ISACA Winchester

| A | B | C | D | E | F | G | H | I | J | K |L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |

Arnie Bates is the Information Security Officer for Unum Limited, an income protection insurance provider. Prior to that he was the European Information Security Manager for Air Products PLC, a subsidiary of Air Products and Chemicals Inc., one of the world’s leading gases and chemicals companies, supplying speciality gases for a broad range of markets in over 30 countries.

He holds the CISA and CISM accreditations with the ISACA organisation. He is also a Certified Information Systems Security Professional (CISSP) with the ISC2 organisation and holds a qualification in forensic investigation techniques from a leading forensics company in Oregon, USA. He is currently a member of the Institute of Internal Auditors’ Technical Development Committee and actively participates in several Special Interest Groups on Information Security.

Arnie presented to the Winchester SIG on September 17th with the topic 'Privacy or Security...is there any such thing?'. To see this presentation click here.

Colin is a Director in the London office of KPMG IT Advisory in the United Kingdom. He leads the development and roll-out of the KPMG Business Systems Control service line in the UK and advises multi-national clients on ERP controls issues for SOX and other corporate governance initiatives.

Colin has 16 years experience SAP audit, security, and controls design. He has worked for KPMG since 1986 in audit, consulting, and service development roles and led the development of KPMG’s global IT advisory SAP group.

He has worked with over 40 clients on various aspects of SAP controls and security and helped major clients to achieve SOX compliance in their SAP implementations.

He is currently leading 3 separate SAP SoD projects and has worked on projects using SAP-GRC, Approva, CSI and in-house developed SAP security tools. He is working on a ground-breaking project which is integrating a manual SoD framework into SAP-GRC Access Control.

Colin presented to the SIG on December 17th with the topic ' Top Control and Security Risks in SAP'. To see this presentation click here.

Gary is the Data Protection Manager at Air Products PLC , the UK subsidiary of Air Products and Chemicals Inc, a major industrial gas company operating in over 40 countries. Prior to his current role, Gary was Compliance Manager in the company’s Global IT Group, following an assignment in Internal Audit. He has been involved in data protection for 8 years and is now responsible for developing and implementing the company’s data protection programme globally

He is a Metallurgist and Chartered Engineer, and has had several positions in technology and business development in a career of almost 30 years with Air Products.

Gary presented to the SIG on March 18th with the topic 'European Data Privacy and Binding Corporate Rules'. To see this presentation click here.

Mark is currently the service line owner and lead architect for the IBM Identity and Access Management Service across Europe. He has worked in IT security and risk management for the past 15 years and his current role is providing technical leadership for near 1000 customers delivering identity and access management for outsourcing customers. Prior to that, he was an Information Security Manager for the largest of IBM's global outsourcing accounts in the Finance and Insurance industry and he was a Principal Consultant for IBM's Security and Privacy practice in the UK. In the past he successfully took IBM AIX through ITSEC security evaluation.

Mark is the author and trainer for IBM's Method for Architecting Secure Solutions, and he holds the CISM accreditation from the ISACA organisation.

Mark presented to the SIG on December 17th with the topic 'Globally Integrated Identity Management Successful Deployment in Phases'. To see this presentation click here.

Responsible for Europe, Middle East and Africa markets. Justin Coker has over 15 years of software sales and management experience with the last 10 years spent in the IT security sector. Prior to joining Skybox Security in 2005, Coker managed Symantec's UK Retail Finance Sector. Coker holds a Bachelor of Arts degree in Business Studies from Manchester University and is a member of the Chartered Institute of Marketing.

Justin will present to the Winchester SIG on October 21st with the topic 'Risk Management, Art or Science'.

Jason has worked with the ISF for fourteen years, playing a key role in the development of ISF projects, particularly in the production of best practice guides and has helped to shape international security management standards.

He is responsible for completing a wide range of the ISF’s research and development projects on topics including Return of Security Investment (ROSI), wireless LANs, spyware, third-party access and virus protection. He has run highly successful projects associated with web servers and Windows operating environments and is the primary author of the ISF’s Standard of Good Practice.

Jason is a qualified computer auditor and prior to joining the ISF was IT audit manager at BOC and worked in the banking industry for Barclays Bank.

Jason presented to the Winchester SIG on October 15th with the topic 'Setting the Standard'. To see this presentation click here.

