Black Hat Executive Summit

U.S. Department of Homeland Security Advisory Council

Jeff Moss advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic. He sits on several advisory boards helping enterprises make informed decisions on cyber risks.

In April 2011 Mr. Moss was appointed as the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers as well as maintaining the root zone of the Internet. This position involved managing the IT security of the ICANN networks and information systems, the physical security of ICANN facilities and meetings, and ensuring that ICANN meets its security and resiliency commitments to the multi stake holder community that oversees ICANN. This position involved extensive international travel and coordination with governments, law enforcement, and operational security communities in support of discussions around Internet Governance and security. Mr. Moss left this position at the end of 2013.

Moss is the founder and creator of both Black Hat and DEF CON, two of the most influential information security conferences in the world, attracting over ten thousand people from around the world to learn the latest in security technology from those researchers who create it. Prior to creating Black Hat, Jeff was a director at Secure Computing Corporation where he helped establish their Professional Services Department in the United States, Asia, and Australia. His primary work was security assessments of large multi-national corporations. Jeff has also worked for Ernst & Young, LLP in their Information System Security division. Because of this unique background Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and the responsible application of disclosure.

Jeff is currently a member of the U.S. Department of Homeland Security Advisory Council (HSAC), providing advice and recommendations to the Secretary of the Department of Homeland Security on matters related to homeland security. Jeff is a life member of the Council on Foreign Relations, which is an independent, nonpartisan membership organization, think tank, and publisher.

In 2013, Jeff was appointed as a Nonresident Senior Fellow at the Atlantic Council, associated with the Cyber Statecraft Initiative, within the Brent Scowcroft Center on International Security. In 2014, Jeff joined the Georgetown University School of Law School Cybersecurity Advisory Committee. Jeff is also active in the World Economic Forum, and recently became a member of the Cyber Security Global Agenda Council for 2014-2016. In addition, Jeff earned the ICSA President's Award for Public Service in 2011.

Dr. Kenneth Geers works at Very Good Security. He is an Atlantic Council Cyber Statecraft Initiative Senior Fellow, a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, and a Digital Society Institute-Berlin Affiliate. Kenneth served for twenty years in the US Government: in the Army, National Security Agency (NSA), Naval Criminal Investigative Service (NCIS), and NATO. He is the author of "Strategic Cyber Security", editor of "Cyber War in Perspective" and "The Virtual Battlefield", and technical expert to the "Tallinn Manual".

Victoria Baines is a leading authority in the field of online trust, safety, and cybersecurity. She frequently contributes to major broadcast media outlets on digital ethics, cybercrime, and the misuse of emerging technologies, including Extended Reality and Artificial Intelligence. Her areas of research include electronic surveillance, cybercrime futures, and the politics of security. She also provides research expertise to a number of international organizations, including Interpol, UNICEF and the Council of Europe.

Toks is responsible for the global delivery of information security at Dentons, the world’s largest law firm. He has over 20 years of experience working in security, technology, and privacy, across a number of industries.

Toks is an experienced and strategic business risk leader. He has a particular passion for team building and development, strategy, security, operations and architecture, data protection, compliance and audits, and enterprise culture, awareness, and training.

Toks has contributed to the business and technology community through information sharing, groups, speaking engagements, and multi-industry networking. As a strong supporter of education and schools, he has provided support in areas of security, data protection, user awareness, and cloud transformation.

Asli Yildiz worked as the Head of Legal for the Data & Marketing Association UK, and boasts a wealth of experience in legal risk management on corporate and company-related matters, distribution channels and systems, data protection, anti-bribery & corruption, competition laws, regulations and regulated markets and mergers & acquisitions. Prior to her work with DMA UK, she was a data privacy and cyber security lawyer at Taylor Wessing LLP and a legal counsel at Canon EMEA HQ for emerging markets.

Alan Jenkins is a highly confident, effective and adaptable leader, manager & team player, with some 30 years experience in all facets of security, particularly cyber and enterprise security risk management, with a focus on 'value-at-risk'.

During his career as a senior RAF Police officer, he accrued extensive operational exposure in the UK & overseas, in both multi-national & multi-agency environments, against the backdrop of a broad threat spectrum & across all 3 of the so-called physical, personnel & information security pillars. His ‘hard' experience is complemented by softer skills & broad general management experience, incl corporate governance, strategic planning, program management, business continuity, cyber resilience & crisis/disaster/incident response activities.

