Alberto Grigoletto

Chief Risk Officer, Generali IT

Alberto is currently the Head of Generali Group Operational Risk and Chief Risk Officer of Generali IT and Procurement Shared Services company. His current responsibilities include the development and implementation of the Group Capital Internal Model for Operational Risk and the management of the Group Operational and IT Risks framework. He has +20 years of experience in financial industry, also working in business process re-engineering as Head of Organization departments and leading the Project Management Office of Solvency 2 Project. Alberto holds a degree in Statistics from Padua University, Italy.

Uday Ali Pabrai

CEO, ecfirst

Ali Pabrai is a renowned, globally recognized, cybersecurity expert and member of Infragard (FBI). He is a top-rated dynamic speaker. Mr. Pabrai is the chief executive of ecfirst, a compliance and cybersecurity company. ecfirst is an Authorized HITRUST CSF Assessor. Ali served on the HITRUST Assessor Council. Mr. Pabrai is the author of several published works. He is a member of the FBI InfraGard and has served numerous U.S. government agencies in several engagements.

Allan Boardman, CISA, CISM, CGEIT, CRISC

Director, CyberAdvisor.London

Allan is an experienced business advisor helping organizations manage their information and technology risks. He trained at Deloitte Cape Town where he qualified as a Chartered Accountant before moving to London in 1986. He has held leadership roles in audit, risk, security and governance at various global organizations including GSK, Morgan Stanley, JPMorgan, Goldman Sachs, PwC and KPMG. He is a Past President of ISACA London Chapter and has served on ISACA International’s Board of Directors, Strategic Advisory Council, Leadership Development Committee and chaired its Credentialing and Career Management Board, CISM Certification Committee and Audit and Risk Committee.

Anand Prakash Jangid, CISA

Managing Partner, AJA

A passionate evangelist for tech-based disruption in Audit & Finance domain, Anand is professionally a Chartered Accountant & Certified Information System Auditor. He is Managing partner at AJA, An Organization with focus in the area of Forensic audit, IS audit, Fraud Analytics and Blockchain for Internal Audit function. Anand was part of the risk management team at Goldman Sachs, covering multiple audits across much geography for different function in the organization. His areas of specialization were Forex audit, DP audits, Anti money laundering, Basel II, BCP and operational risk.

Anders Kjaergaard, CISA, CISM, CRISC

Director, Grant Thornton Denmark

More than 15 years of experience in IT Security and auditing. Director of IT Audit & Advisory for Grant Thornton, Denmark. Most recent work has been as internal auditor in the financial sector - Central Bank of Denmark and Danske Bank.

Andrea Pompili, CISM

Cy4gate

Andrea Pompili is an information technology specialist that takes care of security. Andrea was well known in his youth to be one of the most famous Italian programmer of old computer games. Once graduated, he started working on enterprise software development, and then on computer security, following security threats and security solutions on strategic projects firstly for Wind Telecommunication and then for Telecom Italia. Currently Andrea is a strategy advisor in security and aims to discover and integrate innovative solutions for this connected world.

Andrew Neal, CISM, CRISC

President, Information Security and Compliance, TransPerfect

Andrew Neal is an executive and practitioner in the information security community. Advising on data privacy, security and litigation projects for internal and external clients around the globe, he serves as a trusted subject matter expert for business leaders and legal professionals. Andrew leverages 30 years of business, technical and risk management experience to build programs, lead teams and execute projects internally at TransPerfect and across a wide range of client organizations. An effective communicator and engaging speaker, Andrew presents at international conferences and seminars, and teaches at major universities. He is active in several professional organizations, focusing his efforts on the development of professional standards and the mentorship of other professionals. Living in Dallas, Texas, Andrew currently leads the Information Security and Compliance Services division at TransPerfect, a global business services company.

Asim Fareeduddin

VP, Regulatory Controls & IT Security Assurance, RELX Group

Asim Fareeduddin is Vice President, IT Security & Regulatory Controls Assurance for RELX. Asim has 19 years of experience in privacy, information security, compliance and audit. Asim’s experience includes building and executing audit programs, managing regulatory and injunctive relief compliance, HIPAA/HITECH, EU Data Privacy laws, SOC report, SOX audits, application and network security reviews, privacy and regulatory compliance with data privacy laws, and online privacy protection. Asim also has extensive experience in co-sourcing with external auditors as a value-added partner. Prior to RELX, Asim worked in “Big Four” IT audit/security. Asim earned his B.S. and master’s Degrees in Accounting with a Concentration in Information Systems from the University of Florida. He also holds the following professional certifications: Certified Information Privacy Professional, Certified Public Accountant, Certified Information Systems Auditor and Certified Information Security Manager. Additionally, Asim serves as a Part-Time Instructor at Georgia State University's Robinson College of Business where he teaches master’s level students on Internal Audit and Information Technology Audit.

Christian F. Nissen, CISM, CGEIT

Senior Consultant, CFN Consult ApS

Christian Feldbech Nissen has 30 years of experience in the IT domain, especially with IT service management, IT governance, IT operations and Information Security. He is recognised as an international thought leader, author and lecturer, but also as an experienced and down-to-earth practitioner striving to make things happen in real life. He has a long proven track record from around 150 of the largest private and public organisations in Denmark. Last, but not least, he holds more than 50 different certifications in IT Management, and has achieved the ITIL Master level, demonstrating that he has contributed with measurable results within all IT service management disciplines.

Claudio Cilli, CISA, CISM, CGEIT, CRISC

University of Rome

Prof. Claudio Cilli is a recognised world leading authority in the areas of National Security and Intelligence, company protection, information systems security and compliance, with over 25 years of experience. He currently advises governments and int’l companies in the cyber-security and critical infrastructures protection areas. University professor and researcher. Lesson arguments include computer science, software compilers, lexical and semantic analysers, information systems analysis and development. Member of the scientific and advisory boards. Teacher in the post-graduate master’s in computer security and IT Governance. Consultant to the U.S. Government and companies who supply the Department of Defense. Consultant at the United Nations. With many big firms, he is responsible of IS Audit and security projects, which include civil and military sectors, software quality and code security, security of the information systems and installations. Designed and implemented systems based on mainframes and distributed architecture, including Disaster Recovery and both data and physical security, information and site protection.

