To previous page COSAC 2002: International Computer Security Audit and Control Symposium To next page

Below is a list of the speakers for COSAC 2002 (in alphabetical order), click on a name to review that person's "Bio" and use the timetable page to review the sessions for a particular speaker.

Marcus Alldrick Head of Group Information Security Abbey National plc
Patricia Anderson Head of Group Information Security Royal Bank of Scotland Group
Norbert Bielefeld Deputy Director European Savings Banks Group
Krag Brotby President E-Sec Corporation
Richard Cascarino CEO Compact Business Services
John Ceraolo Manager of Corporate Security Citrix
Andrew Clark Director Inforenz Ltd
Stan Dormer Director:
Education and Training
MindGrove by Ink-e Media
Dr. David B. Everett Chief Technical Officer Datacard Group
Vince Gallo Director Inforenz Ltd
Michael Harris Security Specialist Ernst & Young
Jay Heiser Security Officer UBS AG
Carl B. Jackson Vice President:
Business Continuity Planning
QinetiQ TIM inc
Cheryl Jackson Principal Consultant ThruPoint Corporation
Ray Kaplan - Security Curmudgeon @ Large
Denis Kelly IT and Business Process Manager Power Generation ESB
Ken Lindup Principal Cylink
David Love Head of Security TAG (EMEA) Computer Associates
David Lynas Director:
Global Service Development & Marketing
Tsutomu Matsumoto Professor Yokohama National University
Aled Miles VP and MD Symantec, Northern Europe
John O'Leary Director of Education Computer Security Institute
Richard Nealon Security Specialist,
Asset Protection Group
Bank of Ireland
Gerry O'Neill Head of Group IT Risk Barclays PLC
Simon Pascoe Lead Internet security Architect BTexact Technologies
Dan Quealy Ernst &Young --
Mark Rasch Computer Security,
Privacy, and Legal Consultant
Independent Legal Consultant
Tony Sale Founder Codes and Ciphers
Gene Schultz Principal Engineer Berkeley Lab
University of California
John Sherwood Director:
Professional Services (EMEA)
QinetiQ TIM
Pete Simpson ThreatLab Manager Clearswift Corporation
Valene Skerpac Managing Director iBiometrics
Nick Spenceley Director Inforenz Ltd
David Spinks Director, Security & Privacy, EMEA EDS
Michael Wiener - -
Peter Wood Chief of Operations First Base Technologies

Marcus Alldrick

Marcus has been in IT for over 23 years, the last 10 specialising in information Security. Marcus has all-embracing responsibilities for information security throughout Abbey National and its constituent companies. This has directly involved Marcus and his team in redefining Abbey National’s corporate information security policies, standards and guidelines; developing a comprehensive and complimentary information security architecture; and applying a definitive organisational model to implement, operate, manage, monitor and measure these strategic deliverables. This has and continues to be performed in parallel with supporting the organisation in realising its various business strategies and meeting its operational needs. This in turn has involved considerable activity from an information security perspective in supporting the company in its acquisition and divestiture of business interests and its outsourcing, partnership and joint venture activities.

Marcus is speaking in Session F4

Patricia Anderson

Since joining The Royal Bank of Scotland in 1997, Patricia has instigated and led a successful programme of significant change in the way security is considered by the business, both culturally and in terms of market offerings. This programme has included roll-out of a single security governance and operating model across the entire Group, including all NatWest businesses acquired in 2000; and implementation of major new security infrastructures that protect the Group’s services and its customers, and which also enable RBSG brands to provide a new range of customer propositions in the field of electronic trust.

Previously, Patricia was Global Head of Information Security for the investment bank Deutsche Morgan Grenfell. She has also worked for both the upstream and downstream oil divisions of Shell, and in the petrochemical construction industry with the Fluor Daniel Corporation. A Chartered Management Accountant, she has held a number of business positions, including in the areas of competitor analysis and operational risk, prior to moving into the field of information security.

Patricia is speaking in Session I1

Norbert Bielefeld

Norbert graduated in 1975 from Ecole Supérieure des Sciences Economiques et Commerciales (ESSEC), Paris (finance and marketing) and in 1983 from Centre National des Arts et Métiers (INTEC), Paris (certified accounting). He furthered his education at the University of Berkeley (California), University of Cambridge (United Kingdom), and INSEAD (France).

He started his carrier with Union de Banques à Paris in Paris as a branch manager, and then became finance manager with Clark Credit, in charge of France and Italy. He then moved to Germany to become finance director at Econocom (a computer leasing company) and to Belgium as managing director of ECS International (another computer leasing company).

There he was retained by SWIFT, the bank-owned telecommunication services company, where he held a range of positions: head of marketing and customer support, head of new network services, director of payments strategy, and director banking industry initiatives.

Since 2001 Norbert has set up his own consultancy to provide professional services to Central Banks, financial institutions and corporates, in particular strategy and operational advice for the transaction business.

Norbert has been a member of NACHA (the National Automated Clearing Houses Association – McLean, Virginia) Cross Border Council since 1994. He was Vice Chairman of the Council between 1997 and 1999, and is Vice Chairman of the Industry Issues Committee since November 2001.