Since leaving the RAF in 2006, Alan has added management consulting plus business development, delivery & pre-sales experience in both Public & Private sectors in the role of a Trusted Advisor & SME. After spells at CSC & T-Systems as UK Chief Security Officer, responsible for end-end security governance, operations and risk, he joined Babcock International Group as their first CISO in Apr ‘13. Alan led the delivery of significant improvements in the Group's cyber security capabilities to the benefit of the wider business & its customers. After a year as an Independent, he joined IBM Security in Nov ‘15 as an Associate Partner leading activities in the UK’s FinSvces Sector; he also led the delivery of a £multi-million security workstream as part of a £1.2 billion contract with a Tier 1 Bank. Alan returned to freelancing in Aug ‘18, working through Cybercorre & then joined a start-up, Guardian Cyber Services, in Jan ‘19, before landing an all-too-brief role @ 2-Sec Consulting. He’s been on contract to Hitachi Europe’s Security Business Group since Oct ‘19. He has also been CISO-in-Residence at CyLon Labs since Mar ‘19 supporting 2 Cohorts of startup/scale ups and supporting a CyLon Spark workshop in Oman in Feb ‘20.

Bev Allen is an information security professional with more than 30 years of experience in delivering operational and strategic privacy, information security and information risk management, including the development and delivery of security and privacy policies, standards, and security training, in a variety of culturally diverse organizations and industries. Currently working with tools to analyze and produce data-based metrics and management reporting, using that data to measure and monitor control performance and gaps, underpin and drive corrective action for security control failures, and to support information security assurance reviews.

Andrew Rose is Resident CISO for the EMEA Region at Proofpoint. His focus is driving Proofpoint’s people-centric security vision, strategy and initiatives amongst the company’s customer base, bringing hands on experience, knowledge and perspective in managing risk and improving cyber security posture across complex enterprises. Andrew was previously Chief Security Officer of Mastercard subsidiary Vocalink, who are responsible for much of the UK’s instant and bulk payments covering over 90% of UK salaries, over 70% of UK bill payments and nearly all UK benefit payments.

Andrew brings with him a wealth of additional industry expertise from several CISO roles including at the UK’s Air Traffic Control provider, NATS, where he oversaw a security transformation and contributed to the design of the next-generation air traffic control system. Andrew has also held CISO roles at top-tier global law firms Allen & Overy LLP and Clifford Chance LLP and was a Principal Analyst at Forrester Research where he covered the role of the CISO and Security Culture and Awareness as two of his specialty areas.

A familiar face in the UK and European cybersecurity community, Andrew was recognized as “European CISO of the year” at the SC Media Europe Awards 2018 and has previously won awards for devising and leading the “Best security awareness program” (UK Cyber Security Awards 2015).

Andrew holds a Master’s degree in information security and is a regular speaker at global security conferences.

Quentyn Taylor has a wealth of experience in both the IT and information security arenas and, in recent years, has focused his attention on building business relationships across the world. Quentyn has driven strategy to highlight the importance of document security and help business customers to minimise security risk. Quentyn strongly believes in educating users about the importance of a comprehensive, overall security framework that will allow business customers to improve security in a cost-effective way. During his career, Quentyn has worked in a variety of industries for a number of organisations including outsourced service providers, Internet service providers as well as Dotcom businesses.

Dinis Cruz is CTO and the CISO of Glasswall. He brings a unique blend of Security and Engineering expertise with 20+ years of experience in Cyber Security and Software Development. Dinis is focused on creating teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productization and commercialization of advanced technologies.

Carole Embling has worked in the world of Information Security since the turn of the century, first in Royal Mail as the Compliance, Communications and Awareness manager for the whole Group, having spent the 20 years ‘learning the business inside out’. She then spent 6 years at Prudential Group Head Office working on group-wide Information Security compliance. Carole then worked at BMJ Publishing Group as their Information Governance and Data Protection Lead. She joined Metro Bank in May 2019 as Information Security Manager – Awareness and Behavior Change.

Naveed Islam is the Chief Information Security Officer at Dojo - a payment acquirer focusing on Small to medium businesses. He joined at the beginning of 2021 with the remit to build and embed a dedicated security function that aligns with the fast-moving nature of a fintech.

Prior to Dojo, Naveed was at Currys for 4 years serving as the Deputy CISO and latterly as the CISO. He started his career in consulting working in various client-facing roles at Cisco, Accenture, Dell and PwC.

Rob Rodger is passionate about building world-class security functions, which are a business enabler; delivering security solutions that enable the organization to explore opportunities that previously they would have been too cautious to exploit, while operationally managing the ever-increasing threat.

His approach to security is that of common sense; efforts must be equally focused on doing the basics flawlessly and driving systemic improvements through the broad exploitation of intelligence, data, automation, and machine learning in a sound security architecture. Rob is a career security professional with over 25 years of experience in banking security. I have a proven track record of building high-performance teams to deliver quality and effective security practices.

Daniel Cuthbert loves doing security research. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds to organized criminal networks and nation state we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS) and sits on the UK Government Cybersecurity Advisory Board.