Daniel Gnana, CISA

Sr. Audit Manager, M.

Daniel is a senior consultant in information security governance, risks and compliance. He is also an assessor for ISO/IEC 9001 and 27001 certifications and provides training courses in cyber risks and security.

David Foote

Chief Analyst & CEO, Foote Partners, LLC

David Foote is co-founder and chief analyst at Foote Partners, headquartered in Vero Beach, Florida. A tech labor trends benchmark research pioneer and one of the most quoted industry authorities on global technology workforce evolution, he has spent more than two decades introducing groundbreaking data-driven benchmark research techniques and innovating industry practices for more accurate tech compensation benchmarking and tracking/forecasting of tech skills supply and demand. He built his reputation at Gartner and several Silicon Valley companies prior to co-founding Foote Partners in 1997. There he leads a senior team of analysts, consultants and researchers in publishing continuously updated quantitative and empirical tech labor research supported by close research partnerships with 5,470 employers in the United States, Canada, and Europe.

Dina Numan, COBIT Certified Assessor

Head of Advanced Governance & Management Consultancy Service, ScanWave Comprehensive Technical Solutions

12 years of experience in IT Service Management, Quality Assurance, Quality Control, Process Reengineering, IT Governance. Leading COBIT 5 and COBIT 2019 adoption and implementation projects in Jordan.

Frank Downs

Director and SME, Cybersecurity Practice, ISACA

Downs, an 11-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, Frank proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, he decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. He is now Director, Cyber Information Security Practices at ISACA, sharing the good news about ISACA’s Cybersecurity Nexus (CSX) platform.

Frans Szabo

Sr. Security Specialist, Rabobank

Frans Szabó has almost 30 years of experience in the banking industry. Working in -amongst others- the fields of core IT, Service- and delivery management, Continuity Management and marketing and customer support, Frans has "seen it all". In his previous position Frans protected the bank's customers against fraud through cybercrime. All the bad stuff he learned doing this, is put to use in his current role: Head of Red Teaming. Testing all of the bank's security measures as far as possible.

Graham McKay, CISM, CRISC

Data Protection Officer, Deloitte

Passionately creating, collating and communicating knowledge to enable privacy and build secure, resilient communities, Graham is a driven, impactful privacy and security leader, developing people and deploying strategies with a business enabling focus. Combining privacy, technical, legal and regulatory expertise he provides expert, actionable, strategic guidance allowing organisations to align their behaviour and culture to deliver a privacy and security focus benefiting employees, stakeholders, clients and communities. Passionate about awareness, training and education, he has delivered transformational programs for privacy, data protection and security, focused on the individual. An international conference speaker he is dedicated to delivering awareness, training and education to the widest possible audience to influence positive behavioural change and increase societal security and privacy.

Guy Herbert, CISA

Risk Futurist, Atlassia

Guy has over 25 years working in Risk, IT and Technology across the Finance, Telecommunications, Pharmaceutical and Software industries. He has managed risk, compliance, audit and technical delivery teams during this time. Guy has been thinking of better ways for Atlassian to manage IT Risk and Compliance since Sept 2013. Atlassian is an Australian company started 17 years ago that builds software to help teams work better together – products include Jira, Confluence, Bitbucket, Trello, Statuspage and Opsgenie.

Herbert McMorris, CGEIT, CRISC, CISM, CISA

Lead Practitioner, KirkpatrickPrice

Herbert McMorris is a Lead Practitioner for KirkpatrickPrice. He has over 38 years of industry experience, including network engineering, governance, risk management, and control. Herbert holds several certifications including CISSP, CISA, CISM, CRISC, and CGEIT. Herbert provides services to clients and stakeholders who are seeking to understand compliance and regulatory requirements by helping them navigate the complex world of data security.

Horst Moll, CISA, CISM, CRISC

Security Manager, Vodafone Deutschland GmbH

Horst Moll is Security Program Manager at Vodafone Germany. Before he joined Vodafone, he worked at the Deutsche Telekom, where he led the ISMS Certification for the German local market unit and was the Lead Architect for the Security Risk Management Process for Deutsche Telekom Group. Beforehand he was working as Information Security Consultant in different industries around the globe. He has a master of electrical engineering (RWTH Aachen) and achieved security certifications including CISA, CISM, CRISC, CISSP, MBCI, ISO/IEC 27001 Lead Auditor. Since 2007 he is a certified ISACA trainer.

Ian Musgrave, CISA

Head of IT and Cyber Assurance, Uniac

Ian manages Uniac’s IT and Cyber Assurance service across its client base in the UK Higher Education sector. His team focuses on reviewing all elements of ICT risk including IT Strategy and Governance, Information Security, Data Protection and Cyber Security. Ian is a Certified Information Systems Auditor, CIA and has achieved PCI Professional status.

Ira Winkler

President, Secure Mentem

Ira Winkler, CISSP is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.

Jan Anisimowicz, CISM, CRISC

Director Audit, Risk & Compliance, C&F Sp. Z O.o.

Experienced senior IT manager with over 20 years of experience in GRC (audit, risk and compliance management), Data warehousing, Business Intelligence, Big Data and data analysis. Broad business and technical perspective in telco, banking, pharma and insurance. A staunch supporter of a pragmatic, lean and cost effective approach to regulatory requirements implementation in the organizations. Active in the space of #FinTech, #InsurTech and #RegTech. Public speaker at international conferences (topics related to IT Security, Risk Management, Compliance, GRC and data privacy). Involved in the process of analysis and verification of how artificial intelligence could support auditors in the space of IoT, Big Data and dispersed IT environments. Strong supporter of blockchain technology, which in his opinion should be widely used based on Smart Contracts with respect to data privacy principles (Privacy By Design). Member of the blockchain working group under the supervision of the Polish Ministry of Digital Affairs. Active participant of international organizations: ISACA (CISM & CRISC certificates), PMI (PMP certificate) and IIA (Institute of Internal Auditors).

