Sparking Knowledge and Innovation in Cyber Security
Join us on the 7th September. We look forward to seeing you there.
The First Time CIISEC Live Comes To Scotland...
Join us on the 7th September
We are thrilled to announce that Chartered Institute of Information Security (CIISec)'s flagship event CIISec LIVE will make a comeback as a physical event on the 7th of September 2022.

This year the event will be situated at Edinburgh Napier University and will take on the overarching thematic of ‘inspiring the next generation of cybersecurity professionals’. This concept along with the event being positioned at Edinburgh Napier really aligns with their values of nurturing talent and creating knowledge for shaping communities all around the world.

Our vision for the event is to bring the community together and focus on the networking and knowledge sharing aspect of the incredible talent our industry has to offer. This is the first time CIISec Live is situated in Scotland which will really allow delegates and exhibitors alike to harness Scottish connections and to build new relationships within the Scottish Community.

The 7th September will be a content driven day with an array of subject matter experts presenting on current trends in the field, the corporate perspective, an academic standpoint on how to prepare for the profession, as well as incorporating a law enforcement element for our ICDIP members with content from the National Crime Agency (NCA).
Edinburgh Napier University, Craiglockhart Campus
219 Colinton Road, Edinburgh EH14 1DJ
Date & Time
September 7, 2022, 8:00 AM - 5:30 PM
Confirmed Speakers
We have some truly inspirational speakers covering topics focusing on innovation and combatting emerging threats. Topics include:

• Cyber Resilience
• Protecting the national infrastructure and understanding new trends in attack.
• People Development
• Voice Biometrics
• IoT
• The future of cybersecurity posture and attack surface management
• Changing behaviours in real time
David Ferbrache OBE FCIIS
chair, National Cyber Resilience Advisory Board
David Ferbrache is the chair of the National Cyber Resilience Advisory Board for Scotland, advising the Scottish Ministers and government on all aspects of cyber. David has been involved in cyber security for over 35 years. He is the managing director of Beyond Blue, a cyber resilience consultancy. David also is the global head of cyber futures for KPMG, advising on innovation, emerging technologies and thought leadership. In his spare time, David is also a cyber reservist in the British Army. Over his career David has worked with some of the largest firms in the world to advise on cyber threats, security operations and resilience issues; as well as having advised many governments on their national cyber security strategies and policy frameworks. David was previously the Head of Cyber and Space for the Ministry of Defence, having spent 25 years in government service. He is fellow of the Chartered Institute of Information Security and the British Computer Society. David was made an OBE for his contribution to national security post 9-11.
Alex Woerndle
Alex is an experienced director, manager, consultant, infosec professional and keynote speaker with a broad range of experience across the IT sector. With education and experience spanning finance, risk, strategy, sales/marketing, information security, managed services, distribution, and IT, he has worked with all levels of organisations across 3 decades of business ownership, board roles, management and consulting. Alex is co-founder and executive director for MyEmpire Group, a specialist information security consultancy. Via his virtual CISO work at MyEmpire, Alex provides security management and leadership to a range of organisations from start-up through to ASX50 listed enterprises and government organisations. Alex has extensive board experience having served as a non-executive director of the Australian Information Security Association for over 6 years, .au Domain Administration Ltd, and over 3 years as a member of Australian Conservation Foundation’s Finance, Audit and Risk Committee.
Basil (Vassilios) Manoussos
Manager, Cyber academy
Basil brings more than 13 years of experience in Digital Forensics as an Expert Witness, working with legal professionals in Scotland and the rest of the UK, as well as a 30+ years overall industry experience.
His background includes working for organisations like IBM, Abbey National and HM Government. He has been running Strathclyde Forensics Ltd, one of the top Digital Forensics agencies in Scotland for over a decade.

Since 2017 he has been working at the School of Computing, with a primary scope of raising the profile of The Cyber Academy and help create awareness of cyber threats to businesses, individuals, the third sector and the state, in Scotland , the UK and around the world.

Working extensively with the Law Society of Scotland; he is a member of the Panel for the Accredited Legal Technologists, and he has developed (and delivers) the Cybersecurity Certification of the Society.

