RISCS Advisory Board

Government members:

  • Samantha Dowling, Home Office
  • Emma GreenDepartment for Digital, Culture, Media and Sport (DCMS)
  • Kerry Gibson, Ministry of Defence
John Madelin

John Madelin

Cognizant

RISCS Advisory Board Chair

John has 25+ years experience in Customer-facing roles in the Cyber Security Industry – from finance, through sales and marketing, to service delivery – with 10 of those years running professional security services and managed security services.

He has a consistent track record of delivering results whether for a startup company (Entrust), mid-tier (RSA Security), or large integrator (BT, Verizon and Cognizant), and is known for commitment to deliver on the commitment associated with large security programs, and is equally comfortable delivering tactical program outcomes and maintaining the focus on strategic roadmap.

John is an accepted member of the UK security community with strong Architectural expertise.​ He has high-end solution field-sales and sales management experience with a track record of success and is comfortable operating at Board level within client companies.

    Jane Chappell

    Jane Chappell

    Arcanum Information Security

    Jane is a Fellow of the British Computer Society with an MSc in Information Security and MBA in International Management, and one of a small group of security SMEs with two NCSC Lead certifications. She is Operations Director of Arcanum Information Security Ltd, a National Cyber Security Centre (NCSC) certified company, which she co-founded in 2008.

    A cyber security professional with over 20 years experience, she has advised numerous organisations including. Jane was senior member of the UK planning team at Johns Hopkins University for EXERCISE CYBER GUARD, co-led by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) with over participant 100 organisations, spanning government, academia, industry and military allies. She is a former regular RAF officer with a background in logistics and intelligence.  As a military reservist, alongside her civilian career she was the first woman to command the Army’s largest cyber security unit and was the Single Service lead on the Cyber Defence Working Group. She was Committee member of the Information Security Specialist Group of the British Computer Society for 5 years and a Cyber Security Challenge host and assessor 2014-18.

    Peter Davies

    Peter Davies

    Thales

    A bit about me: I love what I do, approach everything with energy and enthusiasm and can always see an angle. As a Technical Director of Thales in the UK I have been their leading expert on Cryptography responsible for providing cryptography and information security direction and expertise on a variety of products and projects. Previous work includes the development and certification of flexible and interoperable commercial security solutions that are also widely used by governments; these solutions are available worldwide and support the security of both communications and informatics in an international, multi grade environment. My specialist knowledge is at the core of the cyber defence and forensics activities that I undertake combatting existential treats against business. I can, and have, interacted on security and products at any level from Prime Minister, through Board to deep technical including Agencies, Certification Labs and partners developing and sustaining business opportunities worldwide.

    I have generated patents in the area of digital DNA and my research covers aspects of technical security as well as aspects of super-identities and their role in combatting human based cyber-attacks. I have lead EU security research contract and have acted as a n expert on others. As well as contributing to standards I am a frequent speaker at international conferences and deliver lectures to postgraduate information and cyber security programmes in the UK and worldwide.

    Tim Roberts

    Tim Roberts

    AlixPartners

    Tim co-leads AlixPartners’ global cyber security and privacy team. He helps clients navigate the complex challenges of cybersecurity, technology, enterprise risk management, and compliance. He has more than 30 years’ experience in the areas of risk management, technology, and financial services as well as senior management experience in running operations and technology in a regulated firm.
    Tim has advised clients across industries on cybersecurity, risk management, regulatory compliance, and technology transformation. He previously led a global security consulting practice at IBM, served as chief operating officer of an investment firm, and was a partner at McKinsey, where he cofounded the firm’s risk management practice.
    Tim has a Master of Arts in Mathematics and Philosophy from Oxford University and a black belt at judo.
    Paul Taylor

    Paul Taylor

    KPMG

    Paul Taylor is Chair at Beyond Blue and was previously Partner, Cyber Security in Financial Services at KPMG in the UK.
     
    Paul has led the delivery of some of the most demanding national security programmes in the UK, operating at the very highest levels of government. He is uniquely qualified to understand the evolving threat environment, as well as having an exceptional track record of driving and delivering change in complex organisations. Paul’s contribution to the world of science technology was recognised by his election as a Fellow of the Royal Academy of Engineering in 2013.
     
