IAUK - The Government's Information Assurance Exchange

Senior Research Fellow, Cranfield University, Defence Academy of the UK

Debi is a Senior Research Fellow at Cranfield University within the Defence Academy of the UK. Prior to taking up this post she was Managing Consultant at QinetiQ. Specialising in information security in general, and risk assessment in particular, other specific areas of research include building trust for information sharing, and governance processes for information security. Her most recent research examines the communication of information security requirements from a socio-organisational perspective. Debi has worked extensively across defence, government and the finance sector.

Global Head of Information Security, Betfair Ltd

Adrian Asher is an Information Security professional whom has been working in this field for just shy of ten years. His current role sees him responsible for Information Security globally at the worlds leading online Betting exchange, Betfair. Information Security at Betfair is integral to everything they do. Considering an average month for Betfair would involve over 400 million trades this is no small task.

Executive Vice-President, Detica

Previous to his recent appointment at Detica Joel Bagnal was the Deputy Assistant to President George W. Bush for Homeland Security. Joel chaired the Homeland Security Council Deputies Committee and co-chaired the Counterterrorism Security Group. His developed national policy in the areas of cyber security, incident management, border security, transportation security, information sharing, identity management, and preparedness.

Deputy Director for Relationship Management, CESG

Phil Baker was appointed as the CESG Deputy Director for Relationship Management in May 2007. He is a member of the CESG Executive Board and leads on the outward facing role for CESG. Prior to this appointment Phil was GCHQ’s Programme Director for Modernisation and was responsible for leading the 3-year programme that is transforming the GCHQ operations organisation to meet 21st century challenges, through business process change supported by substantial new technical systems. This appointment was made in February 2004, as part of rationalising GCHQ’s portfolio of business change programmes.

Head of Information List Management, Barclays

Head of Infrastructure & IT Security Strategy & Architecture, H.M. Revenue and Customs

Andrew joined HM Revenue and Customs in 2005 soon after the merger of the Inland Revenue and HM Customs & Excise. Having rapidly established a clear vision for Infrastructure Services in the newly merged organisation, substantial investment was secured from the departments transformation programme to move to a more agile, cost effective and utility like infrastructure. This programme is rationalising and improving the Data Centre estate and transforming the working environment through the introduction of IP Telephony and collaborative working capabilities. In 2006 Andrew formed the cross Government Public Sector Infrastructure Team – a customer side network of individuals with a professional interest in the development of Public Sector Infrastructure.

MD Innovation, QinetiQ

Dolores was appointed as MD Innovation in April 2007 with responsibility for strategic business development and driving QinetiQ’s innovation strategy in UK public sector. During her career with QinetiQ and its predecessor organisations, Dolores has held a number of technical and managerial positions as the organisation progressed from being part of Government to transitioning in 2001 to the private sector. Following privatisation Dolores was appointed as Managing Director Public Sector with responsibility for leading the development of QinetiQ’s business with national security and civil customers. Dolores graduated in Physics from Queen’s University Belfast and also holds a MBA from Southampton University.

Head of Business Continuity and Security, Department for work and pensions

Chris is a career civil servant with over 30 years’ experience in the Department for Work and Pensions and its predecessors. He has a Diploma in Consultancy Practice from the Institute of Administrative Management and was the first member of DWP to be accepted as Member of the Business Continuity Institute. He has worked in a range of policy, management and project posts and worked in personnel, finance and planning, specialising on performance-related issues. Chris is now the Head of Business Continuity and Security at DWP, the largest department in government. He is also the Departmental Security Officer.

Head of Products and Services, CSIA

Head of Forensics, Detica

Andrew is an experienced consultant with particular expertise in Information Forensics, Cryptography, I.T Security, Systems Engineering and Security Evaluation. He has acted as an expert witness in these areas since February 1996. He is a Chartered Engineer, a fellow of The Institution of Electrical Engineers (F.I.E.E.), a Chartered IT professional and a Fellow of the British Computer Society (F.B.C.S.).

