Category Archives: Speaking

Webcast on Thursday 11th August

On Thursday 11th August at 6pm London (or 10am if you’re in San Francisco) I’ll be giving a webcast of my popular RSA Conference presentation, “How to Explain Cybersecurity to the Board Using the Simple Metaphor of fire”. You can register here:

I presented this on the first day of RSA Conference in February and I assumed that because it was the Monday before the conference proper started not many people would come. I was really wrong. The room was full and I understand some people couldn’t get in. Some of the feedback I had afterwards included:

Speaker provided clear and constructive recommendations to facilitate discussion of technical subjects with non-subject matter experts. Very enjoyable.

This was a fantastic presentation and provided a great insight on a different way of thinking about presenting security with a publicly recognizable twist. Will definitely use his analogies in the future.

So if you’d like to find a simple way to explain some of the cyber security principles to colleagues and your C-suite this webcast may be useful. If you can’t attend in real-time I understand that a recording will appear on the RSA Conference website afterwards.

Is your employees’ privacy one of the first casualties in the battle to secure your information systems?

I’m speaking about the trade off between network security and employee privacy at the International Association of Privacy Professionals (IAPP) European Data Protection Congress in Brussels on the 2nd December.

In the face of modern cyber-threats, communication monitoring and surveillance are essential for the protection of corporate information. But monitoring technology is often intrusive of the privacy of system users and, ironically, the capabilities of modern cyber-solutions can bring increasing privacy risks for system users. What are the threats to user privacy of IT monitoring and surveillance tools that allow network communications to be retained for subsequent analysis and replay? What are the legitimate expectations of privacy in the workplace? How can the tensions be reconciled? Here, we will examine the threats presented to the privacy of system users by latest-generation monitoring technologies. We will explore the challenges involved in reconciling the need for robust system security with legal obligations to respect the privacy of system users. We will also consider strategies for managing these challenges and associated legal risks, including PIA and security risk assessments.

What you’ll take away:

  • An understanding of the privacy risks posed by latest-generation monitoring technologies.
  • Strategies for minimising privacy risks, including an appreciation of the role of consent in programmes of workplace surveillance both now and under the draft GDPR.

I’m really pleased to be co-presenting with Heledd Lloyd-Jones, a specialist privacy lawyer with Bird & Bird. Heledd sparked my interest in the intersection of privacy and information security seven years ago when I attended her brilliant ISEB Protection training course.

There are lots of other really interesting sessions at the conference, I’m really looking forward to The Ten Million Dollar Question: Managing Privacy Risks in Your Supply Chain and Cloud Privacy: How Do International Certification Standards Fit with the Proposed EU Regulation?

Registration for the conference is open now.