Jason Miller

IT Security Assurance Manager, RELX Group

20+ years in networking, security, audit/assessment; CISSP, CIPP/US, MSIA; Masters in Information Assurance – Norwich University (Northfield, VT) Relevant Experience: +Worked in “Big Four” with Information Security & Cybersecurity Groups +Information Security Assessments +Managing security programs for Banking, Healthcare, & Business Services

Joseph Vest

Director of Training, SpecterOps

Driven by his curiosity, perseverance, and passion for technology, Joe Vest's mantra for his work and teaching is: "Often the journey of an experience can be as valuable as the end." Joe has than 17 years of experience in red teaming, penetration testing, and application security. Experience ranges from authoring and instructing a SANS red team course, to owning and operating a security consulting company, to acting as technical lead for a DOD red team. He has also worked in numerous commercial sectors, which has given him extensive knowledge of cyber threats, tools, and tactics, including threat emulation and threat detection. Today, Joe is the training director at SpecterOps where he uses his experience in red team operations, cyber threat analysis, cyber threat emulation and replication, application security, vulnerability assessment and mitigation, and incident mitigation to train and educate. Joe has a variety of professional certifications. When he's not teaching or evangelizing about cybersecurity, you'll find Joe out skateboarding or paddle boarding with his son.

John Wallhoff, CISA, CISM

Advisor/Management Consultant, Scillani Information AB

John Wallhoff (CISA, CISM, CISSP), president ISACA Sweden Chapter, is a management consultant and advisor in IT & Security and Fraud & Corruption. With practical experience in analytics for over 20 years, he has gained a sense of what data can do to an organization and can still get fascinated when having data at his fingertips.

Jorke Kamstra, CISA

IT Risk Manager, Euroclear

Jorke Kamstra is a fireman wearing a suit and a tie. My focus at Euroclear is on IT cyber resilience, assessment methodology and policy building. As a risk manager I identify, challenge and advice on existing cyber practices. Previously I was a banking regulator, project manager and a Unix system engineer. I am passionate about communication and public speaking and I am convinced that creating a platform for communicating our problems, risks and threats enables us all to learn from feedback and better prepare for success.

Jose Ramon Coz Fernandez, CGEIT, CRISC, CISM, CISA

Cyber Internal Auditor, European Space Agency

He has over twenty years of experience in the field of ICT covering different positions: auditor, project manager, consultant, architect and analyst. Currently working as GNSS Cyber Internal Auditor at the European Space Agency, and he is a researcher in the Department of Applied Economics at the Complutense University of Madrid. He is professor at several institutions, universities and business schools. He collaborates as a reviewer for several international journals and he is member of several committees and IT associations.

Joseph Mayo, CRISC

Program Manager, J. W. Mayo Consulting LLC

Joseph W. Mayo is an award-winning project manager and Internationally recognized risk management expert. Mr. Mayo is an Information Technology professional with over 28 years of experience. He holds a bachelor’s degree in Information Technology and a master’s degree in Information Systems. Mr. Mayo is a PMI certified Project Management Professional (PMP), Risk Management Professional (RMP), holds Certified in Risk and Information Systems Control (CRISC) credential from the Information Systems Audit and Control Association (ISACA), and is certified by the Risk Management Society (RIMS) as a Certified Risk Management Professional (RIMS-CRMP). Mr. Mayo is the first risk practitioner to be credentialed by the three internationally recognized, risk management credentialing bodies; PMI, ISACA, and RIMS. He is an active industry volunteer who regularly participates in industry working groups and strives to enhance global risk management and project management practices. He is an author, speaker and conference presenter on topics that include risk management, project management, and quality assurance.

Kaya Kazmirci, CISA, CISM, CRISC, CGEIT

Managing Director, Kazmirci Associates

Kaya Kazmirci specializes in Fintech Governance & Cybersecurity Services and offers related trainings including: CISA, COBIT, CISM, CRISC, CGEIT, CISSP, and ITIL. He is presently teaching at Bosphorous University and was previously the Internal Audit Director in Istanbul Turkey for Avea (Mobile Telco operator). Kaya has a bachelor’s degree in Engineering Sciences Modified with Computer Science and Electronics from Dartmouth College and is a CISA, CISM and CISSP. Kaya has over 30 years of experience in Information Technology and Business. Kaya is one of the ISACA Istanbul Chapter founders and a past Chapter President. He has extensive experience in restructuring the IT function, and implementation of audit methodologies in large banks and telecommunication operators. Kaya’s experiences include extensive reviews of financial management systems including banking, billing and charging, accounting and ERP (SAP & Oracle) systems, and IT organizations. Kaya also has experience in providing technical, operational, organizational, security and theoretical advice to Internet and e-Commerce focused organizations. Kaya is well versed in generally accepted IT standards such as COBIT, Prince2, ITIL, the International Standard 27001 for Information Security Management, and NIST Standards.

Kaya Kazmirci specializes in Fintech Governance & Cybersecurity Services and offers related trainings including: CISA, COBIT, CISM, CRISC, CGEIT, CISSP, and ITIL. He is presently teaching at Bosphorous University and was previously the Internal Audit Director in Istanbul Turkey for Avea (Mobile Telco operator). Kaya has a bachelor’s degree in Engineering Sciences Modified with Computer Science and Electronics from Dartmouth College and is a CISA, CISM and CISSP. Kaya has over 30 years of experience in Information Technology and Business. Kaya is one of the ISACA Istanbul Chapter founders and a past Chapter President. He has extensive experience in restructuring the IT function, and implementation of audit methodologies in large banks and telecommunication operators. Kaya’s experiences include extensive reviews of financial management systems including banking, billing and charging, accounting and ERP (SAP & Oracle) systems, and IT organizations. Kaya also has experience in providing technical, operational, organizational, security and theoretical advice to Internet and e-Commerce focused organizations. Kaya is well versed in generally accepted IT standards such as COBIT, Prince2, ITIL, the International Standard 27001 for Information Security Management, and NIST Standards.