Head of the Defence Cryptosecurity Authority, MoD

Paddy Clayton is the Head of the Defence Cryptosecurity Authority, responsible for the procurement, support, management and policy enforcement of all MOD crypto. In this role he is also a member of the IATP Executive Group and the Intelligent Customer Mechanism Advisory Group. He has previously held a variety of posts in MOD from wind tunnels development, recruitment and marketing, policy and finance, but has spent most of the last 18 years in programme management.

Lecturer, Information Security Group, Royal Holloway

Ms Lizzie Coles-Kemp is a lecturer at the Information Security Group, Royal Holloway where she lectures and researches in information security management. Her academic research areas are currently design aspects of information security management systems and the measurement of compliance and assurance. She has just completed her PhD thesis in the design of information security management systems.

Global Chief Information Security Officer, Merrill Lynch

Robert Coles is the global Chief Information Security Officer for Merrill Lynch and head of Technology Risk Management for Europe, Middle-East, Africa and Pacific-Rim. Prior to this he held various leadership positions at Royal Bank of Scotland and KPMG including information security governance, incident response, investigations, threat management and information security consultancy

Chief Scientific Adviser, Department for Transport and Business Enterprise and Regulatory Reform

Professor Brian Collins became the Departmental Chief Scientific Adviser at DfT in October 2006 and at BERR in May 2008. He is also Professor of Information Systems at the Defence College of Management and Technology (DCMT), Cranfield University. His role as a DCSA is to ensure that the department’s technological activities are well directed and that where appropriate policy is based on good science and engineering. He advises CSIA and IPS on Security and Technology matters. He was Chief Scientist and Technical Director at GCHQ and Deputy Director at RSRE. He is a Fellow of IET, BCS, IOP and RSA.

Information Advisor, MoD

Deputy Director General, CBI

As Deputy Director-General of the CBI, John Cridland is responsible for the management of the CBI’s policy and membership activities. He is a key spokesman for the business community, in the media and on public platforms, and has extended the CBI’s global footprint and its reputation for policy leadership.

Technical Director, Thales

Peter Davies is Thales' leading UK expert on Cryptography and provides cryptography and information security direction and expertise for the company and their clients. Mr. Davies has worked on projects involving the development and certification of flexible security solutions for government and commerce, supporting the security of both communications and infomatics in an international multi-grade environment and advising both commercial and government agencies on strategies and concerns for the protection of shared environments.

(retired), Strategic Advisor to Ultra Electronics Limited, representing the Crypto Developers’ Forum (CDF)

Vice President Digital Security and Chief Information Security Officer, BP

Paul has responsibility for IT Security and Information and Records Management Standards & Services globally across BP, including the digital security of process control systems. He has 20 years management experience in information security and established one of the first dedicated operational risk management functions in Europe. Prior to BP, he set up strategy, security and risk management functions at Morgan Grenfell and Barclays Bank. Paul has consulted to numerous governments, was a founder of the Jericho Forum, is the Chairman of the Institute of Information Security Professionals (IISP) and currently sits on the Permanent Stakeholders Group of the European Network Information Security Agency (ENISA).

Chief Information Officer, National Policing Improvement Agency

Richard Earland is the first national Chief Information Officer for Policing in the United Kingdom. In this role Richard has responsibility for the development of Forensic Science and Identification services, as well as national programmes delivering Digital secure National communication services, and the Information Systems Strategy for the Police Service. To facilitate this work Richard is striving to develop a CIO Council within policing. Richard has extensive experience of delivering major ICT programmes, most recently as Group Director for Information Programmes with the Metropolitan Police Service (New Scotland Yard – London).

Commander  RN(Retired) is currently Sun Microsystems Global Director for Defense and Intelligence

Richard had a 40 year career in the Royal Navy that encompassed a variety of war and peace time duties and challenging commands. His last appointment saw the completion of his career in the Royal Navy by accepting the post directing the communications effort at the NATO regional Headquarters in Lisbon, Portugal.  Since leaving the navy, Richard has been a consultant in the security, defence/ intelligence areas before joining Sun Microsystems.