Basil is a regular speaker to Scottish Universities and Colleges, and a visiting lecturer at the Faculty of Law, at the Catholic University of Lyon and Sheffield Hallam University.
Benoit Heynderickx MCIIS
Benoit Heynderickx is a Principal Analyst with the Tools and Methodologies team at the ISF and joined in 2017. He is the subject matter expert for supply chain information risk management and is responsible for promoting the full ISF Supply Chain Security suite of research and tools. Benoit is also the project lead for the Cloud Security research and has developed expertise in Quantitative Information Risk.
Prior to the ISF, Benoit worked in information security risk, compliance and assurance for over 15 years both as a consultant, project manager and senior manager. Benoit covered various roles with responsibility for the SOX IT compliance programme, ISMS deployment and third-party risk assurance programme.

Benoit is a CIISec Full Member, holds the CISA and CRISC accreditation from ISACA, CCSK from CSA and an MSc in Information Security and Risk from London City University.
Bill Buchanan OBE
Bill Buchanan is a Professor who leads the Blockpass ID Lab at Edinburgh Napier University, and a Fellow of the BCS and Principal Fellow of the HEA. He was appointed an Officer of the Order of the British Empire (OBE) in the 2017 Birthday Honours for services to cybersecurity.
Bill lives and works in Edinburgh, and is a believer in fairness, justice, and freedom. His social media tagline reflects his strong belief in changing the world for the better: "A Serial Innovator. An Old World Breaker. A New World Creator." Bill’s work has led to many areas of impact, including three highly successful spin-out companies (Zonefox, Symphonic Software and Cyan Forensics), along with awards for excellence in knowledge transfer, and for teaching
Dr Georgina Brown
Lancaster university
Georgina's research combines a number of subareas of speech science. She is mainly interested in forensic speech technology (accent recognition and speaker recognition systems) and how we can use phonetic and sociophonetic research to uncover the inner workings and potential of these technologies.
Ian Daft
Ian heads the NCA’s work on the biometrics of voice analysis, facial recognition and environmental geolocation. In each area he is pioneering the delivery of new capabilities to re-enforce criminal justice outcomes. Previously, he has held positions within the Agency regarding Financial Intelligence, Policy Development and Covert Operations. Prior to joining the Agency he served with the MoD and FCOD in a number of domestic and overseas positing including within the EU Intuitions as well as various European and Asian countries
Ivo Gonçalves 
Global Account Manager, ISF
Ivo is the Global account manager with the Account Management team providing support and reports to ISF Members and the ISF Management, is the first line of support for the ISF Benchmark Web portal and supports the Membership Plus rapid security assessment (RSA).

Ivo started at the ISF in 2014 as an account manager working with Members on a scheduled basis to better understand priorities and highlight ISF capabilities available as part of their ISF Membership.
Jacques Ophoff
Senior Lecturer, Abertay University
Dr Jacques Ophoff is a Senior Lecturer (Associate Professor) in the Division of Cybersecurity at Abertay University. He teaches various security-related topics at undergraduate and postgraduate level, including security in software engineering, digital forensics, and human aspects of security. His research focuses on all levels of cybersecurity from individual to national level but is particularly focused on management and human aspects of security. He is the Scottish Informatics and Computer Science Alliance (SICSA) Cyber Security research theme co-lead, and current Vice-Chair of IFIP Working Group 11.8, which focuses on Information Security Education. He holds an Honorary Research Associate position at the University of Cape Town, South Africa.
Dr Karen Renaud
University of Strathclyde
Karen Renaud is a Scottish Computing Scientist based at the University of Strathclyde working on all aspects of Human-Centred Security and Privacy. She was educated at the Universities of Pretoria, South Africa and Glasgow. Her research been funded by the Association of Commonwealth Universities, the Royal Society, the Royal Academy of Engineers and the Fulbright Commission. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. Her research approach is multi-disciplinary, essentially learning from other, more established, fields and harnessing methods and techniques from other disciplines to understand and influence cyber security behaviours.
Amanda Finch MCIIS
CEO, chartered institute of information security (CIISEc)
Amanda Finch is the CEO of the Chartered Institute of Information Security (CIISec) and has specialised in Information Security management since 1991. She has always been an active contributor to the industry and for many years she has been dedicated to gaining recognition for the discipline to be recognised as a profession.  
Over her career she has been engaged in all aspects of Information Security Management and takes a pragmatic approach to the application of security controls to meet business objectives. Through her work she has developed an extensive understanding of the commercial sector and its particular security needs. In her current role she works with Industry, Government and Academia, assisting all sectors in raising levels of competency and education.

