beginning in software development, through product test and integration, and finally as a researcher (both applied and academic). Dr. Sample’s research areas are all cybersecurity related with an interest toward cybersecurity decision-making. Past projects have focused on the influence of cultural values on cybersecurity, cyber deception including but not limited to “fake news”, and AI/ML vulnerabilities. Other research areas include data resilience, cyber- physical systems and industrial control systems.
Jasveen Sandral

Senior Software Engineer, Shinmei Industry Co. Ltd (Japan)
As the implementer of CSV::TSV in Ruby core, I bring unique insights into API security from both core library development and enterprise systems. My work on Ruby core exposed critical security patterns that challenge traditional API security approaches, leading to novel defense strategies now used in production environments.

Core expertise:
- Ruby core contributor (CSV::TSV implementation)
- API security architecture
- Cross-language security testing
- Zero-trust API design
International speaking experience includes PyCon Africa, PyDelhi, and multiple Open Source Conferences in Japan, where I’ve shared insights on secure API design and implementation.
William Schultz

Senior Director, Vanderbilt University Medical Center (USA)

Bill Schultz is a practicing security architect who has worked in the Information Technology field for over 17 years, with the past 13 focused on Enterprise Architecture, Security Architecture, RiskManagement, and Compliance. Bill has built security programs, risk management programs, anddeveloped strategic organizational architectures and technical system architectures. Bill has led multiple risk management and security architecture initiatives.
Naveen Shivaramu Yeshodara

Lead Partner Product Manager, McAfee (Australia)

Naveen S Yeshodara is a seasoned professional with over 15 years of experience in the software industry, currently serving as a Senior Program Manager at McAfee’s holds a master’s degree in computer science from Visvesvaraya Technological University. Throughout his career, Naveen has demonstrated expertise in program management, software development, and team leadership, contributing significantly to various high-profile projects.is proficiency in managing complex
programs and his commitment to excellence have been instrumental in driving success within his teams.
Nick Spenceley

Director, Primary Key Associates (UK)

Nick is an experienced technical specialist with particular subject matter expertise in the application of technology to solve complex problems in secure environments. He consults on business change, system architecture and design, legal disputes, security accreditation and engineering processes. He has over 30 years’ experience in managing significant project portfolios and programmes for BAE Systems Applied Intelligence, Detica and Logica (now CGI). He is interested in how engineering, security and user behaviour can combine for unintended consequences.
Dan Taylor

Security Architect, PA Consulting (UK)

Dan is a seasoned Security Architect specialising in Enterprise Security Architecture, with extensive experience in designing and implementing robust security frameworks. Known for his strategic approach and deep technical expertise, he excels in developing security architectures that integrate advanced threat management, network security, and risk mitigation strategies.

With a strong focus on aligning security requirements with business objectives, Dan is committed to ensuring that security initiatives not only protect critical assets but also support overall business goals. He stays at the forefront of emerging cyber threats and industry advancements, continuously refining his approach to enhance organisational resilience.

It’s not all work for Dan though, in his spare time he is an avid sports fan. Especially football and Formula 1. Usually spending his weekends consisting of at least one of these activities. He is also a big music fan, spending his younger years as a club DJ.
Sagar Tiwari

Cybersecurity/ OSINT Researcher, Independent (India)

Sagar Tiwari, a versatile cybersecurity researcher, writer, and content creator, is renowned for his unyielding commitment to Open Source Intelligence (OSINT). His extensive portfolio graces the pages of esteemed publications, from magazines to reputable news agencies and research groups. Sagar’s leadership of the elite Capture The Flag (CTF) team, Fs0ciety00, has consistently secured top-tier positions in international competitions. He has been also selected as a distinguished speaker for SANS OSINT Summit 2023 and 2024, Bsides Mumbai, Dehradun, DEFCON DC 9111 OSINT Village, EOCON, and GrimmCon0x7, further underscoring his expertise and contributions to the field.
Anton Tkachov

Managing Director - Cyber, PwC (UK)

Anton is leading the Cyber Security Architecture and Transformation for PwC and has been with the firm for more than 9 years. Prior to that, he has been delivering security transformations as a consultant, and running security architecture team as part of his industry role at a blue chip financial services organisations.