Kodjo Mawugbé Akpondeou, CISA

Manager, EXCO AFRICA

Kodjo Mawugbé AKPONDEOU is a young Manager at EXCO AFRICA, with the challenge of building an IT Audit and Advisory Team in West Africa. He joined EXCO after more than Six years spent at KPMG where he oversaw both IT and Financial audit and Advisory engagements. He worked in many countries in West Africa, such as Ghana, Togo, Côte d’Ivoire, Mali, and Benin. Kodjo is a chartered public accountant and has developed a real passion for IT Audit, but a lot more for IT Security. Therefore, he endeavors to be CISA and CEH certified. He thinks that no one can know it all, so he is a continuous learner. He hopes he will learn a lot from exchanges he will have with highly qualified professionals of ISACA.

Kodjo Mawugbé AKPONDEOU is a young Manager at EXCO AFRICA, with the challenge of building an IT Audit and Advisory Team in West Africa. He joined EXCO after more than Six years spent at KPMG where he oversaw both IT and Financial audit and Advisory engagements. He worked in many countries in West Africa, such as Ghana, Togo, Côte d’Ivoire, Mali, and Benin. Kodjo is a chartered public accountant and has developed a real passion for IT Audit, but a lot more for IT Security. Therefore, he endeavors to be CISA and CEH certified. He thinks that no one can know it all, so he is a continuous learner. He hopes he will learn a lot from exchanges he will have with highly qualified professionals of ISACA.

Leighton Johnson, CISA, CISM, CRISC, COBIT 5

ISFMT

Leighton is the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, and has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, Blockchain, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance spanning the industries of retail, government, defense industrial base, banking, and information technology. He retains many professional security certifications, including CISA, CISM, COBIT 5, CAC and CRISC and has taught certification, risk management, forensics and auditing courses around the world over the past 15 years. He performs additional duties as the SC-ISACA Board VP and Chapter Instructor, and he recently was awarded the HQ ISACA Accredited Trainer status by ISACA and APMG.

Leighton is the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, and has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, Blockchain, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance spanning the industries of retail, government, defense industrial base, banking, and information technology. He retains many professional security certifications, including CISA, CISM, COBIT 5, CAC and CRISC and has taught certification, risk management, forensics and auditing courses around the world over the past 15 years. He performs additional duties as the SC-ISACA Board VP and Chapter Instructor, and he recently was awarded the HQ ISACA Accredited Trainer status by ISACA and APMG.

Linas Laucius, CISA, CISM, CRISC

Lead Cyber Security Auditor, Nasdaq

On 2002 I've started my professional career as a system administrator in Security Service of Lithuania. Later I have decided to expand my technical background and from system administrator I moved to a network engineering area. Around year 2006 Information security became an area of high interest and importance in Lithuania. Therefore, I turned my career this way and after finishing lots of Information Security related courses, in country and abroad, I was promoted to a role, equivalent to CISO, on Lithuanian government owned Enterprise Centre of Registers. I have spent in this role 5 years. Since 2011 I am an ISACA Lithuanian chapter member. Lithuanian territory limited business area and local Lithuanian Enterprise was not a challenge anymore after 5 years. Looking for a new professional opportunities and further professional growth I have joined Information Security team of worldwide company Western Union. I was responsible for a 3rd party risk assessments and participated as an InfoSec expert on assigned technical projects. Part of my job was security architecture. In a few years, on 2016, I've received a new opportunity to join a second-largest stock exchange in the world - Nasdaq in the role of Lead Cyber Security Auditor. With still a great passion and strong enthusiasm I am 3 years in this role already.

On 2002 I've started my professional career as a system administrator in Security Service of Lithuania. Later I have decided to expand my technical background and from system administrator I moved to a network engineering area. Around year 2006 Information security became an area of high interest and importance in Lithuania. Therefore, I turned my career this way and after finishing lots of Information Security related courses, in country and abroad, I was promoted to a role, equivalent to CISO, on Lithuanian government owned Enterprise Centre of Registers. I have spent in this role 5 years. Since 2011 I am an ISACA Lithuanian chapter member. Lithuanian territory limited business area and local Lithuanian Enterprise was not a challenge anymore after 5 years. Looking for a new professional opportunities and further professional growth I have joined Information Security team of worldwide company Western Union. I was responsible for a 3rd party risk assessments and participated as an InfoSec expert on assigned technical projects. Part of my job was security architecture. In a few years, on 2016, I've received a new opportunity to join a second-largest stock exchange in the world - Nasdaq in the role of Lead Cyber Security Auditor. With still a great passion and strong enthusiasm I am 3 years in this role already.

Mahmoud Abouelhassan

Senior Manager, E-Finance

Mahmoud is an expert in IT field with 20+ years of Experience focusing mainly on Digital Transformation, Information Security, IT Projects and Operations Management. His experience diversified in several Business areas like Digital Transformation, Data Center services, Cloud and Virtual Hosting, ISO 27001,20000, 9001, 22301, E- Commerce, IT Strategy and Business Transformation, Budgeting and Enterprise Planning. He held several positions like Applications and E-commerce Manager, Data Center Operations Senior Manager, Head of PMO in Raya “one of the largest technology companies in Egypt”, recently he is Senior Manager (Digital Transformation) in E-Finance. Mahmoud one of the main players in the successful transformation like one of the most famous e-commerce websites in Egypt rayashop.com, actively involved in launching Raya Nigeria and Raya Algeria. In addition to Data Center business from the startup to be one of the Key Data Center Providers and one of the key players in the Egyptian Data Center Market, differentiated by its ISO certificates and skilled people, Participated in creating 5 years strategic plan with extensive engagement with the Business. Mahmoud holds B.Sc. from Cairo University, M.Sc. from Middlesex UK in Computer Science, Data Center Expert from Capitoline, and Advancement Management Program from RITTI.