Amanda has a Masters degree in Information Security, Full Membership CIISec and is a Fellow of the BCS. In 2007 she was awarded European Chief Information Security Officer of the year by Secure Computing magazine, as well as most recently in June 2022 being awarded the inaugural ‘Editors Choice’ award by SC Media UK for her dedication to Diversity, Inclusion and Professional Standards within the industry. Amanda is frequently listed as one of the most influential women within the industry.
Kevin Streater FCIIS
Vice president, forgerock
Kevin Streater is an expert in IT & Cyber Security skills development with over 20 years’ experience as a specialist in competency assessment, digital credentialing and educational technology.  Kevin is a vice president at ForgeRock, a leading provider of digital identity solutions, where he heads the global customer education business.  Before ForgeRock, Kevin was Executive Director, Employer Engagement at The Open University after 19 years in various technical and management roles at Sun Microsystems.

Kevin is chair of CEdMA Europe, the IT vendor education management trade association, Fellow of the Chartered Institute of Information Security, Trustee and Chartered Fellow of BCS - The Chartered Institute for IT, Chartered Fellow of the Chartered Management Institute and Fellow of the Learning and Performance Institute, Liveryman of the Worshipful Company of Information Technologists and head judge for the UK IT Industry Awards and has a degree in Computer Science from City University, London, and an MBA from The Open University.

Ken Munro
IoT security is something of a conundrum. The team at Pen Test Partners publish independent research in to the security of numerous smart devices, exposing poor security practice by device manufacturers. Sadly, it’s often consumers that are the victims of this inattention to security.
Ken looks after vulnerability disclosure at Pen Test Partners and influences government policy on IoT cyber security. Whilst some disclosures are successful, the majority are a train wreck. Watching vendors try to ignore contact from researchers, fumble or try to silence the process led him to working with regulators in an effort to fix the problems at source. He considers carrot AND stick are the only way to resolve smart product security.
The work of his team on My Friend Cayla, the vulnerable talking kids doll, was cited as one of the catalysts for California Senate Bill 327, regulating IoT security for California residents. He’s briefed US government departments and spoken at TEDx, DEF CON villages, RSA, Black Hat, BSides and numerous other security events. If you want his attention, just market your smart device as ‘unhackable’. Ken is also a member of the CVE Board.
Paul Baird FCIIS
Paul Baird is an IT veteran with over 24 years’ experience, and has spent the last seven years focusing his efforts in cybersecurity. Paul’s background has included building a security ethos and security operations centre (SOC) from scratch for several leading enterprises in the UK housing and automotive industries. Having moved to the vendor side to join Qualys as their Chief Technical Security Officer (CTSO) in 2021, he now drives Qualys’ vision for cybersecurity at C-Level across customers and partners in the UK and North EMEA. He is a people-focused leader and passionate about supporting his team. Paul was awarded a fellowship by the Chartered Institute of Information Security (CIISEC) last year for his continued contribution to cybersecurity.
Andy Cobbett FCIIS
Board director, chartered institute of information security
Andy is an experienced Chief Information Security Officer, with 17 years of managing cyber risk within the Oil & Gas sector and Financial sectors. He is currently a CISO, where he holds strategic responsibility for information and cyber security, data privacy and information governance within the organisation.

Prior to his current role, Andy was the Chief Information Security Officer for Corporate Functions at BP PLC, where he set the strategic direction and provided full oversight of information security and cyber security for BP’s twenty-one Corporate Functions.

Andy is also a Director of the Chartered Institute of Information Security, and a keen advocate of professionalization of the UK’s Information Security industry.
Piers Wilson FCIIS
Head of Product Management, Huntsman Security
Piers is Head of Product Management for Huntsman Security, with responsibility for Huntsman’s security analytics, automation, control monitoring and cyber posture solutions.
As part of the security industry for 25 years, he provides strategic and technical direction to the development and deployment of Huntsman Security solutions and the creation of specific thought leadership on current and future security trends such as automation and threat response, threat intelligence, security analytics and operations, cyber security risk, ransomware and attack surface management. He is a regular speaker at conferences or industry forums and has written numerous articles and white papers.
Before joining Huntsman Security, he was in the senior team in the cyber security practice at PricewaterhouseCoopers where he advised clients on emerging technology risk, cyber security, monitoring, data loss prevention, cloud security, managed security service provision and enterprise mobility. He is also a director of the Chartered Institute of Information Security (CIISec).
Rich Macfarlane
lecturer, Edinburgh napier university
Rich Macfarlane has been a Lecturer in the School of Computing at Edinburgh Napier University since 2009, playing a key role in the creation and development of the GCHQ certified MSc Advanced Security and Digital Forensics programme ( and leading the course for the last six years. Rich also collaborates with law enforcement, and industry within the Cyber Academy (, which he co-founded with Prof. Bill Buchanan.