Defence Strategy and Solutions LLP, Strategy Support to IATP and CSIA

Bill joined DS&S as an Associate Partner in 2004. He started his career in the FCO (Foreign and Commonwealth Office) and has over ten years’ consultancy experience working in three of the UK’s largest firms. He has led a number of major assignments dealing with national security, information assurance, complex organisational change and the introduction of new technologies. Bill became a partner of DS&S at the beginning of 2008 and leads the National Security and Resilience practice.

Head of Profession for IA, CESG

Chris Ensor has worked in a variety of roles within CESG over the past 18 years. He is now head of profession for Information Assurance within GCHQ as well as Technical Director for CESG. He also sits on the Board for the IISP Board, responsible for skill and accreditation.

Senior Manager, Information Security, Policy & Comms, Nationwide

Sarah is the Senior Manager, Policy and Communications in Nationwide’s Information Security Department. She has held this position since October 2007 following her role in managing the Society’s Information Security Improvement Programme. Prior to this she worked as a Project Manager, managing various activities across the Society, largely in the Banking and Savings world. She spent a year on an external secondment to the Building Societies Association working as Policy Advisor looking after Fraud, Financial Crime and the Banking Code across the Building Society sector. Before joining Nationwide, Sarah worked for the John Lewis Partnership in a variety of training and management roles.

Director of Change and Corporate Services, Scottish Government

Paul Gray is the Scottish Government’s Director of Change and Corporate Services, with responsibility for senior staff development and deployment; human resources; information systems and services; accommodation and estates services; corporate learning; employee engagement; and the Scottish Government’s business improvement and change programmes Previously, he was Director of Primary and Community Care – having joined Health in October 2005.

Keynote summary

Director, Markets & Suppliers, Office of Government Commerce

Mike has just started in the OGC as Director of Markets and Suppliers working to Mark Pedlingham, the Executive Director. He has 22 years experience in procurement in the MoD including experience of Project Management, procurement policy development, Project finance and Business Management. His primary foci are the top 13 IS/IT suppliers to Government, the Construction Industry and Consultancies. Mike’s Division is working on all three of these Supplier areas in the context of Transformational Government, Transforming Government Procurement and the Supplier Management Initiative.

Ex-Business Change Manager GCHQ

Alan retired in 2006 from GCHQ where he held a variety of senior roles concerned with organisational development and change delivery, building on earlier roles in Information Systems, Engineering and Human Resources. As an independent consultant, Alan has worked as a ‘Critical Friend’ with the RAF and with the CSIA on the NIAS, and is a Visiting Fellow at Cranfield University DCMT. He is accredited with the OGC as a Gateway Review Team Leader for High Risk projects and programmes.

Security Advisor to the Prime Minister and Head of Intelligence, Security and Resilience, Cabinet Office

Robert Hannigan is the Prime Minister’s Security Adviser and Head of Security, Intelligence and Resilience.

House of Lords

Lord Toby Harris was made a Life Peer in June 1998. He is Chair of the All-Party Parliamentary Group on Policing and Treasurer of the Parliamentary Information Technology Committee (PITCOM). He was also a member of the House of Lords Select Committee that recently reported on Personal Internet Security. He is the first Chair of the Institute of Commissioning Professionals, has been a non-executive director of the London Ambulance Service, a Senior Associate of the Kings Fund, and a member of the Committee on the Medical Effects of Air Pollutants. He is a former member of the Committee of the Regions of the European Union.

Director of EDT (Electronic Delivery Team), Cabinet Office

Chris has a long track record in both public and private sectors with Local Authorities such as Sheffield, Bolton, Blackburn and Knowsley, in Central Government with DETR, DTLR, the Office of the Deputy Prime Minister and with the Cabinet Office. He has also worked in the private sector with Land Rover, Rank Hovis and CSL. Chris is currently working, as a senior civil servant, for the Cabinet Office’s Delivery and Transformation Group as the Director of EDT.