Norbert is speaking in Session H1

Krag Brotby

Mr. Brotby has more than twenty years of experience in various computer related fields with the past eighteen almost entirely devoted to the area of commercial computer and network security. Coupled with extensive project design and management experience, he has provided solutions to complex security issues for a number of clients in various industries. Particular emphasis has been on user authorization and authentication technologies, two and three tier client/server architecture, enterprise information system security requirements, assessment, and architecture. Recent experience includes intensive involvement in all aspects of current and emerging security architectures including policies, procedures, forensics, investigations and implementation.

Mr. Brotby also has substantial experience with documentation, training and presentations both technical and management. He holds several patents for commercial security products and has published a variety of technical and IT security related articles.

Mr. Brotby is a member of the Society of Competitive Intelligence Professional (SCIP), Program Director for the California High Tech Task Force steering committee and a member of the High Tech Criminal Investigators Association (HTCIA).

Mr. Brotby has been a presenter at Compsec in London on topics related to Role Based Access Control (RBAC) and implementation of large PKI systems 99, at COSAC in Ireland in 2000 & 2001, and at the Intergovernmental Technology Conference in 2000 and the Web Edge Conference in 2001.

As a practitioner in the high-tech security industry for over twenty years, Mr. Brotby is the principal Xerox BASIA architect and designer of the proof of concept project, pilot and global PKI implementation plan. Clients have included Microsoft, Unisys, AT&T, Alyeska, Informix, VISA, S.W.I.F.T., Digital Signature Trust, Paycom as well as RAND Corporation among numerous others. He serves on the board of advisors for Signet Assurance Company and as Chief Security Strategist for TransactPlus, a JP Morgan spinoff. Recently, Mr. Brotby has been involved in several trade secret theft cases in the Silicon Valley and in fraud investigation and funds recovery for a number of clients.

Krag is speaking in Sessions B1

Richard Cascarino

Well known in international auditing circles as one of the most knowledgeable practitioners in the field, Richard is CEO of Compact Business Services, a highly successful audit training and consultancy company.

He is a regular speaker to National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA.

Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc and is a member of both the Computer Society of South Africa and the American Institute of Certified Fraud Examiners (South African Chapter).

He is also a visiting Lecturer at the University of the Witwatersrand and Technikon SA.

Richard is speaking in Masterclass M6

John Ceraolo

John is currently the Manager of Corporate Security at Citrix Systems Incorporated, the makers of MetaFrame software in Ft. Lauderdale, Florida. He has been with Citrix since 1999. John is a CISSP and has been in the information security field for over twelve years and has worked previously with Siemens and VNU Publishing. He has been a past speaker at COSAC, CSI and COMPSEC conferences.

John is speaking in Session F3

Andy Clark

Andrew is a Director and co-founder of Inforenz Limited, a provider of consulting services for information forensics.

He has been a consultant and expert witness in the areas of Information Systems Security, Systems Engineering and Cryptology. His work has produced study reports for senior management and board level within banks, multi-national companies, and directorate level in central government.

Andrew is a Fellow of The Institution Of Electrical Engineers (F.I.E.E.) and President of the International Association for Cryptologic Research (I.A.C.R.) which is an international body, dedicated to research in cryptology and I.T. security. He is the author of nearly fifty papers on security issues, and has spoken at international conferences on security for more than fifteen years.

In September 2001 Andrew was the first ever recipient of the prestigious COSAC Award.

Andrew is speaking in Sessions C2 and D1

Stan Dormer

Stan Dormer is Director, Education and Training of the MindGrove team at Ink-e Media. He has a career that spans more than thirty years of information systems technologies, security and auditing, has been involved with research and with the automation of processes since the mid ‘70s, and is at the forefront of the use of technology to control technology.

Stan is an elected fellow of, and has been a contributor to, the Institute of Internal Auditors – UK and Ireland, since 1975. Stan has spoken at numerous conferences including the COSAC series of Computer Security Audit and Control Conferences, COMPSEC, CHARTAC - the IT specialist forum of the Institute of Chartered Accountants, ISM the pan-African information security and control conferences, at the member meetings of The Open Group, and at the ACE Audit Automation series of conferences.

Stan was the inventor of the first practical Resident Audit Monitoring system embedded in an operating system, has developed a concise and formal risk and control methodology and most recently has developed novel Process analysis methods to investigate security practices.

Stan is speaking in Masterclass M4 and session A3

Dr David B. Everett

David Everett graduated from Southampton University in 1976 and joined the Medical Research Council, Mill Hill, London as Head of Electronics. He was subsequently made Director of Computing and Electronics where his interest in coding theory and cryptography for the protection of data was stimulated.

David founded Open Computer Security Ltd in 1980 which was responsible for the design of tamper resistant cryptographic hardware modules that authenticated messages for CHAPS (Clearing Houses Automated Payment Scheme), and then went on to be a security consultant at EftPos UK from 1985 to 1990 where he was responsible for the security design of the first commercial product to use the RSA cryptographic algorithm.

Between 1990 and 2000, David was Technical Director at Platform Seven, a division of the National Westminster Bank. He was the technical architect of Mondex, a new concept for a Smart Card electronic purse and was also responsible for the design and development of a multi-application Smart Card operating system based on the use of a virtual machine in the IC chip known as Multos. David first proposed the use of a virtual machine for Smart Cards in 1985 whilst working on the ISO 7816 standard.