Working within the Networking, Cyber Security and Digital Forensics research group, and focused on research in the areas of Offensive Network Security, Pentesting, Digital Forensic Triage, and Online teaching and E-learning for cyber security. Research in teaching for cyber has focused on authentic, immersive virtualised environments and activities, as well as online learning pedagogy. Digital forensic research included techniques for triage which led to a ground breaking Forensic spin-out company Cyan Forensics ( Current research in offensive-security includes honeypots for attack analysis, and Ransomware detection methods including forensic triage of live memory.

Rich is also heavily involved with the wider cyber security community, especially in Scotland, such as as working with schools to support cyber security engagement and teaching, and helping to start and his current moderator role with the Cyber Scotland Connect (@SecScotland) community organisation. He is also an active member of the NCSC educational community group which is made up of course and research lab leaders from NCSC accredited institutions.
Rory Alsop FCIIS
Rory has spent the last 22 years building and growing security teams to help companies the world over cope with ever increasing cyber threats, focusing not just on technology, but also on the behaviour and culture of consumers and users of technology. As an advisory member of various boards, a Fellow of the Chartered Institute of Information Security, and a volunteer with BSides, Defcon and Security Stack Exchange one of his ongoing goals is to help individuals, communities and organisations continually improve their security and safety.

Shortlisted Finalist for Scottish Cyber Awards Cyber Evangelist of the Year, Cyber Security Awards Financial Services team of the Year, Institute of Risk Management Cyber Risk Strategy of the Year award, and shortlisted Global Risk Management Team of the Year 2015. Rory was also was part of the committee that helped the ISACA Scotland chapter win the K Wayne Snipes award for best large chapter in Europe in 2016 and become a finalist for the Scottish Cyber Awards 2017.
Dr. Sanjana Mehta
Senior Director, Advocacy, (ISC)²
Dr. Sanjana Mehta supports (ISC)²’s global advocacy strategy while also operating as the lead advocate in advancing the organization’s public policy and thought leadership goals in the United Kingdom. She joined (ISC)² in 2019 and was responsible for developing a strategic understanding of markets and customers in the EMEA region. Sanjana served on the UK Cyber Security Council formation project board to oversee the launch of the new Council. Sanjana has 20 years of experience in the education sector. She has worked in India, Belgium, and the UK in a variety of roles, such as research, program management, product development
Annabel Berry
Chief Executive, Sapphire
Appointed as Chief Executive Officer of Sapphire in 2015, with a career spanning over 21 years in the cyber security industry, Annabel has been recognised by CRN as one of the most influential women in the UK IT channel and included in their A-List for 2019 and 2020. Excelling in leadership, the development and implementation of new strategies and identifying emerging technologies, Annabel also takes an active involvement in encouraging more women into the cyber security industry. She is proud to be on the advisory board for the Ladies of London Hacking Society and also a Leadership Fellow at St. George’s House, Windsor Castle.
Sally Walker
Sally Walker spent 25 years in the national security community, 16 years of which were in the senior civil service in various crisis management and military support roles.

A civilian graduate of the Higher Command and Staff Course at Shrivenham, her final job in government was to design and deliver the National Cyber Force, as Director Cyber for GCHQ and in full partnership with Ministry of Defence. She also had joint responsibility for the National Offensive Cyber Programme, led many aspects of the UK’s partnership with US Cyber Command, and was GCHQ’s diversity champion for over a decade.

Now enjoying daylight and a second career in leadership and talent development, she is currently a board chair in local UK government and a non executive for her “new tribe”, WithYouWithMe, while also working with a portfolio of clients from all sectors of society.
Mary Haigh FCIIS
Chief Information Security Officer, bae systems
Mary is the CISO for BAE plc, responsible for ensuring they maintain a strong cyber security posture as an organisation as well as in the products and services delivered to customers. Prior to this role Mary was the Director of Cyber for the Applied Intelligence division of BAE Systems, responsible for developing the cyber vision and strategy, as well as the roadmap and go to market strategy for their cyber products and services.  She joined BAE in January 2015 holding a number of roles including Product Director for the Managed Cloud and Security Services business. Prior to that she led the Technical Roadmap for the Cyber Security Division in QinetiQ having had various roles in QinetiQ since 2001, including heading up the Cyber Security Services business group and the Cross Domain Products business group.  