Mahmoud is an expert in IT field with 20+ years of Experience focusing mainly on Digital Transformation, Information Security, IT Projects and Operations Management. His experience diversified in several Business areas like Digital Transformation, Data Center services, Cloud and Virtual Hosting, ISO 27001,20000, 9001, 22301, E- Commerce, IT Strategy and Business Transformation, Budgeting and Enterprise Planning. He held several positions like Applications and E-commerce Manager, Data Center Operations Senior Manager, Head of PMO in Raya “one of the largest technology companies in Egypt”, recently he is Senior Manager (Digital Transformation) in E-Finance. Mahmoud one of the main players in the successful transformation like one of the most famous e-commerce websites in Egypt rayashop.com, actively involved in launching Raya Nigeria and Raya Algeria. In addition to Data Center business from the startup to be one of the Key Data Center Providers and one of the key players in the Egyptian Data Center Market, differentiated by its ISO certificates and skilled people, Participated in creating 5 years strategic plan with extensive engagement with the Business. Mahmoud holds B.Sc. from Cairo University, M.Sc. from Middlesex UK in Computer Science, Data Center Expert from Capitoline, and Advancement Management Program from RITTI.

Manoj Patel

Security & Risk Practice EMEA, ServiceNow

Manoj Patel, serves as Senior Advisor for ServiceNow’s Global CyberSecurity and Risk Practice, focused on solving Enterprise Risk & Cyber Security challenges. Manoj brings a total of 20+ years of experience in CyberSecurity, Integrated Risk Management, and Enterprise Legal Management in different senior positions from multinational organizations. He holds an MBA from UK, M.S. from Germany, and B.Sc. (Physics) from India. He is certified as GRCP and in CyberSecurity. Occasionally, he does exhibition of his paintings in his favorite jazz club – Einstein - in Munich.

Manoj Patel, serves as Senior Advisor for ServiceNow’s Global CyberSecurity and Risk Practice, focused on solving Enterprise Risk & Cyber Security challenges. Manoj brings a total of 20+ years of experience in CyberSecurity, Integrated Risk Management, and Enterprise Legal Management in different senior positions from multinational organizations. He holds an MBA from UK, M.S. from Germany, and B.Sc. (Physics) from India. He is certified as GRCP and in CyberSecurity. Occasionally, he does exhibition of his paintings in his favorite jazz club – Einstein - in Munich.

Marco Salvato, CISA, CISM, CGEIT, CRISC

Generali

I am passionate about IT Governance, process design, security management and, of course, risk management. In the past I was a developer, an entrepreneur, and a consultant for over 10 years in KPMG. For the past 10 years I have been working for the Generali Group in IT Security, IT Processes and IT Governance. Since 2018 I have been responsible for Digital Risk at Group level. As a volunteer, I was one of the founders of the ISACA VENICE Chapter where I currently teach the CISA and COBIT 5 modules.

I am passionate about IT Governance, process design, security management and, of course, risk management. In the past I was a developer, an entrepreneur, and a consultant for over 10 years in KPMG. For the past 10 years I have been working for the Generali Group in IT Security, IT Processes and IT Governance. Since 2018 I have been responsible for Digital Risk at Group level. As a volunteer, I was one of the founders of the ISACA VENICE Chapter where I currently teach the CISA and COBIT 5 modules.

Matthias Kraft, CISA, CISM, CGEIT, CRISC

Associate Director - Internal Audit, Fidelity International

Matthias is an Information Security & Technology Audit executive with 15+ years of experience within the IT industry. Matthias is a global citizen with working experiences from Germany, France, Luxembourg and New Zealand where he helped customers achieving potential in the areas of Information Security, Information Risk Management and Information Systems Audit. He currently works as Associate Director Internal Audit for Fidelity International, a global investment and asset management company. Matthias is based in Germany and Luxembourg and holds multiple professional certifications such as CISA, CISM, CGEIT, CRISC and ISO27001LA.

Matthias is an Information Security & Technology Audit executive with 15+ years of experience within the IT industry. Matthias is a global citizen with working experiences from Germany, France, Luxembourg and New Zealand where he helped customers achieving potential in the areas of Information Security, Information Risk Management and Information Systems Audit. He currently works as Associate Director Internal Audit for Fidelity International, a global investment and asset management company. Matthias is based in Germany and Luxembourg and holds multiple professional certifications such as CISA, CISM, CGEIT, CRISC and ISO27001LA.

Mike Dodson

VP WW Customer Security Strategy & Solutions, Venafi

Mike Dodson is VP Worldwide Customer Security Strategy and Solutions at Venafi, where he helps Global 5000 companies and organizations protect their machine identities—securing keys, certificates, and cryptographic systems that form the basis of privacy, security and identity in all enterprises. A Master's degree in computer engineering with additional training in cryptography, combined with 25 years of operational experience and consulting, give Mike a deep and practical understanding of the problems that occur in real-world IT environments.

Mike Dodson is VP Worldwide Customer Security Strategy and Solutions at Venafi, where he helps Global 5000 companies and organizations protect their machine identities—securing keys, certificates, and cryptographic systems that form the basis of privacy, security and identity in all enterprises. A Master's degree in computer engineering with additional training in cryptography, combined with 25 years of operational experience and consulting, give Mike a deep and practical understanding of the problems that occur in real-world IT environments.

Neetu Choudhary, CGEIT

Compliance Analyst

Neetu Choudhary is a passionate quality and business excellence professional with more than 17 years of experience. She holds a master’s degree in Computer Application with honours. She is an ASQ Certified Six Sigma Black Belt practitioner, EFQM certified assessor, CMMI associate, ISACA certified in the governance of enterprise IT (CGEIT) and ISO 9001-2015 certified lead auditor. She has published several articles and facilitated many presentations on quality, six sigma, business excellence, risks and project management. As a philanthropist, Neetu works on to create a better world for all beings by sharing her distinctive insight through writing and speaking about “peace through parenting”, compassion, world peace and humanity.

Neetu Choudhary is a passionate quality and business excellence professional with more than 17 years of experience. She holds a master’s degree in Computer Application with honours. She is an ASQ Certified Six Sigma Black Belt practitioner, EFQM certified assessor, CMMI associate, ISACA certified in the governance of enterprise IT (CGEIT) and ISO 9001-2015 certified lead auditor. She has published several articles and facilitated many presentations on quality, six sigma, business excellence, risks and project management. As a philanthropist, Neetu works on to create a better world for all beings by sharing her distinctive insight through writing and speaking about “peace through parenting”, compassion, world peace and humanity.