David was awarded the IEE Ambrose Flemming award for the design of a Compton Effect gamma ray camera in 1978, and in 1984 the BCS Application Award for the design of a software protection system using enciphered code. David is currently Chief Technical Officer to the president of the Datacard group and Technical Director of Smart Card News Ltd.

David is speaking in Session E2

Vince Gallo

Vince is a Certified Information Systems Security Professional and has developed cryptographic products for more than twenty years, including hardware, tamper-resistant devices, and high assurance software.

In 1994, Vince formed Sapher Servers Limited and, as Managing Director, used his experience to deliver software products which add security to standard PC's used by Commerce, Finance and HMG. Following the acquisition of Sapher Servers by Entegrity Solutions in 1998, Vince managed the UK development team specialising in secure messaging solutions using cryptography to protect data. His work extended to consider covert channel attacks and counter measures and his world-famous Bunratty Attack was first presented at COSAC 1999.

Recently Vince has joined forces with some long term colleagues to form Inforenz, delivering custom secured projects and consultancy. Vince is responsible for the development of their products specialising in aspects of information forensics that draw on his experience of providing security solutions.

Vince is speaking in Sessions C3 and C4

Michael Harris

Michael Harris is a security specialist with the Ernst & Young Irish Security & Technology Solutions practice. He holds Bachelors and Masters degrees in Physics from University College Cork and a Ph.D. in computational physics from the Max Planck Institute in Stuttgart, Germany.

He has extensive experience in UNIX system administration, firewalls, Cisco networking and Public Key Infrastructure technologies. He has designed and developed security infrastructure including firewalls, Intrusion detection systems, authentication servers and content security systems.

At Ernst & Young, he has performed penetration testing on a variety of information systems utilizing leading edge tools and techniques and provides advice on a number of security technologies including intrusion detection. He is currently developing methodologies for web application security assessment and helps clients secure their web-based applications.

Michael is speaking in Session H2

Jay Heiser

Jay Heiser, CISSP, is an Information Security Officer in the Group Risk office of UBS AG, the global Swiss financial services firm, and is currently located in London, England. A seasoned professional with fourteen years of security experience, he has helped secure the infrastructures of many leading Internet service providers, banks, manufacturers, and the US Department of Defense. An Addison Wesley author, he co-wrote Computer Forensics: Incident Response Essentials, and has just started writing a new handbook on Information Security. A columnist for Information Security magazine since 1999, he has served on the Editorial Advisory Board, and was the first Security Editor for Java Developers Journal. He has also written for InfoWorld, Network World, Web Techniques, and The Handbook of Information Security Management. In demand in both Europe and America for his entertaining and thought-provoking presentations, Mr. Heiser has an MBA in International Management from the American Graduate School of International Management.

Please e-mail me on

Jay is speaking in Session A1

Carl B. Jackson CISSP

Carl Jackson is a Certified Information Systems Security Professional (CISSP) and brings more than 25 years of experience in the areas of business continuity planning, information security, and information technology internal control reviews and audits. As the QinetiQ-TIM Corporation Global Security Practice, Vice president-Continuity Planning, he is responsible for the continued development and oversight of QinetiQ-TIM (US) Methodologies and tools in the enterprise-wide business continuity planning arena including network and eBusiness availability and recovery.

Before joining QinetiQ-TIM, Mr. Jackson was with Netigy Corporation and also served as a Partner with Ernst & Young LLP where he was the firms BCP Service Line Leader. Mr. Jackson has extensive consulting experience with numerous major organizations in multiple industries including: manufacturing, financial services, transportation, healthcare, technology, pharmaceutical, retail, aerospace, insurance, and professional sports management. He also has extensive business continuity planning experience as an information security practitioner, manager in the field of information security and business continuity planning, and as a university-level professor.

Mr. Jackson is currently serving as Chairman of the Information Systems Security Association (ISSA) International Board of Directors. Previously, he was a founding board member and past-president of the ISSA as well as serving as a founding board member of the Houston, Texas, chapter of the Association of Contingency Planners (ACP). Mr. Jackson is a past member and past Emeritus member of the Computer Security Institute (CSI) Advisory PCouncil and is the recipient of the 1997 CSI Lifetime Achievement Award. He has also served on the editorial and advisory boards of both the Contingency Planning Management (CPM) magazine and Datapro Reports on Information Security.

Mr. Jackson has authored numerous reports and articles on business continuity planning and information security issues - the most recent in Auerbach's Information Security Management Handbook. He is a frequent conference and workshop speaker on various BCP and security topics and has been an associate professor at California State University-Long Beach for both BCP and information security courses. Mr. Jackson holds a Bachelor of Business Administration in Finance from Boise State University.

Mr. Jackson is speaking in Session PS5

Cheryl Jackson

Cheryl Jackson is an information systems security professional with over twenty years of progressive experience in information services. She is a Certified Information Systems Security Professional (CISSP), and her career includes experience in operations, systems administration, analysis, design, and implementation of end-to-end information security solutions. These comprehensive information security programs effectively combine personnel, management and technology to assure confidentiality, integrity and availability of mission critical business information. She is also a Certified Business Continuity Planner (CBCP), and in this role has been responsible for every aspect of business continuity planning, including risk analysis, business impact analysis, and the design, testing, and implementation of business continuity plans, disaster recovery procedures, and crisis management plans. She has extensive consulting experience with major organizations in multiple industries including investment banking, oil and gas, manufacturing, energy, transportation, and communication.