Mary has worked in the cyber security domain since 2009, prior to that working in semiconductors research and then specialising in Intellectual Property management.  Her PhD was in semiconductor physics.
Steven Coutinho
Associate Director, Ipsos UK
Steven Coutinho is an Associate Director at Ipsos and leads on the Cyber Security policy area. He currently leads projects for the Department for Culture, Media and Sport (DCMS) in this area, including the UK Cyber Security Labour Market Research and the UK Cyber Sectoral Analysis Study.
Steven Furnell FCIIS
professor of cyber security, university of nottingham
Prof. Steven Furnell is a Board member of the Chartered Institute of Information Security and professor of cyber security at the University of Nottingham. His interests include security management and culture, usability of security and privacy, and technologies for user authentication and intrusion detection. He has authored over 350 papers in refereed international journals and conference proceedings, as well as various books, book chapters, and industry reports. Steve is also the UK representative to Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a member of related working groups on security management, security education, and human aspects of security
Tim Ward
Tim is CEO and Co-Founder (with Dr Mike Butler) of Think Cyber Security Ltd. ThinkCyber offer the next generation in Security Awareness. Their Redflags™ software product applies behavioural and learning science theory, in a highly innovative approach to deliver context-sensitive just-in-time guidance.
Tim has worked in IT for more than 20 years both in consulting and corporate IT with organisations including Logica, PA Consulting, Sepura and was previously Global Head of IT for the cyber division of BAE Systems (previously known as Detica). Tim graduated top of his year in Computer Science with AI at the University of Leeds, holds an MBA from the Open University and a Post Graduate Diploma in Entrepreneurship from Cambridge University.
Tim posts daily on security awareness and behaviour change topics on LinkedIn and is proud to have helped ThinkCyber gain significant recognition for their Redflags™ product: TechUK Cyber Innovator of the Year 2021; SC Award Europe (Best Professional Training Programme); CyberTech100; TechInvest GovTech Top 10; Finalists in NYC Mayor’s Cyber Security Moonshot Challenge; members of TechNation Cyber 2.0 cohort; members of London Office for Rapid Cybersecurity Advancement (LORCA) cohort 1; Finalists [email protected] 9.0.
Siân is Director of Security Business Development and Strategic Growth for Microsoft. She has worked in Cybersecurity for nearly 25 years working in strategy, business risk, privacy and technology.

She currently chairs the Programme Advisory Board for the Digital Economy theme and has supported several Department for Digital, Culture, Media and Sport and Engineering and Physical Sciences Research Council (EPSRC) review boards including the Cyber Centres of Doctoral Training and Academic Centres of Excellence for Cyber.

She is Chair of the Cybersecurity Management Committee for TechUK. She is a member of the advisory boards for ISCF Digital Security by Design and LORCA, the UK government startup accelerator.

Siân is a Fellow of the Chartered Institute of Information Security. In 2018 she was appointed MBE for services to Cybersecurity.
Harry McLaren MCIIS
Established technology leader with 15 years of experience in IT and cybersecurity. Currently focused on solving complex cyber-related problems at SenseOn as a Senior Product Manager and Security Engineering Squad Lead. Security Operations subject matter expert and "Blue Team" obsessed! Active member (and founder) of the Scottish cyber community Cyber Scotland Connect.
Todd Wade
Todd Wade is a Principal Consultant at CRMG and senior technology leader, having served as CTO at Skechers, a major retail presence globally. Todd brings a fresh perspective to the world of cyber security and risk, being able to apply the Senior Executive’s lens to fundamental cyber risk management concepts.
Jill Trebilcock FCIIS
Jill is currently a Director of CIISec, with a focus on our relationship with the UK Cyber Security Council.

Jill has completed a number of roles in information security and resilience in different industries since joining the "computer audit department" of what is now PwC.