Nigel King, CISA, CISM, CGEIT, CRISC

Nigel is Chief Strategy Officer for SafePaaS, the leading Risk Management platform for large enterprises. Nigel is also Senior Lecturer in Information Technology at Nottingham Trent University. Nigel has recently returned to the United Kingdom after a long career in Silicon Valley where he was Chief Architect and Chief Information Security Officer for PowerSchool, the leading education technology platform in North America and before that he was Vice President for Security and Functional Architecture for Oracle's Cloud Applications.

Nigel is Chief Strategy Officer for SafePaaS, the leading Risk Management platform for large enterprises. Nigel is also Senior Lecturer in Information Technology at Nottingham Trent University. Nigel has recently returned to the United Kingdom after a long career in Silicon Valley where he was Chief Architect and Chief Information Security Officer for PowerSchool, the leading education technology platform in North America and before that he was Vice President for Security and Functional Architecture for Oracle's Cloud Applications.

Pablo Ballarin, CISA, CISM

Cybersecurity Specialist, Balusian

I provide strategic services related with cybersecurity governance, risk management frameworks and compliance. In the last years I have assisted top companies in different industries (retail, banking, telecommunications, public administrations, media, and entertainment) in Europe and South America. I also work as IT auditor for telecommunications regulators in South America, I'm an Associate Professor and cybersecurity trainer, member of the board of ISACA Valencia and speaker. In the last year I have directed a research related with cybersecurity and privacy issues in Brain Computer Interfaces solutions and ethical issues in AI algorithms.

I provide strategic services related with cybersecurity governance, risk management frameworks and compliance. In the last years I have assisted top companies in different industries (retail, banking, telecommunications, public administrations, media, and entertainment) in Europe and South America. I also work as IT auditor for telecommunications regulators in South America, I'm an Associate Professor and cybersecurity trainer, member of the board of ISACA Valencia and speaker. In the last year I have directed a research related with cybersecurity and privacy issues in Brain Computer Interfaces solutions and ethical issues in AI algorithms.

Prasant Vadlamudi, CISA

Director - Technology GRC, Adobe

Prasant Vadlamudi has more than 12 years of experience in the technology audit and compliance field. He currently works as Director of the “Technology – GRC” group @ Adobe and is responsible for leading the compliance efforts across all of Adobe. He has extensive experience in various cloud-based security and compliance related audits and is very familiar with frameworks like SOC2, ISO, PCI, HIPAA and FedRAMP. Prior to joining Adobe Prasant used to work with the ITRA division at Ernst and Young. Prasant is also the main architect of the Common Control Framework (CCF) by Adobe which is the cornerstone of Adobe’s company-wide compliance strategy.

Prasant Vadlamudi has more than 12 years of experience in the technology audit and compliance field. He currently works as Director of the “Technology – GRC” group @ Adobe and is responsible for leading the compliance efforts across all of Adobe. He has extensive experience in various cloud-based security and compliance related audits and is very familiar with frameworks like SOC2, ISO, PCI, HIPAA and FedRAMP. Prior to joining Adobe Prasant used to work with the ITRA division at Ernst and Young. Prasant is also the main architect of the Common Control Framework (CCF) by Adobe which is the cornerstone of Adobe’s company-wide compliance strategy.

R.V. Raghu, CISA, CRISC

Director, Versatilist Consulting India Pvt. Ltd

R.V. Raghu, CISA, CRISC, is director of Versatilist Consulting India Pvt. Ltd. Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management. Raghu has more than a decade of extensive, hands-on, global experience across various verticals, such as engineering, manufacturing, IT, ITeS, BFSI, chemicals, mining and telecom. He has provided training, consulting and implementation support for establishing management systems compliant to ISO international standards and other frameworks, such as CMMI and COBIT. He is a gold level member of ISACA and is immediate past president of the ISACA Bangalore Chapter, where he has served as director of membership, secretary, vice president previously.

R.V. Raghu, CISA, CRISC, is director of Versatilist Consulting India Pvt. Ltd. Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management. Raghu has more than a decade of extensive, hands-on, global experience across various verticals, such as engineering, manufacturing, IT, ITeS, BFSI, chemicals, mining and telecom. He has provided training, consulting and implementation support for establishing management systems compliant to ISO international standards and other frameworks, such as CMMI and COBIT. He is a gold level member of ISACA and is immediate past president of the ISACA Bangalore Chapter, where he has served as director of membership, secretary, vice president previously.

Rami Sukkar, CISA, CRISC

Risk Manager, Averda

I am a seasoned IT manager, with a passion for improving the performance of organizations, through the use of best practices’ frameworks in IT, governance, risk and project management. Additionally, I also train employees on topics related to the optimization of IT & project management processes, and Cyber security awareness. Working as an IT Governance and Risk Manager at my current company today, I have helped in the establishment of a corporate governance framework, through the rollout of IT Policies and Procedures using ITIL, a Risk Management framework using ISO 31000, and an IT security platform covering the hardening of Cybersecurity controls and measures, and employee training.

I am a seasoned IT manager, with a passion for improving the performance of organizations, through the use of best practices’ frameworks in IT, governance, risk and project management. Additionally, I also train employees on topics related to the optimization of IT & project management processes, and Cyber security awareness. Working as an IT Governance and Risk Manager at my current company today, I have helped in the establishment of a corporate governance framework, through the rollout of IT Policies and Procedures using ITIL, a Risk Management framework using ISO 31000, and an IT security platform covering the hardening of Cybersecurity controls and measures, and employee training.