Mel Glass has spent all of his working career in IT – working for vendors including IBM, WANG, and BEA. Mel as helped a number of start-up companies succeed in Europe, by taking an exciting new technology or solution and bringing it to the market. Mel is currently European Business Development Manager for EASA, a company formed from a technology initiative that started life in the UK atomic Energy Authority. EASA’s technology is used to implement control and management around end-user computing. In the recent past there have been high-profile instances of mis-reported positions where the underlying technology, usually spreadsheet-based models, existed outside of the audit, control and management procedures around core business technology. EASA addresses this issue. Mel presented to EUSPRIG, the European Spreadsheet Risk Interest Group, in Paris earlier this year and EASA’s technology clearly struck a chord. Zurich Financial Services are implementing EASA to place product pricing models in a controlled environment.

Mark has worked in the Engineering, Pharmaceutical, and Automotive industrial sectors since the mid 1980's and he is presently shaping and developing Information Security at General Motors in the role of Global Manager for Information Security Strategy and Planning.

He is accountable for the direction of Information Security encompassing Governance; Strategy, Planning, Policy, Risk Management, Communication, and Education and Awareness.

He is a serving Director on the ISACA London Chapter board, and Chairman of the ISACA Winchester Special Interest Group.

Mark has appeared in print in Computer Weekly, and SC Magazine, he is a CISM item writer, content author for the CISM Review Manual, and he has shared his experience and knowledge on various special interest groups and expert panels including CSC Leading Edge Forum, Secure IT Summit, BisContinuity, and the CISO Interactive Panel at the Infosecurity Europe International Press Conference. He holds the ISACA CGEIT™, and CISM™ certifications, is a CISSP™ with ISC2, and is a Fellow and Chartered Member of the British Computer Society.

Mark presented to the Winchester SIG on February 18th 2009 with the topic 'You are an Avatar - Near and Present Danger'. To see this presentation click here.

Richard Hollis is the founder and CEO of Orthus, a European information security consulting firm headquartered in London specialising in cost-effective, product agnostic IT security solutions. He is a seasoned security professional with over 20 years industry management experience, and extensive hands on experience in designing comprehensive IT security, business continuity and disaster recovery programmes for more than one hundred blue chip high tech companies throughout Europe.

Richard's career has included time spent as Director of Security for Philips Communications, Deputy Project Security Director to the US Embassy Moscow Reconstruction Project and numerous sensitive security positions within the US Government.

His expertise has been shared via numerous articles and white papers, and in appearances on BBC, Channel 4 and CNN, as well as appearing in print in Time, SC, InfoSec, Computing and Computer Weekly.

Richard presented to the Winchester SIG on January 21st 2009 with the topic 'Social Engineering - Identity Theft'. To see this presentation click here.

Simon has worked for two of the world's largest professional services firms as an Information Security specialist. Simon is KPMG’s PCI Service Leader Europe, and also heads KPMG's Information Security Services practice in the North of England.

His primary industry focus has always been financial services (payment cards, investment and retail banking, insurance, exchanges) but his client base has also included local councils, NHS, major manufacturers, retailers and telecoms clients.

Simon presented to the Winchester SIG on November 19th with the topic 'PCI Compliance'. To see this presentation click here.

Membership Director ISACA London Chapter, and Managing Director LHS Business Control

John has been active on the London Chapter Board for many years and has previously held the positions of President, Treasurer, Academic Relations, External Relations and Marketing. He was a founder member of ISACA International’s Government & Regulatory Affairs Board and has been involved in a number of Programme Committees for EuroCACS. and has been awarded ISACA’s prestigious John Kuyers award for best conference contributor

He is an international authority on corporate governance, the management of audit departments and the impact of regulatory and compliance issues on the delivery of audit and IT services. He has presented papers on these subjects at many international conferences. Within the UK, he runs regular seminars on governance, the problems associated with the development and provision of computer systems and the detection and prosecution of computer criminals.

John is a Chartered Engineer, Chartered Information Technology Professional, a Certified Fraud Examiner, a Certified Information Systems Auditor, a Fellow of the Institute of Internal Auditors (UK) and a Fellow of the British Computer Society where he is a past member of its governing Council. He was recently awarded ISACA’s new qualification, Certified in the Governance of Enterprise IT (CGEIT).

He has over 30 years practical audit experience and an international reputation for advising organisations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post-graduate level.

John has been an expert witness in a number of high profile UK criminal cases and he has been featured in a major British computing publication as the IT Detective.

His doctorate in risk analysis techniques was awarded by City University, London, England. His MBA in financial control was awarded, with distinction, by Middlesex University, England.

John presented to the Winchester SIG on May 20th 2009 with the topic 'Computer Forensics - the good the bad and the ugly'. To see this presentation click here.

With over 10 years experience in IT security, Ken is an acknowledged authority speaking on many subjects in IT security. He founded penetration-testing consultancy SecureTest in 2002, and sold the business to the market leader, NCC Group, in 2007.