Her current focus is on reporting to the Board and Security with metrics that are meaningful and useful for decision making to both parties, as well as creating and maintaining policies which are used, readable, agreed, sensible and as short as possible.
The Lord Provost
Lord Provost of Edinburgh
A City of Edinburgh Councillor since 1984, Robert Aldridge became the city's 258th Lord Provost and Lord Lieutenant on 26 May 2022.
An elected member for Drum Brae/Gyle, Councillor Aldridge is the Council’s longest-serving member with over 30 years experience. He was part of the administration from 2007-12, serving as Environment leader, and has been a Bailie since 2012.
Synopsis of talks
Keynote - David Ferbrache (National Cyber Resilience Advisory Board) - Resilience is key!
Are organisations prepared to deal with a major cyber incident? - and what lessons can we draw from ransomware, wipers and other disruptive attacks?

How can we look beyond cyber security to build the ability of firms to respond and recover from an attack - and what are the changing expectations around resilience?

What does this mean at the national level - and what do nations need to do to build their national resilience in the face of increasing state cyber attacks?
Developing Cyber Capability - CIISec leads the way!  - Kevin Streater (ForgeRock)
What does success look like for you and for your teams? How do you develop capability that really supports your needs in a cost effective and speedy manner? How do you retain expertise within the organisation and ensure that your teams feel valued? Whether you are developing raw talent or seasoned campaigners, CIISec’s adaptable, mature and proven frameworks and development programmes will be able to take you or your teams to the next level and beyond.
Our adversaries seem to have the upper hand - Fireside chat with Paul Baird (Qualys) and Rory Alsop (Tesco Bank), moderated by Siân John (Microsoft)
It would appear cyber criminals have an unfair advantage, they do need to play by the same rules as us, and money is no object. As an industry what do we need to do to tip the scales back in our favour?
When the world goes wrong - Alex Woerndle (MyEmpire)
Distribute.IT was a leading Australian web services provider, boasting almost a 10% market share of domain names in Australia, and tens of thousands of web hosting clients. Over a 9-year period the founders built their start up to an enviable market position with operations in Australia and Indonesia. Within a 30-minute period on June 11, 2011, a malicious hack on the company's data centres started a waterfall effect that ultimately wiped the company out in under 2 weeks. Alex will share his insights of the effects of the Distribute.IT incident, along with some other major incident responses he has supported in recent years.
Polling the polls – Examining the cyber security profession and its workforce (Ipsos, (ISC)² & CIISEC)
Ipsos, (ISC)² and CIISec have all conducted recent surveys looking at the cyber security labour market, the nature of the workforce, and the overall state of the profession.  But what are they seeing and what does it mean for those looking to find, recruit or retain cyber security expertise?  In this session, panellists from each of the organisations will share some of their high level results and headline findings, offering the opportunity to identify both the common ground and any areas of divergence.  The panel discussion will then offer the opportunity to explore further, giving you an informed insight into industry trends and challenges.
Voice Biometrics - Ian Daft (NCA) and Dr Georgina Brown (Lancaster University)
In this session Ian Daft will provide an introduction into the implications for law enforcement of voice analytics covering the investigatory, ethical and societal challenges. Dr Georgina Brown, will then provide an insight in to the current state of play with voice analytics, the scientific limitations and future potential.
Focusing on Innovation: Building A More Trusted, Private and Secure Future - Prof Bill Buchanan OBE (Edinburgh Napier University)
This presentation will look at the role of innovation in the creation of new products and services, including in how start-up/spin-out companies can sustain their route to success. It will also outline some of the most important areas of Cybersecurity innovation over the next decade, and in finding funding sources, especially focused on university/industry/public sector collaborations. Along the way, too, the presentation will outline some cybersecurity fundamentals and in how we can build a solid foundation for our future based on research and development.
The Future of Cyber Security Posture and Attack Surface Management - Piers Wilson (Huntsman Security)
An overview of ways to measure cyber security posture and manage your attack surface. Plus the relationship between posture, risk of ransomware and cyber insurance including customer experiences that demonstrate the challenges and importance of accurate cyber security metrics for organisations, their partners and insurers.
Can we change behaviours in real time? - Tim Ward (ThinkCyber)
This session will explore the science and theory behind behaviour models to help us understand why risky behaviours happen, and more importantly how to stop them. From research that questions the efficacy of teaching at the point of failure in phishing tests, to behaviour models that highlight the need for timely cues. We will hear how a real-time approach can allow awareness to form part of incident response and actively prevent incidents. This talk will offer real world examples and ways that all organisations can apply the theories to drive secure behaviour change.
Trust and IOT in the SAME sentence? - Ken Munro (PenTest Partners) & Mary Haigh (BAE Systems)
A retrospective review of the recent progress of IOT over the last couple of years and can we really secure it.  Be prepared for swearing kids dolls, snooping toy phones, hot water and plenty of other silly hacks!
Cyber security education, what have we learned? – Academic Panel
One of the key routes into cyber security is via the pipeline of graduates emerging from universities.  In Scotland and the wider UK we have numerous universities offering cyber security programmes and related modules at both undergraduate and postgraduate levels, with several now offering certified degrees and holding designations as Academic Centres of Excellence for Cyber Security Education from the National Cyber Security Centre.  In addition, our universities are home to an extensive range of research activities that help to advance and inform the next generation practices. At the same time, there continue to be questions about the suitability of academic education to prepare graduates to become cyber security practitioners, as well as the extent to which cyber security is sufficiently represented in degrees where students are not directly seeking to specialise in it. This panel, including representatives from CIISec Academic Partners and other universities offering cyber security degrees, will discuss these aspects and draw upon the direct experience of those involved in delivering the student experience.
Cyber Risk: Playing the board at their own game - Todd Wade (CRMG)
Drawing on his years of experience in dealing with the 'people at the top’, Todd will share practical insights for how we can repurpose often complex and dry cyber risk information to achieve value-focused conversations at Board level.
Educating the next generation of cyber security professionals - Benoit Heynderickx (ISF) & Ivo Gonçalves (ISF)
The Information Security Forum (ISF) has been a supporting member of the CIISec Associate Development Programme (ADP) for several years. Recognising the value of the programme, both our experienced information security professionals and those new to the subject are taking the courses. In addition, ISF analysts are delivering lectures sharing the wealth of experience and security expertise we have at the ISF.