Dr. Ramzi Sunna, COBIT Certified Assessor

Chairman, ScanWave Comprehensive Technical Solutions

Case Study - Bridging Program for the Banking Sector from COBIT 5 to COBIT 2019 MENA & GCC Region

Case Study - Bridging Program for the Banking Sector from COBIT 5 to COBIT 2019 MENA & GCC Region

Robert Findlay

Global Head of IT Audit, Glanbia

Currently the Global Head of IT Audit at Irish dairy and protein leader Glanbia, Bob has over 30 years IT, audit and security experience. Having started in mainframe computer operations for a French Bank in the 1980’s Bob has managed most IT functions including programming, project management and data centre operations in addition to significant stints in IT audit and as Chief Information Security Officer. Bob started working in IT audit in the Audit Commission and has since managed and set up IT audit functions in global businesses, such as British Airways, The Co-operative Group, ARYZTA, Paddy Power and now Glanbia as well as spells consulting for EY.

Currently the Global Head of IT Audit at Irish dairy and protein leader Glanbia, Bob has over 30 years IT, audit and security experience. Having started in mainframe computer operations for a French Bank in the 1980’s Bob has managed most IT functions including programming, project management and data centre operations in addition to significant stints in IT audit and as Chief Information Security Officer. Bob started working in IT audit in the Audit Commission and has since managed and set up IT audit functions in global businesses, such as British Airways, The Co-operative Group, ARYZTA, Paddy Power and now Glanbia as well as spells consulting for EY.

Rosemary M. Amato, CISA

Head of Demand Management, ING Bank

Being one never afraid to challenge the status quo, Rosemary has spent her career first as a Management Accountant, and then at a Big 4 helping companies grow, innovate, and become a leader in their industry. Currently Rosemary works for ING Bank, in the global office of data management serving in the role of Head of Demand Management. Previously she was a Director within the Central Mediterranean Firm of Deloitte, based in Malta, and prior to that she was based in Amsterdam where she was a Managing Director within Deloitte’s Global Finance organization.

Being one never afraid to challenge the status quo, Rosemary has spent her career first as a Management Accountant, and then at a Big 4 helping companies grow, innovate, and become a leader in their industry. Currently Rosemary works for ING Bank, in the global office of data management serving in the role of Head of Demand Management. Previously she was a Director within the Central Mediterranean Firm of Deloitte, based in Malta, and prior to that she was based in Amsterdam where she was a Managing Director within Deloitte’s Global Finance organization.

Sergiu Zaharia

Technology Architect, BearingPoint

Sergiu began his security career in 1999 as IT security engineer with Defense Intelligence, focusing on network security and cryptology, gathering multi-disciplinary experience as Chief Information Security Officer with telco, banking and retail players. As Central Security Director of Telekom Romania, in 2010 Sergiu unified a wide range of security teams into one, directly reporting to the CEO. As a member of Business Continuity Management and Crisis Management groups of excellence in Deutsche Telekom, Sergiu benefited from a know-how transfer from top global cyber resilience experts. Currently he’s developing the Security Center of Excellence in Romania and provides security advice to customers across several sectors. Sergiu has a master’s degree and a merit diploma in IT Security from the Military Technical Academy of Bucharest and started his PhD in 2017, with the aim of improving application security review through machine learning algorithms.

Sergiu began his security career in 1999 as IT security engineer with Defense Intelligence, focusing on network security and cryptology, gathering multi-disciplinary experience as Chief Information Security Officer with telco, banking and retail players. As Central Security Director of Telekom Romania, in 2010 Sergiu unified a wide range of security teams into one, directly reporting to the CEO. As a member of Business Continuity Management and Crisis Management groups of excellence in Deutsche Telekom, Sergiu benefited from a know-how transfer from top global cyber resilience experts. Currently he’s developing the Security Center of Excellence in Romania and provides security advice to customers across several sectors. Sergiu has a master’s degree and a merit diploma in IT Security from the Military Technical Academy of Bucharest and started his PhD in 2017, with the aim of improving application security review through machine learning algorithms.

Surinder Singh Rait, CISA, CISM

Senior Corporate IT Auditor, Ericsson

20 years of experience in Information/ Cyber Security being held senior management positions in my past experiences. Currently working as Senior Corporate IT Auditor in Ericsson. Handled global implementations of projects in ISO27001, NIST Cyber Security Framework, DLP, NAC, Global SOC.

20 years of experience in Information/ Cyber Security being held senior management positions in my past experiences. Currently working as Senior Corporate IT Auditor in Ericsson. Handled global implementations of projects in ISO27001, NIST Cyber Security Framework, DLP, NAC, Global SOC.

Susanne Moeller-Hansen, CISA, CISM

Security Consultant, Future Security

Susanne has more than 10 years of experience with security consulting regarding cyber-, data- and information security and GDPR. She started working as internal IT auditor, continued to compliance, took some years as PCI DSS auditor, and have for the last 5 years provided consulting on Cyber and information security, and some compliance such as GDPR. She has worked with both private companies, especially within the financial sector and within the public sector. At the latest she has worked with cyber- and it-security consulting, especially with GDPR, ISO27001/2 implementation and as security consultant at a number of organisations. Susanne primarily works on the strategic, organisational and documentational level in an organisation. She is not one who herself implements technical solutions, but primarily acts as a link between technicicans and management and ”translates” security issues and requirements so that both management and technical employees understands.

Susanne has more than 10 years of experience with security consulting regarding cyber-, data- and information security and GDPR. She started working as internal IT auditor, continued to compliance, took some years as PCI DSS auditor, and have for the last 5 years provided consulting on Cyber and information security, and some compliance such as GDPR. She has worked with both private companies, especially within the financial sector and within the public sector. At the latest she has worked with cyber- and it-security consulting, especially with GDPR, ISO27001/2 implementation and as security consultant at a number of organisations. Susanne primarily works on the strategic, organisational and documentational level in an organisation. She is not one who herself implements technical solutions, but primarily acts as a link between technicicans and management and ”translates” security issues and requirements so that both management and technical employees understands.