He writes articles on IT security subjects for several industry and broadsheet publications, including SC Magazine, Infosecurity, The Guardian and Financial Times. He also speaks on security subjects on the conference circuit.

Ken is now back in start-up mode, launching a new service for organisations to source high quality security consultants in a cost effective manner.

Vernon is a European leader in the field of information security management and is qualified as a ISO27001 Lead Auditor and CLAS consultant, apart from being a world-renowned speaker and founder member of the UK & International 7799 User Groups.

He is a recognised adviser to senior management on the importance of 'Information Assurance' and a European representative on the global IT Governance Institute - where he is recognised as one of the thought leaders on Information Governance.

Vernon is CISM certified and presents CISA/CISM workshops for these qualifications; and after 12 years with Deloitte's, he joined Sapphire Technologies - which is one of the UK's leading independent information security companies.

Head of Sales at SureCloud

Nick started his career in programming, working for Next Retail Limited in their Client Server team developing applications to improve supply chain efficiencies. He then moved to work as an IT consultant for InCity Solutions, a consultancy specialising in the banking and finance sector, supporting front office trade systems.

In September 1999, Nick joined Numbercraft Limited, a retail analytics software house. During his time at Numbercraft, Nick built and managed an On-demand business intelligence solution serving the needs of some of Europe's largest Consumer Goods companies. After the sale of Numbercraft to Lawson Software in 2003, Nick headed up pre and post-sales support functions for the Numbercraft solutions.

Throughout his career Nick has developed a strong reputation for meeting and exceeding customer needs and has broad experience across many business functions including product design and development, sales and marketing, and post sale services. Nick co-founded SureCloud in March 2006 and is responsible for all sales and marketing related activities.

Nick presented to the Winchester SIG on April 15th 2009 with the topic 'Penetration Testing'. To see this presentation click here.

Head of Security at SureCloud

Toby has accumulated a vast amount of experience in his 15 years in the security industry, and is now viewed as an industry authority by both peers and clients alike. Toby began his career as a successful consultant with assignments at Sybase, SBC Warburg, and many other well respected commercial organizations. UK and US Government work has exposed Toby to information security on a global level, which has resulted in him developing a unique set of skills.

Toby's specialist interest is Internet infrastructure, and complex attacks and network weaknesses originating from outside the organizations perimeter. He works closely with a number of ISPs to mitigate serious threats such as distributed denial of service, DNS poisoning and routing/tunneling attacks.

In 2000, Toby founded AIL, a boutique penetration test company servicing the security needs of a growing number of City based companies. After a successful trade sale of AIL in 2005, Toby co-founded SureCloud in March 2006. Toby is responsible for security research and development, and heads up the SureCloud consulting division.

Toby presented to the Winchester SIG on April 15th 2009 with the topic 'Penetration Testing'. To see this presentation click here.

Roger is an independent consultant focusing on IT Governance, Risk Management and Information Security.

A qualified accountant with over 20 years experience in delivering IT services and value, whilst maintaining a secure environment equip him with a pragmatic approach, experience and insight.

Throughout his career he has designed and implemented accounting and management information systems across a range of industries, including television, manufacturing and investment banking.

Roger discovered COBIT during his 18 year career with a Japanese Investment Bank in London, where for over 15 years he was CIO,

Roger is the immediate past president of the London Chapter of ISACA, During his five years on the board he was responsible for IT Governance and Standards. He has been active in both the promotion and ongoing development of COBIT since 2002. He co-ordinates the London COBIT development group and was seconded to the core COBIT development team for the version 4 re-write.

He has consulted and delivered training on IT Governance and related subjects on every continent.

He is a regular speaker on IT Governance, IT Risk , COBIT, Security and related compliance issues and this is a selection of recent events addressed:

ISACA Eurocacs March 2009 – IT Governance Stream – Role and Responsibilities for Top Executives and Board Members.

itSMF Brazil November 2008 – Keynote – ITIL and COBIT – Synergies All Around

Gartner Security Summit September 2008 – Workshop - COBIT and Val IT for the Security Professional

Roger presented to the Winchester SIG on June 17th 2009 with the topic 'The Corporate Governance of IT (ISO 38500)'. To see this presentation click here.

Responsible for Europe, Middle East and Africa markets, Alastair Williams has over 10 years experience within the IT security sector. Prior to joining Skybox Security in 2008, Williams was a Product Manager at Symantec responsible for its Antispam and Firewall solutions.

Justin will present to the Winchester SIG on October 21st with the topic 'Risk Management, Art or Science'.