In this session you will learn how to:
- Motivate your students to learn and develop their cyber security skills and knowledge through a programme like the ADP
- Understand some of the common challenges experienced by students on the programme and how to overcome them
- Explain the benefits offered by the programme to aspiring students and mentors
- How to complement the programme with a wide range of ISF research, tools and expertise.
Diversity Panel Session: It can’t be just all talk and no trousers!  - Annabel Berry (Sapphire), Sally Walker (WithYouWithMe), Andy Cobbett (CIISEC)
We all know there is an under-representation and under-utilisation of many groups across our society within the infosec and cyber world. We have all heard a lot of talk about developing an inclusive approach to address this and to attract talent from the different sectors to the profession. We all know that we need to develop a profession that represents and supports the society that we live in and grow the professionals of the future. We all know this is the right thing to do to strengthen the profession but how can we really do this quickly and pragmatically with everything else we have to face! Our panel are actively working in this sector and making a difference. They will share, their insights, their visions and their success stories with practical advice on how we can all address this.
CIISec LIVE Location
Edinburgh Napier University, Craiglockhart Campus

219 Colinton Rd, Edinburgh EH14 1DJ

Boasting up-to-date teaching and learning facilities, the Craiglockhart campus is set in beautiful grounds overlooking Edinburgh. The Craiglockhart campus is well-served by public transport to and from the centre of the city. In addition, there are numerous cycle paths in the area and bike storage facilities on site.

Further information can be found here.

Recommended Hotels:
Fountain Court Apartments
Hampton by Hilton Edinburgh West End
Moxy Edinburgh Fountainbridge
The Bruntsfield Edinburgh
StayCity Aparthotel
Premier Inn Edinburgh Park (Airport) Hotel
Sponsoring CIISec Live enables you to showcase your organisation in our exhibition zones and gives you the chance to be associated with the Chartered Institute for cyber and information security.

Our package for exhibitors is not just about presence at the event, it is about an ongoing relationship with the wider CIISec community. We will create visibility for your brand on our website and showcase you both during and after the event.
Don't miss out.
Join us on the 7th September. We look forward to seeing you there.
Want to get involved?
If you'd like to sponsor or register your interest in speaking at CIISec LIVE 2022, please fill out the details to get in touch.
About Us
The Chartered Institute of Information Security (CIISec) is the only pure play information and cyber security institution to have been granted Royal Charter status and is dedicated to raising the standard of professionalism in information and cyber security.

CIISec provide a universally accepted focal point for the information cyber security profession, it is an independent not-for-profit body governed by its members, ensuring standards of professionalism for training, qualifications, operating practices and individuals.

CIISec has a growing membership that represents over 25,000 in the information and cyber security industry.

Visit us at

Processing Registration...