This page contains recorded works and notable documentation that I have been involved with over the past five years. To be honest, most of the PR engagements have been omitted (verbosity and all that) but can be found on my LinkedIn page.
I also simply don’t have space to highlight all of the interviews, speaking engagements I have been involved with but if I have made slide decks available or a tangible deliverable has been involved, I’ll look to include it on this page at some point.
Across 2018, I wrote a four-part series for CSO Magazine which covered the what, why and how of engaging with company executives outside of the cybersecurity and IT functions. The aforementioned content has served as input to plenty of my 2019 material, especially the need for clear, repeatable cybersecurity metrics which are not shrouded in techno-babble and esotericism.
CompTIA EMEA Summit
Let’s deconstruct some of those myths, based on experiences from working professionals and managers in the field. According to Chris Hodson and Gary Fildes, it’s high time to “talk some smack” about the typical clichés concerning operational technologies (OT), the cloud, AI/machine learning, and additional emerging technologies such as blockchain as they pertain to cybersecurity. Is it true that automation and AI are more likely to cure cancer than stop ransomware or replace the help desk worker? Is the “layered security” model really as silly an idea as some say? Exactly how does a cybersecurity professional clean up after messes created “upstream?” What is the real use of blockchain? What is “technical debt,” and how can cybersecurity pros pay it off in the best way? And, is it really true that we’ve only just begun to implement the cloud? Join us for a structured conversation about these topics, and get ready to participate in a lively discussion.
Cyber Risk Management: Video Series
As part of the book’s promotion, I met up with Kogan Page and sat for a series of interviews covering various important cybersecurity topics; issues which are often misunderstood or poorly explained to those without extensive industry experience. I hope you enjoy the series!
Cybersecurity Observatory: UK Second Edition
The purpose of the 1st Global Cybersecurity Observatory is to collaborate to build a safer society and to help solve important problems leveraging cybersecurity innovation. Having previously written for the Observatory, I was asked to return and give my thoughts on the symbiosis of IT hygiene and cybersecurity. Check it out!
Stanton House: CISO Interview
In this Stanton House paper, we discuss how security leaders should be passionate about technology, what today’s cyber professionals can do to become tomorrow’s leaders and how to provoke more emotive reactions to risk from inside your workforce. Check it out! Thanks to the guys at Stanton House for giving me an opportunity to voice a few of my thoughts.
CISO Interview: The Role of Certification and Training in Cybersecurity
The Transformation Advisor: Rob Llewellyn
While enterprise cybersecurity spend is at an all time high, the plethora of high-profile data breaches continues. Chris Hodson helps us explore the challenges faced by the modern-day Chief Information Security Officer.
Cloud Security Alliance: 2019 AGM Keynote
Cybersecurity Mentoring Monday
I really enjoy the various cybersecurity mentoring opportunities which present themselves. I have been working with Francesco as part of the Mentoring Monday series, but also through board membership of the Cloud Security Alliance here in the UK. I wanted to add this video recording as the conversation was both interesting and insightful. Francesco, keep up the good work!
Information Security Europe 2019
Infosecurity Magazine’s Dan Raywood sat down with Chris Hodson (Tanium) during Infosecurity Europe 2019. Watch this live recorded interview now.
CityAm: A Letter to the Editor
It was pretty cool to have my thoughts published on the Public Accounts Committee findings into the UK state of cybersecurity. I’ve attached a copy of the paper, along with the article.
Secure South West 12
This event is specifically offered for the benefit of organisations in the south west, giving an opportunity for awareness-raising and access to expertise without the need to travel out of the region. The programme includes presentations and discussion addressing a range of security topics relevant to the current market. These will be delivered by representatives from leading companies in the IT security industry, alongside recognised academic experts from the University of Plymouth.
A shout out to fellow IISP board member Steve Furnell for having me run an afternoon keynote. I’d encourage anyone who can make it to attend a Secure South West event. I really enjoyed the interactive format, not to mention the unique venue!
Cyber Observatory: CISO of the Week
The Cybersecurity Observatory is an initiative to streamline the collaboration between the cybersecurity innovation ecosystem and the financial services, healthcare, government, critical infrastructure, transportation, high education, technology, law enforcement, manufacturing, universities and cybersecurity research groups globally.
I got involved with Cybersecurity Observatory for an in-depth interview covering risk metrics, cybersecurity controls and data privacy. I was delighted to subsequently receive their global ‘CISO of the Week’ award.
You can check out below for my CISO of the Week interview:
GDPR Anniversary: CityAM Article
Royal Holloway: Guest Lecturer
I think I held a bit of an unfair advantage when I studied for my MSc in Cybersecurity; with 15 years industry experience in my back pocket, a was immediately able to contextualise a lot of academic content, aligning it to real-world situations. A lot of this thinking fed into my 2016 thesis, but it didn’t stop there!
