Chief Enterprise Architect and Head of Architecture, Security and Innovation at the University of Birmingham, David has 30 years' experience working across the UK, Europe and the Americas in Financial Services, Automotive Manufacturing, Healthcare and higher education sectors for leading organisations such as Citi, Clearstream, Cazenove, Toyota, BT, SWIFT and HSBC. His current role combines being Chief Architect, leading on IT strategy and enterprise architecture, with that of Chief Information Security Officer. A regular conference speaker and writer, he holds an MSc in Software Engineering from the University of Oxford, is a chartered member of the British Computer Society, CISM, CGEIT and member of ISACA and the Institute of Directors.
Dave Guest, Oxford Computer Group
Dave’s expertise is panoramic. He has experience designing and implementing a broad range of identity driven security solutions, adopting Novell, IBM, Oracle and Microsoft technologies. As well as designing elegant infrastructure solutions, Dave is a gifted communicator. At OCG, he’s a frequent presenter at events and webinars, whilst our customers appreciate how he delivers technical expertise and business insight in simple to understand terms. Dave has a talent for truly understanding individual business requirements around identity driven security, whilst building strategies and roadmaps that take advantage of the latest technologies.
David Hayling is Head of IT Infrastructure at the University of Kent, working to help development focused teams responsible for networks, server infrastructure, defining the end user computing services and corporate DBAs. Part of Information Services, a combined information resources and technology service supporting the whole university strategy. Some experience operating a regional network, sysadmin at large University of London college, and Oftel (Office of Telecommunications) the forerunner of Ofcom.
David likes the community and collegiate approach within UK HE & Research. Has worked with UCISA for some while, now chair of the Network Group but relies on the excellent committee members for all successes. Helps the UCISA Executive a bit, and adds an external perspective to the STFC Network Technical Design Authority. Has the scars to show involvement in many, and some large, procurements. Wants to see evidence based improvements to the user experience, for all, from the newest under graduate to the huge demand inducing researcher.
Stephen Hill holds a MSc in ICT Technology Management and is a Certified Information Systems Security Professional (ISC)2 . He is currently the Information Security Project Manager at the University of Wolverhampton and is undertaking an information security review and implementation of a number of controls and technologies across the University to meet the challenges of balancing data collaboration whilst ensuring confidentiality and data privacy.
Stephen has previously published academic papers on the application of digital techniques which successfully identify network security vulnerability markers within network environments. His co-authored academic paper on cyber security markers and the use of user profiles in predicting network exploits was presented at the European Conference on Cyber Warfare and Security 2015.
Stephen’s framework for identifying network vulnerabilities and the implementation of practical security controls in Cloud data sharing have been implemented in a number of international data sharing research projects.
Stephen’s previous experience includes roles in law enforcement agencies and he has led a number of multi-agency investigations as the senior investigating officer involving digital crime, terrorism and fraud. Stephen currently presents modules on the Digital Forensics MSc at the University of Wolverhampton and specialises in the unique challenges of securing Cloud digital evidence.
Ted Leath has worked in IT for over 34 years, 30 of which have been within Higher Education. Ted managed a front-line support team supporting academic Computer Science for 25 years, and has been the corporate Information Assurance Manager for Ulster University for nearly 7 years.
The Ulster University Information Assurance Manager establishes, implements and oversees the University’s Information Assurance (IA) programme for safeguarding the security of the University’s information assets with regard to confidentiality, integrity and availability. This includes:
- Developing IA strategy
- Developing policies, standards, codes of practice and guidelines for IA
- Risk and vulnerability assessment and implementing appropriate controls
- Oversight of an Information Security Management System
- Reporting and Analytics
- Providing appropriate IA documentation and training
As well as an MSc in Computing and Design, Ted also holds the following professional certifications and memberships:
- Chartered Information Technology Professional (CITP), British Computer Society
- Professional Member (MBCS), British Computer Society
- CISSP - Certified Information Systems Security Professional, (ISC)²
- Member, Cyber Crime Subgroup, Northern Ireland Organised Crime Task Force
- Member, Cyber-security Information Sharing Partnership (CiSP), National Cyber Security Centre (NCSC)
Ted has also served on both the Senate and Council of Ulster University, and is a native of Southern California.
Jerry Niman has worked in IT for 37 years, of which 23 have been in Higher Education mostly at Director level. Since 2010 he has been an independent consultant to the HE sector, undertaking a wide range of assignments.
He has dealt with many cyber security incidents during his time as Head of Information Systems for Manchester Metropolitan University.
Jerry has worked with UCISA on a number of security related initiatives:
- Lead author for the UCISA IT Model Regulations;
- Project consultant for UCISA's market survey of Information Security Awareness Training products - this led to the Leo Learning course being made available to the sector;
- Lead author for the Business Continuity Best Practice Guide; and
- Lead author for UCISA's guide to conducting Privacy Impact Assessments.
Jerry has conducted many Privacy Impact Assessments on Office 365, HR systems and catering payment systems, and has helped HE organisations undertake comprehensive IT Risk assessments. He has also undertaken policy reviews for several Universities and produced a set of template policies that will be helpful to institutions following the UCISA Information Security Management Framework.
James Smith is the University of Oxford’s Chief Information Security and is responsible for establishing and maintaining the University’s information security management framework. As part of this James has led the development and implementation of an information security awareness programme which seeks to improve overall user behaviour and provide targeted training for specific users and groups. Prior to joining the University in 2015, James was a Senior Manager at PwC providing assurance and consultancy over cyber security risk to a range of clients. James is an ISO27001 Lead Auditor, Certified Information Systems Auditor and Associate Member of the Institute of Information Security Professionals.
Dr Danny Steed is the Project Lead for the Cyber Information Sharing Partnership (CiSP) within the National Cyber Security Centre (NCSC). Danny's duties include being responsible for the operational integrity, availability and future design of this operational service that caters to over 8,500 individuals from more than 3,000 organisations nationwide, he has been in this post since October 2015 under the predecessor organisation CERT-UK within the Cabinet Office. Danny was previously Lecturer in Strategy and Defence at the University of Exeter from 2012-2015, researching and publishing on national security strategy broadly, as well as a central designer to the Masters in Applied Security Strategy course delivered there; he continues to lecture on request both to universities and the armed forces. Danny's PhD focused on the relationship between strategy and intelligence in British practice.
Rob Walker has worked in information security for 17 years – across the military, government, charity and education sector. His current role as Security Architect at the University of Portsmouth involves policy development, providing advice and guidance and ensuring the University is sufficiently agile to defend itself from cyber-attack.
This presentation illustrates a pragmatic method for identifying and analysing the risks associated with cloud service adoption. It also offers insights into other methods of information risk assessment. The goal is to show how you can get a grip on cloud risks with some easy quick and effective methods and so help the risk owner to make better informed decisions.