Programme Manager, IATP

Executive Director of Integrity and Security, Identity and Passport Service

Duncan joined IPS in mid 2007, prior to this he was the managing director of the security division of QinetiQ PLC. View biography Duncan joined IPS in mid 2007, prior to this he was the managing director of the security division of QinetiQ PLC, joining from Generics AG where he was a key part of the team that listed the company on the London Exchange. Prior to this he was the Group CTO of The Post Office in the UK.

VP, BT Global Services Business Resilience, Security & Business Excellence

Andy Hodgson has been the Vice President of Business Resilience, Security & Business Excellence for BT Global Services for the past 5 years.  He is responsible for ensuring the security and business continuity of the network, system, information, physical, revenue and people asset within BT’s 30000 people, £9b, global business services and solutions division (BTGS), which operates in 170 countries. 

BT Group Security Director, BT

Mark is the Director, BT Group Security, a position he assumed in October 2005. He is responsible to the Board for all aspects of day to day security and continuity in BT.
This involves ensuring that BT has the right policies and procedures to keep BT’s assets –whether physical, logical or information - secure from attack; to counter fraud and also to minimise disruption in the event of an incident. This includes BT's civil resilience obligations.

Director, Woodnewton Associates

Director, Cyber-Security KTN

Director of Business Systems & CIO, Department for International Development

Started career as research scientist doing mathematical modelling, moving into IT management. Joined CAB International as Director of Information Technology in 1994. Moved to Dialog in 1999 to rebuild CD-ROM technology team after relocation to the UK. Became Head of Technology UK after Dialog acquired by Thomson, responsible for three product lines. Joined DFID in 2004 as Head of Information Systems, became CIO in 2006. Recently taken new position as Director of Business Systems, including CIO and SIRO roles, covering Information Systems, Knowledge and Information Management, Capital Portfolio Management, and the Centre of Excellence for Project and Programme Management.

Head of Security Practice, Logica

Gavin started his career working with the Ministry of Defence within the Procurement Executive. Gavin joined Logica and worked in their Space Division on security aspects of both military and commercial systems, working on a range of projects in commercial and delivery roles. He was appointed as Head of the Logica’s Security Practice in 2005 and has driven their focus on excellence and growth to this day. Gavin’s expertise is known internationally and he has presented at several international conferences and is currently deputy chair of the security working group for an international standards body for security.

ISSA-UK and Chair of the Information Security Awareness Forum

Dr David King has over 25 years of experience in security. He is the Head of Information Risk Management at Aviva, where he has been since December 2002. Prior to joining Aviva, David was Vice President and Chief Security Architect at JP Morgan Chase. He has also worked for Cap Gemini and ICL Defence Systems. David sits on a number of industry committees including the ISSA-UK Advisory Board (joint deputy-chair), British Standards Institute IST/33 (covering the UK interest in the 27000 series of standards) and the Cyber-Security KTN Steering Group. He is a founding member and chair of the Information Security Awareness Forum which is an umbrella organisation of almost two dozen professional bodies and institutions co-ordinating security awareness in the UK.

Director UK Security Advisory Services, Symantec

John Kirby has worked for Symantec for nearly 4 years. He leads the UK Security Advisory Consulting Team that delivers consultants into specialised roles within UK Government and provides bespoke security solutions working with Industry partners. John left the Army in 1999 having completed 30 years in the Royal Signals. He became particularly concerned with Information Security during operational tours in Northern Ireland and as the Commanding Officer of the UK Divisional Signal Regiment during the First Gulf War.

Principal Researcher, Qualitative Research, ICT Futures Centre, BT Group

Chief Technology Office Dr Hazel Lacohée joined British Telecom (UK) in 1998 and is a Principal Researcher undertaking qualitative social research for the ICT Futures Centre, BT Chief Technology Office. She is responsible for investigation of the commercial, socio-economic and customer impact of ICT applications and systems and providing thought leadership on the social and market implications of communications technology. She is currently focused on issues concerning privacy, security, trust, data collection and public surveillance and is lead author of the Trustguide report.