    Paul’s areas of expertise are Aerospace and Defense; Government and Public Sector; Intelligence and Security.
     
    Previous to KPMG, Paul was Deputy Managing Director at AWE plc, responsible for providing the AWE Board and UK Ministry of Defence with assurance of delivery of the c£1Bn pa nuclear warhead programme, and before that, Director General of Technology and Chief Information Officer (CIO) in a Central Government Department, and Director General of Strategic Technologies and then Director General of Equipment in MOD.
     
    Paul was the first Chief Executive of the Defence Science and Technology Laboratory (DSTL). The post carried responsibility for all elements of defence research and the 3000 staff that were retained within government following the split of MOD R&D activities into QinetiQ and DSTL.
    Larry Hirst

    Larry Hirst

    RISCS Advisory Board Vice-Chair

    Until 2010, Larry Hirst was chairman of IBM Europe, Middle East and Africa. He represented IBM to the European Commission, NATO and the EDA on issues of international public policy and business regulation. He was responsible for the company’s corporate citizenship, environmental affairs, intellectual property, standards development and university relations activities across the region. 

    He has been Chairman of the Transition to Teaching Committee, reporting to the Secretary of State for Education, a Commissioner for the Governments Employment and Skills Council. He was the Chairman of the UK Trade and Investment Executive Board, reporting to the Minister for Trade. He was the Chairman of e-skills the Sector Skills Council from 2003-10. He was a Member of the British Airways International Advisory Board 2012-16 and was a non-exec director and Chair of the Remuneration Committee of ARM Holdings Plc 2011-16. Until 2018 he was the Senior Independent Director of MITIE Group plc 2010-2018. He is an adjunct Professor and an Advisory Board member of the Data Sciences Institute at Imperial College having been Chairman from2014-18.

    He was an Advisor to the Presidential Advisory Council on Information Society and Development (PIAC) in South Africa. In December 2009, he was announced as a private sector Business Ambassador by the UK Prime Minister, a role created to promote UK excellence.

      Oz Alashe MBE

      Oz Alashe MBE

      CybSafe

      Oz Alashe MBE is CEO and Founder at CybSafe, a behavioural science and data analytics company that builds software to better manage human risk. A former UK Special Forces Lieutenant Colonel, Oz is focused on making the society more secure by helping organisations address the human aspect of cyber security. He has extensive experience and understanding in the areas of intelligence insight, complex human networks, and human cyber risk & resilience. He’s also passionate about reducing societal threats to stability and security by making the most of opportunities presented through advancements in technology.

      Oz was made an MBE in 2010 for his personal leadership in the most complex of conflict environments. Oz chair’s the UK Government’s (DCMS) Cyber Resilience Expert Advisory Group. He also sits on the Advisory Board for the Research Institute in Sociotechnical Cyber Security (RISCS). He’s an Expert Fellow at The Security, Privacy, Identity and Trust Engagement NetworkPlus (SPRITE+), as well as the Royal United Services Institute (RUSI).

      Adam Shostack

      Adam Shostack

      Shostack & Associates

      Adam is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He is an affiliate Professor at the Paul G. Allen School of Computer Science & Engineering at the University of Washington, an advisor to the UK’s Research Institute for Sociotechnical Security, and an advisory board member at the Journal of Cybersecurity and the Privacy Enhancing Technologies Symposium. 

      He’s also a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and helps startups become great businesses as an advisor and mentor. 

      While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.

        Ruth Boumphrey

        Ruth Boumphrey

        Lloyd's Register Foundation

        Dr Ruth Boumphrey is currently the Director of Research at Lloyd’s Register Foundation, a global charity protecting life and property and supporting education, engineering-related research and public engagement. She is responsible for a large portfolio including grants, direct charitable activities and accelerated innovation actions through their international trading arm. She recently chaired the first Royal Academy of Engineering Frontiers of Engineering for International Development.