I have returned to Holloway on three occasions to deliver guest lectures on various topics from the field. In early 2018 I came onsite to deliver a two-part series on cloud architecture and modern networking, before heading back in early 2019 for a session discussing the role of the modern CISO.
All the sessions stimulated excellent conversation both inside and outside of the classroom. I have attached below copies of the content I used in each session. I hope you find the content interesting!
It’s unsurprising to see a lot of 2018 content focusing on data privacy. At Zscaler I served as not only a CISO, but a Data Protection Officer. Plenty of content focused on the challenge (and opportunity) of holding both positions for a cloud security service provider.
Information Security Live: Keynote
Not a darts player and I’ve never held a WWE World Title, you wouldn’t know it though from the walk on music in this one! I wasn’t sure what to expect from the Information Security Live conference but it was a fantastic conference over in The Netherlands.
Cordery Interview: Data Privacy Readiness – A CISO Perspective
Jonathan Armstrong could put Paxman or Marr to shame – an engaging interviewer who prides himself on honest dialogue – so much so that interviewees have no idea of the line of questioning Mr Armstrong will explore. I hope the passion in the room comes across.
BCS: Data Privacy Day
I was honoured to present at the British Computer Society’s (BCS) Data Privacy Day. Along with yours truly, we had speaker representation from the Information Commissioner’s Office (ICO) and the BCS. The video recording no longer seems available online, although I have attached a copy of the agenda and my presentation.
ReThink! IT Security
The 3rd Rethink! IT Europe 2018 is the leading IT summit bringing together CIOs & senior IT executives to discuss key industry topics, share knowledge, create new partnerships, and identify opportunities for their business.
I presented a keynote session outlining some of the approaches I’ve taken to security applications, data and users ‘in the cloud’.
Here’s a video interview outlining the speech in some detail:
Zscaler CISO’s Bil Harmer and Chris Hodson explore the themes emerging at the RSA Security Conference in San Francisco April 2018.
RSA Presentation: Blockchain Applications and Their Weaknesses: A Practical Investigation
Sure, it’s possible to hack blockchain elements (e.g., ECC), at least in theory. Some still worry about the security of blockchain technology, or that it is a solution looking for a problem. Nevertheless, it’s a vital technology. It’s all about the application! Join this Lab to focus on specific issues with current—and future—blockchain applications, based on industry research.
1: Gain an understanding of specific security issues in blockchain implementations.
2: Learn to identify and rectify security issues.
3: Discuss anticipated issues as implementations continue in the workplace.
IISP Masterclass Series
The IISP Masterclass Programme events are aimed at all levels of membership and are run by subject matter experts to knowledge share and assist you in progressing your IISP membership.
As an IISP board member, I am proud to chair most of the Masterclass sessions and provide recommendations for event topics, speakers…and locations!
If you’re reading this and hold an active IISP membership, make sure you check out their events diary and get down to the next catch-up. If you’re not a member (where have you been?) simply drop events@IISP.org a line and come along to a taster session.
Peerlyst: CISO War Stories
I love working with the Peerlyst team. I chaired a podcast back in 2017 in which I was joined by Tal and Eric to discuss all matters ‘CISO in the field’. The recording is an hour’s open and honest dialogue based on challenges experienced by security leaders irrespective of industry vertical.
A follow-up to this pod is long overdue. Watch out for something before 2019 is out!
Incident Resolution Summit 2017 London
Explore best practices and learn about the newest trends in automation and incident response while immersing yourself with like-minded executives across IT Operations, Network Operations, and Security Operations departments.
InfoSec Europe: Cloud Computing
At Information Security Europe, I caught up with Dick Morrell to discuss all matters modern networking and cloud computing. This was recorded against a backdrop of infosec noisiness at the conference, but it’s an interesting chat.
CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.
2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas.
Myths of Cloud Computing Debunked
So we’re going to talk today about some of the myths of cloud computing going to debunk some of these myths so we’re all kind of acutely aware of some of the benefits of cloud but what are some of the risks of cloud and do they still apply today
I was delighted that my MSc thesis was recognised in Computer Weekly’s Awards Series. Check out the abridged version here – this includes my thoughts concerning:
- Cloud computing is a growing trend in all industry verticals. Multi-tenant solutions often provide cost savings while supporting digital transformation initiatives – but what about the security considerations?
- Are cloud architectures inherently less secure than systems we build within our own data-centres? Does cloud introduce a new set of threats and vulnerabilities?
- In his thesis, Chris Hodson looks into the constituent components of public cloud ecosystems and assesses the service models, deployment options, threats and good practice considerations.