She is currently an employee of ThruPoint, Inc. where she serves as an information protection Subject Matter Expert and Principal Consultant. Cheryl was formerly part of the Netigy Global Security Practice as a Manager on the team responsible for the continued development of methodologies and tools in the security management process arena. Her career also includes Perot Systems as part of the Information Security and Business Continuity Teams where she led a number of engagements for major clients to develop information security solutions and business continuity/crisis management/disaster recovery plans. Prior to that she worked for ten years for The MinuteMaid Company, A Division of the Coca-Cola Company, as a member of the Information Security team, responsible for design, implementation, and management of information security controls on all of the company computing platforms. Among her accomplishments at MinuteMaid, Jackson designed and implemented the company’s first corporate-wide information security program.

She is currently serving on the Board of Directors for the South Texas ISSA Chapter. She is a former chairperson and emeritus member of the Computer Security Institute Advisory Council, past president of the Southwest CA-ACF2 Users Group, and a frequent speaker at professional conferences and meetings.

Cheryl is speaking in Session F1

Ray Kaplan

Ray Kaplan is a Security Curmudgeon @ Large and a Security Evangelist, currently an independent consultant in Minneapolis, Minnesota in the US. He has 25 years of experience in the computing industry, with over 16 years in information security. He maintains Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) certifications and instructs the 5-day Common Body of Knowledge CISSP review course for the ISC*2.

He was the recipient of the Computer Security Institute's (CSI) 1999 Lifetime Achievement Award in recognition of his contributions to CSI and the industry. His experience covers the managerial, personnel, and technical aspects of information security, including architecture, policy, standards, design, implementation, management and operations, and information security consulting for a variety of organizations from all segments of the economy around the globe. He is widely known in the security community for the breadth and depth of his general expertise and continues to be a prolific public speaker and a published author. He has given hundreds of presentations and his writings continue to be part of the Common Body of Knowledge on which the CISSP is based. Also known as the "Security Curmudgeon @ Large," he is a long-time security evangelist who has spoken all over the world in forums ranging from user groups to conferences, seminars and private venues.

He still preaches the virtues and necessity of effective information security and presents technical tutorials at security events internationally. In addition, he is known for his pursuit of unique pedagogical frameworks designed to being together disparate voices together from across the security landscape to talk openly about system and network security. In this regard, his Meet The Enemy session in which an assembled audience interacts with the "underground" remains popular as do his introduction to TCP/IP security sessions.

He is known for his candor and outspoken points of view. He maintains memberships in many professional organizations including CSI, the Information Systems Security Association (ISSA), the Information Systems Audit and Control Association (ISACA), and the Institute of Electrical and Electronic Engineers (IEEE.) He participates in many industry forums and consortia.

Ray is speaking in Session PS2

Denis Kelly

Denis Kelly is the IT and Business Process Manager for the Power Generation and Energy Trading Division of ESB. Prior to his current position Denis has worked in IT Planning, Telecommunications, IT Audit, Programme Management and e-Business. He is a CISA, holds a Masters Degree in IS Systems Design from Trinity College Dublin and is a visiting lecturer to the Masters Programme in IS Strategy at DIT Dublin.. His areas of expertise include Telecomms, Data Networking, Security, EFT, Process Control Systems, Y2K, IS Risk Management and Business Process Re-Engineering. In more recent times he has been concentrating more on the Business Process side of his role and has a special interest in methodologies which help to improve the benefits delivered from IS investments.

Denis is speaking in Session B4

Ken Lindup

Ken has spent the last 30 years helping to secure business against the threats posed by developments in information technology. Ken has worked in many countries on various projects and has wide ranging experience of information security. Currently, Ken is involved in a major project to secure the networks of an international airport. Security in airports is key given the threats from terrorist attacks and the ubiquitous spread of technologies such as TCP/IP, E-mail and the Internet into the systems used to manage and control the airline industry.

Ken is a long established speaker at security conferences and is on the editorial boards of the Information Security Monitor, Network Security and the Information security Bulletin.

Ken is speaking in Sessions E1 and G1

David Love

David Love joined Computer Associates in April 2000 as a Security Specialist in the Business Technology function. He is employed in the European Strategic Accounts Group in a high level consultancy role and is utilized as a specialist presenter at major marketing events and security symposiums. Last year, he presented at the EC IS2000 Conference in Vienna and at COMPSEC 2000 in London, the leading IT Security conference outside the USA. He represents the Computer Industry on the HMG Foresight Commission that is examining the implications of Cyber Crime to the year 2020 and also represents Computer Associates on the Security Chapter of Interforum; a not-for-profit campaign of prestigious and influential companies in the UK that sponsor and promote electronic trading.

Previously a senior officer in the Royal Air Force from which he took early retirement to join Computer Associates, he enjoyed a twenty-eight year career in counter-intelligence and security. Retiring as the RAF Head of Information Security, he had been involved with computer security since 1984. In this final role, he provided assistance to the Cabinet Office in the Critical National Infrastructure initiative in the protection of Information Technology critical to the well-being of government, commerce and industry in the UK.

