The management of cyber risk is a continual journey that adapts to changes in the circumstances of an organisation. As it develops new products and services, deploys and implements new technologies, acquires new businesses and it grows strategically and organically. Cyber risk management is a complex and continual process of evolution and change, moving as fast or as slow as the threats to the business model. It is a risk that is now being regulated in the U.S and EU. With 2022 seeing the EU and U.S develop cybersecurity risk management regulation, regulatory proposals and enforcement regimes. Regulations and proposals that formalize leadership teams take accountability and responsibility for cybersecurity risk management, governance, strategy and incident response reporting.
We don’t advise leadership teams to take this journey on alone. Unless you have the skills and experience to develop cybersecurity risk management strategy and operations along side those of the business. Cyber regulation and compliance is expensive and the cost of failure can be significant. Legal precedence has been set in the U.S in 2022 that will continue in 2023 that will place a significant legal risk to both board members and CISOs.
Andy is a leader in cybersecurity risk management. He has held role leading both 1st and 2nd Lines of Defence for organisations as diverse as Group VP cyber risk Grupo Santander, European DGM Operational Risk and CISO Mizuho Corporate Bank, and global head of cyber Penguin Random House. He was the Counsel appointed expert to the ICO on cybersecurity. He received a U.S presidential volunteer service award for his work on the U.S DoD CMMC program. Andy is a Chartered Security Professional (CSyP) and CSyP assessor, recognised by the UKs Centre for the Protection of National Infrastructure (CPNI), and holds a place on the UKs Register of Chartered Security Professionals. He is a Chartered Engineer (CEng) received during his time at Rolls-Royce plc, and he is a member of the Institute of Mechanical Engineers (MIMechE) and a Associate of the Academy of Expert Witness (AMAE). He is a member of the Board of the Security Institute (MSyI), a Freeman of the Worshipful Company of Security Professionals (WCoSP) and a Freeman of the City of London.
Andy has provided thought Leadership and helped formulate cyber strategy through many papers, webinars and conferences. That have included discussions with the White House Office of the National Cybersecurity Directorate, U.S Department of Defense, The Cyberspace Solarium Commission, Members of Congress, All Party Parliamentary Committees conducted with the U.S DoD, he has led CMMC for UK defence trade associations and given webinars, presentations and papers for the AICPA, IIA, AFCEA and NDIA amongst many others.
Andy provides services on cybersecurity and risk management governance, strategy and delivery.
Ted is a veteran of cybersecurity with over 40 years’ experience of the design, delivery, oversight and assurance of cybersecurity and risk management systems. Ted’s area of expertise is the management of risk in Information Technology developed over the years. He is an experienced systems Auditor and Integrator giving him a unique insight as to the challenges associated with developing eGRC programs, that satisfies the compliance requirements faced by organizations of all types and sizes.
He is an internationally recognised cybersecurity, risk management and Information system educator and a highly respected security trainer. He is authorized to train ISACA CISA, CISM, CRISC, ISC2 CAP, CCSP, and CISSP. He holds DoD secret clearance and has taught causes for a broad range of public and private sector organisations that includes most U.S Federal Agencies, State and Local Government, and companies across financial services, consultancies, engineering, manufacturing, defence, healthcare, media and IT services providers and cloud.