Technical Director, CESG

Dr. Ian Levy is a Technical Director with a wide remit and range of responsibilities at CESG, the National Technical Authority for Information Assurance and part of GCHQ.

CBI & Shell

Richard is an IT Strategy Consultant with a long interest in the application of internet technology, and in particular the use of Digital Signatures. Richard has been an active member of CBI’s eBusiness working group and presented at events on identity and document security. Also with BERR and UK Oil & Gas (formerly UKOA) to promote common document security practices. Richard holds a PhD in Biochemistry and a Masters in Operational Research. His career has spanned OR and IT in government, retail banking and the oil industry. He is a Fellow of the Operational Research Society.

CIO, FCO

Tony is the Chief Information Officer for the Foreign and Commonwealth Office, the department in the British Government representing Britain's interests overseas. He sits on the Main Board and is the Board champion for Gender Diversity. Prior to joining the Foreign and Commonwealth Office, Tony has spent over 20 years working in a number of IT roles in the private sector. He has worked in different industries including Insurance (Friends Provident), Transportation (British Airways), FMCG (Pepsi) and Retail (Safeway Stores plc). Most recently Tony was responsible for all globally delivered services for The BOC group, an industrial gases company.

VP Marketing, Clearswift

Stephen joined Clearswift as VP Marketing in October 2006 with responsibility for worldwide marketing strategy, brand, product positioning, demand generation and corporate communications.  Prior to Clearswift, Stephen was Global VP Marketing Communications at MessageLabs 2003-2006, a provider of managed Internet security services. Stephen was responsible for the global go to market strategy and demand generation.

Head of IT Security, Department for Work & Pensions

Kevin has led IT Security within DWP since August 2005, following a 20 year appointment with BT where he had responsibility for developing and implementing security services for a broad customer base. Kevin is also currently chair for the CIO CTO Council Information Assurance domain team.

Director Business Protection, Nationwide

Steve is Director for Business Protection within Nationwide with responsibility for the Special Investigations, Information Security and Business Continuity departments. Steve's main goal is to assess, control and manage the fraud, IS and BC risks that threaten the ongoing survival of the business and protect both Nationwide and their customers' assets.

Director of Infrmation and Ntewrk security, BT

Dr Robert Nowill (Bob) is the Director of Information and Network Security at BT and is the leader of BT’s End-to-End Security Professional Community. Before joining BT in 2005, Bob was the Director of Technology & Engineering and Board Member at the UK’s Government Communications Headquarters (GCHQ). His career has also included periods with MoD (Defence Procurement Agency and Research Agencies), in The Netherlands with The SHAPE Technical Centre, and research at Cambridge University Engineering Department.

Director of Security & Privacy for Public Sector, Deloitte

James is responsible for Deloitte’s information security consulting services to UK Government and has been involved in a number of high profile complex assignments for clients including HM Revenue & Customs, Home Office, Department for Children, Schools and Families, Ministry of Justice and Cabinet Office.

Cabinet Secretary and Head of the Home Civil Service

Sir Gus O'Donnell took over as Cabinet Secretary on 1 August 2005. Prior to that, he was Permanent Secretary to HM Treasury (July 2002-July 2005). Before that he had been Managing Director, Macroeconomic Policy and International Finance since 1999. From 1998-9 he was Director of Macroeconomic Policy and Prospects, and from 1997-98 was the UK's Executive Director to the IMF and World Bank. He has also been Head of the Government Economics Service, the UK's largest employer of professional economists. Gus O'Donnell studied economics at the University of Warwick and Nuffield College Oxford.

Keynote summary

CEO, Institute of Information Security Professionals (IISP)

Gerry O’Neill started as CEO of the IISP on 1st April 2008, bringing a wealth of experience in the field of Information Security, Risk Management, Audit and Governance, in both the public and private sectors. Gerry has held senior security, risk and audit positions in a number of major consultancies, and in financial services and government, over a period of more than 20 years. He is currently also the Senior European Representative for I-4 (the International Information Integrity Institute), a member-driven group of top global organisations, through a programme and schedule of face-to-face meetings and forums, teleconferences and intelligence-sharing techniques.