His background is across the full spectrum of security and previous apppointments included as Chief of Security for all NATO Military Forces and Headquarters in Europe. In this role, he led the Supreme Headquarters Allied Powers Europe Security Inspection Team to all NATO areas of Europe and made contact with most national Security Services in the region. He was a member of the NATO Security Committee where the NATO member nations negotiated Alliance Security Policy at governmental level. He was also a member of the Nuclear Security Group that agreed minimum standards for the protection of nuclear weapons and materials throughout Europe.

Other overseas appointments included head of Counter-Intelligence and RAF Police in Hong Kong during the time of Tiannemen Square incident and assignments in Germany and Cyprus. He is well travelled in Europe, the Far East and the USA.

In the UK, he has filled various high-level appointments in which security strategies were involved for the Ministry of Defence and other Government Departments.

David is speaking in Session D3

David Lynas

David Lynas is the Chairman of COSAC – an event he founded nine years ago.

David is recognised as one of the world’s leading authorities on Information Security Strategy and Architecture. He is a globally respected Information Security professional with a proven record of success over twenty years of practical experience in delivering some of the world’s most high profile security solutions across almost every aspect of that multi-disciplined profession.

David is currently the Director of Global Service Development and Marketing at QinetiQ Trusted Information Management. Previously he was Director of Professional Relations and Director of Security Architecture for Netigy Corporation’s Global Security Practice, and was Operations Director at Sherwood Associates Limited.

In high demand as a presenter and facilitator, David has delivered sessions and keynotes on more than forty different security titles to major international conferences on five continents. He has been subject chair for Security Strategy and Network Security at the World Conference on Computer Security, and was a special advisor to the UK bid for the WITSA special congress on Information Security. He was the first European to be invited to present the key note to the Computer Security Institute’s annual conference and in addition to being the only European faculty member of CSI, he undertakes two world lecture tours per year for Pink Elephant International. He is also a widely published author.

David is speaking in Masterclass M3 and is facilitating Tuesday's Open Forum PS3

Professor Tsutomu Matsumoto

Tsutomu Matsumoto is enjoying research and teaching mainly in the fields of cryptology and information security as a Professor in Graduate School of Environment and Information Sciences, Yokohama National University, Japan.

He received the Dr. Eng. degree in Electronic Engineering from the University of Tokyo in 1986. Since then his base has been in Yokohama National University where he served as a lecturer from 1986 to 1989 and an associate professor from 1989 to 1996 in the Division of Electrical and Computer Engineering and an associate professor from 1996 to 2000 in the Division of Artificial Environment and Systems, Graduate School of Engineering. Since 2001, he has been a professor in the Graduate School of Environment and Information Sciences.

From 1990 to 1992 he was a visiting scholar in the Institute of Monetary and Economic Studies, the Bank of Japan. In 1994 and 1996 he was a visiting professor in the Department of Computer Science of the University of Karlsruhe, Germany. In 1996 he was a visiting researcher in the Newton Institute of Mathematical Sciences of Cambridge University, U.K.

He is a member of Cryptography Research and Evaluation Committee of Japan and is on the board of International Association for Cryptologic Research. He served as the program co-chair of ASIACRYPT'96 and as the general chair of ASIACRYPT2000. He was an associated editor of Journal of Computer Security and is on the board of the Japan Society of Security Management. He is a member of IEICE Technical Group on Information Security and of IPSJ Special Interest Group on Computer Security.

He received Achievement Award from the IEICE in 1996.

Tsutomu Matsumoto is speaking in Session PS7

Aled Miles

Aled Miles is Vice President and Managing Director of Symantec Northern Europe: part of the global, $1.3 billion a year (sales) software company, providing product and services solutions in the internet & network security arena centered in risk management and mitigation. (NASDAQ: SYMC)

The last 7 of Miles’ 15 years IT experience are at Symantec, with roles in Europe, Middle East & Africa. Since his appointment in 1999 he has seen product and services revenues grow by over 400%.

Having been responsible for the EMEA channel in his first role at Symantec, based in The Netherlands, he has subsequently held both Sales and Marketing Director positions for the UK and the Nordic territories. He headed the EMEA integration of Axent Technologies, acquired by Symantec for $1billion at the beginning of 2001.

Miles has chaired and keynoted on more than a dozen different aspects of security and broader business to major international conferences on four continents having recently shared the stage with Lord King (former Minister of State for Northern Ireland) and Carl Bildt (former Swedish Prime Minister).

He appears regularly on CNN, BBC television & radio, Sky News, CNBC & Bloomberg, and is frequently quoted in the national press. Miles has represented Symantec as a security advisor to the UK e-envoy and is a board member of the IAAC (Information Assurance Advisory Council). In November 2001, he accompanied Lord Marshall of Knightsbridge (Chairman: British Airways) & Lord Lamont of Lerwick to Moscow to meet with Her Majesty’s Ambassador to Russia & CIS as part of a high level CBI (Confederation of British Industry) trade delegation.

Miles is 37 years old, a graduate in English from the University of Surrey, a patron of the national children’s charity “The Rainbow Trust” and is a keen rugby fan.