Anton is an active member of leading architecture forums. His passion, experience and interest lies with the ‘enterprise’ architecture which allows him to solve security problems by looking at those from a diverse set of perspectives, considering opportunities for the business (not only risks) and simplifying things.

The most enjoyable aspect of Anton’s client work is around connecting with the like-minded architects to solve problems.
Sir Dermot Turing

Writer & Speaker, (UK)

Dermot Turing is the award-winning author of X, Y and Z – the real story of how Enigma was broken and has written numerous other books relating to his famous uncle Alan Turing, codebreaking and computing history. He is also a regular speaker at historical and other events. He began writing in 2014 after a career in law. Dermot worked for the Government Legal Service and then the international law firm Clifford Chance, where he was a partner until 2014. His specialism was financial sector regulation, financial market infrastructure and bank failures. As well as writing and speaking, Dermot is a trustee of the Turing Trust and a Visiting Fellow at Kellogg College, Oxford.
Roman Zhukov

Principal Security Architect - Head of Community & Industry Engagement, Red Hat (Ireland)

Practicing Cybersecurity expert and Leader (15+ years), (ISC)2 CC (Certified in Cybersecurity). Currently – Principal Security & Community Architect at Red Hat. Formerly – Head of Product Security & Privacy for Data Center & AI SW at Intel.

Roman has broad experience from security architecture & threat modelling to secure development & tooling to vulnerability management & incident response to security education programs for engineers & senior managers. Currently Roman leads industry engagement and several Open-Source security initiatives: Security Champion for Linux Foundation projects, contributor to several working groups under OpenSSF, Eclipse, other foundations. Lecturer at Universities and commercial educational centers. Security Advisor and Evangelist. Mentor and consultant for startups. Recognized as the best speaker and mentor several times.

Start
where
others
stop.

COSAC Ethos #1

Be inspired by a blend of leading-edge information security strategy with pragmatism & realism.

COSAC
Patrons

A completely new COSAC experience pushing the boundaries of cybersecurity further than ever before. Smart people, inspiring guest speakers and a ton of passion. Become a COSAC Patron and gain access like no other.

Become a patron

COSAC APAC
2026.

24th - 26th Feb: Melbourne, Australia

More Info Call for Papers

Contact

Get in contact with us by email, phone or just stay social and connect with us on LinkedIn

COSAC 2025

Chathura Abeydeera

Daniel Avieritei

Øystein Balstad

Chris Blunt

Ghariba Bourhidane

Hugh Boyes

Steven Bradley

Glen Bruce

George Bull

Rob Campbell

Jonathan Cassam

James Chinn

Andy Clark

Simon Cross

Martin De Vries

Dimitrios Delivasilis

Paul Dorey

Todd Fitzgerald

Kaleb Frye

G. Mark Hardy

Lynette Hornung

Jaco Jacobs

Gordon Jenkins

Siân John MBE

Dr. Connie Justice

Lesley Kipling

Jason Kobes

Karel Koster

Shubham Kumar

Anne Leslie

David Lynas

Valerie Lyons

Vriti Magee

Leoŝ Mates

Sophia Mexi-Jones

Kathleen Mullin

Lori Murray

John O’Leary

Mz Omarjee

Mark Rasch

Robert Rost

Diyar Saadi

Char Sample

Jasveen Sandral

William Schultz

Naveen Shivaramu Yeshodara

Nick Spenceley

Dan Taylor

Sagar Tiwari

Anton Tkachov

Sir Dermot Turing

Roman Zhukov

Start where others stop.

COSAC Ethos #1

COSAC Patrons

COSAC APAC 2026.

Contact

Sponsors

NAAS

MELBOURNE

Start
where
others
stop.

COSAC
Patrons

COSAC APAC
2026.