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor

Director, Board of Directors, ISACA

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor, CIA, CRMA, is an IT Advisory Executive with EGIT | Enterprise Governance of IT (Pty) Ltd., an IT Advisory firm (South Africa). He has several years of in-depth experience in mainstream IT, IT auditing, cybersecurity, IT governance and IT risk across private and public sectors in Africa, Europe, the USA and Asia. Zororo is an advisor to a number of boards of directors, IT and business leaders across the globe on governance of enterprise IT, cybersecurity, IT auditing, IT risk, innovation and digital transformation. He was involved in the development of numerous ISACA white papers and COBIT 5 publications. A renowned COBIT expert, advisor and accredited trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee and the External Advocacy Committee. He is a recipient of the ISACA 2017 Harold Weiss Award for Outstanding Achievement, which recognizes an individual for sustained contributions to the advancement of the governance of enterprise IT. Zororo was voted a top speaker at 2017 Asia Pacific CACS and 2017 Africa CACS conferences. He is the Immediate Past President of the ISACA South Africa chapter.

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor, CIA, CRMA, is an IT Advisory Executive with EGIT | Enterprise Governance of IT (Pty) Ltd., an IT Advisory firm (South Africa). He has several years of in-depth experience in mainstream IT, IT auditing, cybersecurity, IT governance and IT risk across private and public sectors in Africa, Europe, the USA and Asia. Zororo is an advisor to a number of boards of directors, IT and business leaders across the globe on governance of enterprise IT, cybersecurity, IT auditing, IT risk, innovation and digital transformation. He was involved in the development of numerous ISACA white papers and COBIT 5 publications. A renowned COBIT expert, advisor and accredited trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee and the External Advocacy Committee. He is a recipient of the ISACA 2017 Harold Weiss Award for Outstanding Achievement, which recognizes an individual for sustained contributions to the advancement of the governance of enterprise IT. Zororo was voted a top speaker at 2017 Asia Pacific CACS and 2017 Africa CACS conferences. He is the Immediate Past President of the ISACA South Africa chapter.

Tony Gee

Security Researcher and Consultant, Pen Test Partners LLP

Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor. Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, ISACA CSX Europe, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.

Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor. Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, ISACA CSX Europe, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.

Tracy Celaya

President, GO Consulting Int’l

Dr. Celaya is President of Go Consulting Int'l and a sought-after IT & Business Consultant. She's an innovative leader and energetic speaker with 20 years of experience in IT Security, Program Management, Organizational Development, and Change Management, with her research in cloud computing, HR, and Information Security. She is a U.S. Air Force veteran with a background in electronic intelligence. Her clients consider her their “Secret Weapon” as she helps organizations define & implement their security strategy and develop a solid organizational culture of security. She is author of two publications regarding cyber security and cloud computing in human resources, and an international top-rated speaker featured at ISACA CSX Europe & U.S., ISACA CACS, RSAC US, RSAC Asia-Pacific, ISSA, OWASP, DevOps.com, and SecureCISO.

Dr. Celaya is President of Go Consulting Int'l and a sought-after IT & Business Consultant. She's an innovative leader and energetic speaker with 20 years of experience in IT Security, Program Management, Organizational Development, and Change Management, with her research in cloud computing, HR, and Information Security. She is a U.S. Air Force veteran with a background in electronic intelligence. Her clients consider her their “Secret Weapon” as she helps organizations define & implement their security strategy and develop a solid organizational culture of security. She is author of two publications regarding cyber security and cloud computing in human resources, and an international top-rated speaker featured at ISACA CSX Europe & U.S., ISACA CACS, RSAC US, RSAC Asia-Pacific, ISSA, OWASP, DevOps.com, and SecureCISO.

Tuan Phan, CISSP

Partner, Caplock Security LLC

Tuan Phan is a partner with Caplock Security LLC with strong expertise in the implementation and management of emerging technologies, information assurance programs, technical projects and operations, and risk management across several industries including government, software, specialty product, drug and medical device manufacturing. Tuan has consulted with state and Federal agencies including Oregon Public Employees Retirement System, Centers for Disease Control and Prevention, National Credit Union Administration, and Federal Retirement Thrift Investment Board on information security and assurance. As the practice leader for blockchain technology at Caplock Security LLC, he leads the development of several proofs of concept using Hyperledger Fabric and Ethereum private blockchains and advises clients on the security implementation of smart contracts and blockchain infrastructure. Tuan has shared his experience on numerous topics on cybersecurity, blockchain security, IT governance, and regulatory compliance at several industry conferences and seminars. Tuan has also authored several articles on blockchain and regulatory compliance topics in several industry magazines and journals and served as SME reviewer for ISACA Blockchain Audit Program.

Tuan Phan is a partner with Caplock Security LLC with strong expertise in the implementation and management of emerging technologies, information assurance programs, technical projects and operations, and risk management across several industries including government, software, specialty product, drug and medical device manufacturing. Tuan has consulted with state and Federal agencies including Oregon Public Employees Retirement System, Centers for Disease Control and Prevention, National Credit Union Administration, and Federal Retirement Thrift Investment Board on information security and assurance. As the practice leader for blockchain technology at Caplock Security LLC, he leads the development of several proofs of concept using Hyperledger Fabric and Ethereum private blockchains and advises clients on the security implementation of smart contracts and blockchain infrastructure. Tuan has shared his experience on numerous topics on cybersecurity, blockchain security, IT governance, and regulatory compliance at several industry conferences and seminars. Tuan has also authored several articles on blockchain and regulatory compliance topics in several industry magazines and journals and served as SME reviewer for ISACA Blockchain Audit Program.

Vadim Gordas, CISA, CRSIC

Head of IT & InfoSec Risk, Zopa Financial Services

Vadim is an Information Risk Management Specialist with over 12 years’ experience in information security, data protection and information security compliance. He holds a GCHQ-certified MSc degree in Information Security from ISG Royal Holloway, University of London and various industry certifications. Most recently his research is focused on measuring the human risk and ensuring that enterprises can make targeted interventions to manage the people aspects of security.

Vadim is an Information Risk Management Specialist with over 12 years’ experience in information security, data protection and information security compliance. He holds a GCHQ-certified MSc degree in Information Security from ISG Royal Holloway, University of London and various industry certifications. Most recently his research is focused on measuring the human risk and ensuring that enterprises can make targeted interventions to manage the people aspects of security.