Miles is speaking in Session G2

Richard Nealon

Richard leads the Asset Protection Group within Bank of Ireland IT Solutions. He has many years of experience in IT security, and has worked on a number of high profile applications for the Bank. In recent years he has been also been involved in test development for ISC². He also holds the SSCP, CISA, CISMP(BCS) certifications. He was awarded the Presidents prize by ISC² in 2001 for his work on test development. He is a member of the Institute of Bankers in Ireland, and is on the Committee of the Irish Information Security Forum (IISF).

With a keen interest in the application of cryptography and key management, he has observed a significant change over the past decade in the security controls employed to protect confidential information being gathered from remote locations (e.g. ATMs).

Richard is speaking in Session C2

John O'Leary

John O'Leary, CISSP, is the Director of Education for Computer Security Institute. His background spans three decades as an active practitioner in information systems security and contingency planning and includes experience in programming, operations, systems analysis, project management, auditing and quality assurance. John has designed, implemented and managed security and recovery plans for networks ranging from single site to multinational. As CSI's all-time highest-rated and most requested instructor, he has trained thousands of practitioners and regularly conducts on-site programs at major corporations and government facilities worldwide.

John is speaking in Sessions M1 and F2 and is facilitator of Wednesday's Open Forum, PS6.

Gerry O'Neill

Gerry O'Neill is a regular COSAC presenter and participant, and a strong believer in the philosophy of sharing of experience to drive and build our profession. He also has the honour of having been the presenter of the opening session at the very first COSAC, now nine years ago.

Gerry is Head of Group IT Risk at Barclays Bank PLC, where he is responsible for developing and maintaining all aspects of the Group's strategy for IT Risk. This includes definition of IT security policy, thought leadership on security and risk management, and functional leadership for the IT security community across the Barclays Group. Policy compliance, data protection and regulator liaison on IT risk issues also fall within his scope.

Prior to joining Barclays, he has held a number of security and risk management roles in leading consultancy organisations, such as PricewaterhouseCoopers, CMG Admiral and the National Computing Centre.

Gerry is speaking in Sessions A4 and I2

Simon Pascoe

Simon Pascoe is a Lead Internet Security Architect working within BTexact Technologies (BT Advanced Technology and development division). He is based at BT’s Advanced Communications Technology Centre Adastral Park, Martlesham Heath.

He has more than seven years experience with IT Security with the past five and a half years specialising in Internet security and Secure internet system design.

He is the security design authority for the BT Ignites Web Hosting products, Security Design authority for the BT Ignites Global Internet Data Centres.

He is the author of BT’s Internet Security Strategy, a member of the BT CERT Task Force. He has written papers (for internal publication), run workshops with live demonstrations of hacker tools/ techniques and as well as presentations teaching good internet security design (to the development and design community within BT).

He leads the Internet Security Design and Consultancy team within BT Exact’s Internet and Multimedia Solutions Division. His team is involved in the design of e-commerce, OSS and web hosting platforms and also develops hardened server builds via extremely aggressive testing against test server configurations and firewall protected servers. The team is currently developing ‘hardened’ server builds for several application hosting platforms and customers.

His particular technical interest is research into the techniques and demonstration of attacks through firewalls and against firewall protected servers.

Simon is speaking in Session B3

Dan Quealy

Dan specialises in developing programs to identify and manage the risks of our clients’ electronic commerce initiatives. Prior to joining Ernst & Young, he held positions as the Manager of Business Administration and the Manager of Systems Integrity for the Information Warfare Division of the Northrop Grumman Corporation.

Recent projects include:

  • Top Five Commercial Insurer: Executive leader for team that performed risk assessments, risk mitigation strategies and security designs for eCommerce initiatives.
  • Caterpillar: Project manager for a company team that designed and implemented a secure eCommerce solution to allow business partners and Joint Ventures to access critical data on the company Intranet.
  • Amoco: Project manager of a cyber process assurance engagement that achieved Internet connectivity between Amoco’s franchises and the corporate headquarters, allowing the transfer of sensitive financial and customer data between business units.
  • Whirlpool: Developed Information Security Architecture for the Corporate IT group. This initiative had been attempted at Whirlpool for three years without success. A combination of Information Security knowledge, team building skills and a background in Business Development were required for a successful conclusion to the engagement.
  • ABN Chicago: Developed a strategy to conduct a review of the Information Security Controls and the Disaster Planning procedures in place to help the client prepare for a crucial Section 20 Review by the Federal Reserve Board. Dan assembled a team and coordinated the efforts to successfully complete the review in three weeks.

Dan graduated from the School of Computer Science at DePaul University with a Masters of Science in Telecommunications. He is Past President of the High Technology Crime Investigations Association and a frequent speaker on the topics of Telecommunications Security and Information Security. Dan is also an instructor at DePaul University and teaches security in their Web Commerce Program.

Dan is speaking in Session H2

Mark Rasch

Mark D. Rasch, Esq. is an independent computer security, privacy, and legal consultant in Bethesda, Maryland. He was formerly the Vice President for Cyberlaw for Predictive Systems, Inc. providing computer security consulting and implementation services to the United States government, intelligence and law enforcement agencies, as well as commercial enterprises.