        She has experience in the marine science and technology sector, holding a BSc in Environmental Science and a PhD in Ecotoxicology, and has previously held roles as the Head of Earth Observation for the UK Space Agency; as the Head of International at Natural Environment Research Council (NERC) and for Research Policy and International Division at the Department of Environment, Food and Rural Affairs (DEFRA).

        Ruth is a Council member at the Welding Institute and Chair of the TWI innovation network. She previously sat as a Council member at Lancaster University.

        George Mudie

        George Mudie

        ASOS

        ASOS is one of the UK’s largest online fashion retailers, having grown from its start in 2000 to an organisation with over 23 million active customers around the world. With offices in London and New York and fulfilment centres in the US, Germany and the UK, ASOS operates at scale both as a direct retailer and as an online marketplace (which brings varied cyber security challenges).

        George is ASOS’ Chief Information Security Officer, drawing on over 25 years’ experience in intelligence, telecoms, media and retail to the task of keeping ASOS’ systems and people as safe as possible in the context of rapid software and cloud evolution and deployment. George works across the whole organisation to understand and manage risk in the most rounded way possible and to build resilience. George sits on a number of National Cyber Security Centre and National Crime Agency advisory groups.

        Stephen Khan

        Stephen Khan

        Stephen is an information and cyber security practitioner, and international speaker with 20+ years of experience working for global firms across financial services, healthcare, and defence. Stephen has held senior positions at firms including HSBC, RBS, GSK, and Siemens with experience of global regulatory and cyber security frameworks to drive execution and implementation for the management of risks to support business strategies especially as technology and business models are changing at pace.

        Stephen is passionate about people and shares his knowledge and experience by coaching and mentoring senior leaders, and young people to achieve their potential. He believes people come into the workplace to do their best work, so leaders need to provide a positive empowered culture allowing teams to thrive and deliver the best outcomes through people, process, and technology.

        He contributes to the Cyber Security community as Chairman of Club-CISO advisory board by engaging with 500+ global CISO executives on important matters affecting cyber security and risk leaders and their organisations.

        Stephen is chairman of White Hat Events which is a Cyber Security charity supporting the amazing work performed by NSPCC Childline in the protection of vulnerable young people

        Darren Desmond

        Darren Desmond

        The AA

        Darren spent 16 years in the British Army, serving with the Royal Military Police Special Investigation Branch as well as Military Intelligence, enjoying overseas tours in the Balkans as well as Iraq and Germany.  On leaving the military, Darren has undertaken roles with a UK Government GOCO organisation, Betfair, Capita Clinical Solutions, Virgin Media, Cyjax, EY and latterly as the CISO with one of the most recognisable brands in the UK, The AA. He has spent the majority of his career in an investigations / legal role, focussing on cybercrime investigation and the development of threat intelligence.  Latterly he has moved into a more strategic role, focussed on a broad range of Information Security challenges.

        Darren is currently responsible for the overall security strategy at the AA, including the subsidiary companies.   He has managed GDPR programmesmajor crypto currency fraud investigations and cyber security framework assurance projects, as well as traditional (!) ISO27001 implementations, gaining over 27 years in the security sector.

        Mark Raeburn

        Mark Raeburn

        Accenture

        Mark leads the global Cyber Investigations and Forensics Response (CIFR) team at Accenture Security. In this role, he is combining an existing CIFR team with two organizations Accenture acquired in 2020: Symantec Cyber Security Services and Context Information Security. Mark is unifying the approaches and methodologies used for response and ensuring that the combined teams consistently maintain high standards. The global group conducts all manner of investigations including simple malware infections, complex ransomware attacks and full nation-state-level attacks on major corporations and government organizations. 
         
        Mark has more than 30 years of experience in the security industry. He helped found CREST, the not-for-profit accreditation and certification body representing the technical information security industry. He chaired the CREST management committee for its first seven years. He also helped the Bank of England create CBEST, a cybersecurity framework designed to help financial institutions identify areas of vulnerability that could be exploited by cyber-attacks. 
        Mark enjoys watching rugby and gets out on his Harley when the weather is good. He has three adult children, one of whom also works at Accenture.