CIO, DCMS

Mark O’Neil is currently CIO for the Department for Culture, Media and Sport. Mark has worked on a large number of major IS and information assurance programmes and has helped to shape domestic and European IA policy. He is currently working on a major project around secure collaborative working and is working with a range of partners on opportunities around innovation and entrepreneurship.

Managing Director – EMEA, Thales

Ross Parsell is the Managing Director for the EMEA region for the e-security activities, Thales. His role is to support the go to market strategy for the products and services offered by Thales, this includes directing the efforts of the Sales and Marketing activities, engineering and operational delivery in order to maintain the position of our offerings as best in class. Ross is from an Engineering background. He joined Thales from Ultra Electronics Datel where he was Managing Director. During this period he delivered many large projects including the avionics software programme for Tornado, new contracts with Boeing on the 787, the PC21 new trainer aircraft mission system for Pilatus, secure networks for the UK MOD and secure e-business solutions.

Mike Payne FCMI
Director of Architecture, Strategy and Compliance & CTO, Ministry of Justice

Mike is an IT professional of over 20 years working in commercial as well as the public sector. Mike leads the Strategy, Architecture and Compliance branch responsible for delivering the MoJ wide ISO27001 programme and Cabinet Office/Hannigan deliverables. The team deal with IA Policy, Strategy and Operations across a complex IT landscape providing services to HMG, citizens and suppliers.

Director, GCHQ

The presence of Sir David highlights the importance of this high profile event. David Pepper became Director of GCHQ on Monday 7 April 2003. Prior to this, David was formerly Director of Policy and Resources at GCHQ from October 2000. He was responsible for strategic and business planning, financial and resource management and procurement; and for policy on foreign relations and support to military operations. He joined GCHQ in 1972, and has spent most of his career in intelligence production.

Chief Information Security Officer & Head of Accreditation, DVLA

Dave is currently the Head of Information Security at DVLA and is also the Network Accreditor. He has the responsibility for the security of one of the UK’s biggest on line organisations, and ensuring compliance with the recent Cabinet Office data handling guidelines. Previously Dave was the Corporate Risk Manager at DVLA and won the award given by ALARM as UK Risk Manager of the year.

Managing Consultant, Security Architect, IBM 

Ian is a managing consultant in the IBM Security and Privacy Practice specialising in security strategy and high level security architecture for the financial services and public sectors. He has worked on major systems integration projects at IBM and has led security assessment and architecture teams. Ian has specialist knowledge of security policy and compliance (including COSO and CoBIT), identity management, strong authentication (including biometrics) role based access control and Public Key Infrastructure (PKI).

Consultant, Cabinet Office

Dougie Rowlinson retired from the Army in 2006 on completion of 30 years of service in the Royal Corps of Signals. As a Colonel he led the project team responsible for delivering MoD’s £1.2Bn PFI deal that delivered its secure telecommunications service. On promotion to Brigadier he became the Director of Strategy at the Defence Communications Services Agency. His last role within the Army was to conduct MoD’s fundamental review into Information Assurance (IA) from policy to its practical implementation. On retirement, he set up his own consultancy business. He currently works for CSIA as the lead for the Compliance work-stream of the National IA Strategy.

University College London 

Prof. Angela Sasse is the Professor of Human-Centred Technology at University College London. She has been researching human aspects of security, identity, privacy and trust for over a decade. She currently chairs the Cybersecurity KTN Human Vulnerabilities SIG.

Information Assurance Director, National Security Agency

Dick Schaeffer is the Information Assurance Director at the National Security Agency (NSA). The Information Assurance Directorate (IAD) is responsible for the availability of products, services, technology and standards for protecting and defending the nation’s critical information systems from adversaries in cyber space. Prior to leading the IA Mission at NSA, Mr. Schaeffer was Chief of the National Security Operations Center (NSOC).