Mr. Rasch advises banks, insurance companies, entertainment companies, and other Fortune 100 companies on legal and policy issues relating to doing business in Cyberspace. He has written and lectured extensively on computer crime, privacy, trademark and trade secret issues on the Internet, and has been featured in USA Today, The New York Times, NBC Nightly News, ABC’s Nightline, PBS’ Technopolitics, CNBC, and NPR as an expert on computer law and policy.

He has a Juris Doctor degree from the State University of New York at Buffalo, and is an adjunct faculty member of the Washington College of Law at the American University, where he teaches courses in white-collar crime including computer crime.

Prior to joining Predictive, Mr. Rasch was an attorney in private practice with the Washington, D.C. law firm of Arent Fox Kintner Plotkin & Kahn, and, for almost 10 years, a trial attorney with the U.S. Department of Justice, where he headed the Department’s efforts to investigate and prosecute computer and high-technology crime. During his tenure with the Department of Justice, he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called “Internet Worm” and the investigations of the Hannover hackers featured in Clifford Stoll’s book The Cuckoo’s Egg, and of Kevin Mitnick.

Mark is speaking in Session D4

Anthony E. Sale, Hon. FBCS

Tony Sale had early careers in the RAF, Marconi Research Labs and MI5 before starting his own computer software company in 1968. He and his wife ran this for twelve years. He was then Technical Director at the British Computer Society moving to the Science Museum of London in 1989 to restore some early computers to working order.

In 1991, he and some colleagues started the campaign to save Bletchley Park, the secret wartime code breaking establishment, from destruction for redevelopment. In 1993 he became Museums Director of the Bletchley Park Trust and set up the Museums in Bletchley Park which opened to visitors in 1994. He started the rebuild of the Colossus code breaking electronic computer in 1994 and had the basic parts working in 1996. Following a disagreement over the future development of Bletchley Park he was forced to resign as Museums Director in 1999.

However, Tony has continued research into the wartime code breaking and now has his own web site: He has lectured all over the world on wartime code breaking and has advised and appeared in many TV programs and films.

Tony is speaking in Session C1

E. Eugene (Gene) Schultz ph.D., CISSP

Eugene Schultz, Ph.D., CISSP is a Principal Engineer with Lawrence Berkeley National Laboratory and also teaches computer science courses at the University of California at Berkeley. He is the author/co-author of four books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, and the latest on incident response. He has written over 90 papers.

Gene is the Editor-in-Chief of "Computers and Security", and was the Editor-in-Chief of "Information Security Bulletin" from 2000 through 2001. He has received the NASA Technical Excellence Award and the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, and was recently elected to the ISSA Hall of Fame.

While at Lawrence Livermore National Laboratory, he was the founder and original project manager of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) and also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Gene is speaking in Sessions M2 and B2

John Sherwood BSc MSc CEng FBCS CMC CISSP

John Sherwood is the Director of Professional Services (EMEA) within QinetiQ Trusted Information Management and is one of the key players transforming that company into a global world-class provider of Information Security Services.

He has 32 years experience as an information-systems professional, the last 17 of which have been as a specialist in security of business information systems. The great majority of this security experience is in the banking and finance industry, but covers also aerospace, chemicals, oil & gas, telecommunications and government.

Previous appointments include: Practice Director EMEA at Netigy (Feb 2001 – Sept 2001); Executive Director Architecture at Netigy (Jan 2000 – Feb 2001), Managing Director at Sherwood Associates Limited (Feb 1990 – Dec 1999); Managing Director at Computer Security Consultants Limited (Jan 1989 – Jan 1990); Systems Support Manager at Computer Security Limited (September 1985 – December 1988); Principal Lecturer, Software Engineering & Digital Communications Systems, De Montford University, Leicester (July 1983 – August 1985).

John is also a visiting lecturer and external examiner at Royal Holloway College, University of London, and has published and lectured extensively around the world on a broad range of topics in the information security domain.

John is speaking in Session A2

Pete Simpson

Pete currently researches novel malware techniques and monitors active malware-writing groups, as well as designing and developing countermeasures. Special interests lie in the areas of content-based information theft and electronic counter-espionage. Pete has worked as an IT security professional since 1985, when as a senior programmer in British Telecom he was selected to head a small 'Tiger Team' to perform penetration testing of a very large network of IBM mainframes. Activities included numerous computer centre security reviews and consultancy to operational units. As a Senior Consultant, he acted as IT security advisor to the corporate security committee and authored the corporate Computer Security Policy. He also provided technical and forensic support to the BT Computer Crime and Security unit and the Internal Audit division.

In 1988, he was appointed Head of Computer Security in a middle-eastern Police Force, with responsibility for a wide range of systems, including Motor Vehicle Licencing; National Identity Cards; Digitised Fingerprints and Mugshots; Airport Entry-Exit; Immigration Blacklist; Companies Registration and CID and Special Branch systems.

Pete returned to BT as a Principal Consultant in the Applied Computer Security group to perform operational reviews and penetration testing of major systems and develop technical security guidelines and procedures for implementation throughout all BT's UK computer installations. He was a founder member of the Independent Information Security Group, which he chaired from 1993-95.

In 1992 Pete moved on to become an independent IT Security Consultant, acting as security advisor to the UK Department of Trade and Industry in the deployment of in-house office automation systems, designed to process nationally classified information up to the level of occasional Secret. As part of the project Pete identified the broad scope for Word macro attacks, three years before the Concept virus appeared in the wild. He discoverered the vulnerability later to be dubbed the "Bunratty Attack", which he demonstrated to the UK MOD Information Warfare Unit.

He developed and brought to market the product Defuse - a desktop security software suite, designed to protect against a range of hostile code (including, but by no means restricted to viruses), exploiting the power of Microsoft Offices' Visual Basic for Applications language. Defuse was reviewed in the July 1998 issue of Virus Bulletin.

Pete was invited to join Content Technologies' (now Clearswift Corporation) research department, in 1999, to set up the ThreatLab - a unit tasked with proactive research of incipient internet content-based threats and development of practical solutions and workarounds. Pete has presented at international security conferences and published many papers.

Pete is speaking in Session E4

Valene Skerpac

Valene Skerpac is a past Chairman of the Institute of Electrical and Electronic Engineers, New York Communication Society. She is also a certified information security professional and President of iBiometrics, Inc. Her work over the past decade has dealt with biometric systems and network research, development and consulting activities. Prior to this, she was employed by IBM for 11 years in a number of positions, initially as a programmer, then a systems engineer and later in management positions.

Most recently, Ms. Skerpac wrote a chapter on voice communications security for the Information Security Handbook, published an article on biometric integration methodology and design in the Information Security Bulletin and a technical paper presented at the 2001 International Systems Security Engineering Association Conference. Ms. Skerpac graduated from Rutgers University with a BA in Mathematics and was awarded an IBM Financial Services Institute Certificate from the Wharton School.

Ms. Skerpac is speaking in Session E3.

Nick Spenceley

Nick is one of the Founder Directors of Inforenz Limited. He is responsible for Company Operations and ensuring the delivery of the company's projects. He also carries out specific client assignments in the areas of Project Management, Procurement Support, Hardware Design, System Definition and Training.

Prior to founding Inforenz, Nick held a number of senior positions at Logica and Entegrity Solutions. At Entegrity Solutions he was responsible for the delivery of all Professional Services projects within Europe, primarily involving the provision of secured online access to client's new and legacy CRM systems.

Before joining Entegrity Solutions in 1999, Nick managed the Logica business unit responsible for all projects for secure HM Government clients for 3 years. Prior to this he either managed, or was part of the management team, on some of Logica's largest projects.

Nick holds an honours degree in Electronic Engineering and is a Fellow of the Institution of Electrical Engineers (F.I.E.E.).

Nick is speaking in Session PS4

David Spinks

David Spinks is responsible for EDS’ Security and Privacy services including Cyber Intelligence, Business Risk Management Consulting, E-Trusted Services, Computer Forensics, Cyber Security Institute and Secure Digital Communications. More recently he was asked to coordinate EDS’s aviation security product and service offerings including personnel and baggage Biometric and Smart Card Authentication systems.

He is chairman of the E-commerce Security special interest group and the Eurim Business Continuity committee. In addition, he is a member of the Guild of Security Controllers, the British Computer Society and co-author of the guide “E-commerce – A World of Opportunity”.

David has spoken to audiences all over the world on subjects such as Risk Management, Cyber Crime, Business Continuity Planning and Information Security. He is an experienced media spokesperson and has been interviewed on the terrorist threat to aviation on international outlets such as CNN.

As part of the U.K. government’s National Infrastructure Protection initiative, David has spoken alongside Prime Minister Tony Blair and he has advised the UK and European governments on E-Crime and terrorist actions and industry leaders on emergency planning. In 1999 he updated the World Bank and the United Nations on the United Kingdom’s preparedness for Y2K.

In 2001 David was invited to speak at conferences at Royal Holloway, IQPC, CESG, COSAC, TMA and ISSE. As part of EDS’s Atlantic Challenge he delivered a number of high profile presentations to clients and the media.

EDS, the leading global services company, provides strategy, implementation and hosting for clients managing the business and technology complexities of the digital economy. EDS brings together the world’s best technologies to address critical client business imperatives. It helps clients eliminate boundaries, collaborate in new ways, establish their customers’ trust and continuously seek improvement.

David is speaking in Session D2

Michael Wiener

Michael Wiener has made meaningful contributions to cryptologic research and has 15 years of experience in the development of cryptographic products and systems. He has designed secure telephones, secure X.25 data communications encryptors and associated key management systems, and most recently he specified the initial security architecture for Entrust's Public Key Infrastructure product line and contributed to its evolution. Mike's research results are mainly in the areas of cryptanalysis and secure protocol design.

Michael's early work included breaking certain types of keys for the most widely used public-key cryptosystem called RSA, and designing a machine to break the US Data Encryption Standard that is used to protect banking transactions. Later he co-invented a technique called parallel collision search that gives the best attack known on the US Digital Signature Algorithm, elliptic-curve cryptosystems, double- and triple-encryption, and hash functions used in creating digital signatures.

Michael is speaking in Session PS1

Peter Wood

Principal - First Base Technologies

Peter founded First Base in May 1989 as a vendor-independent consultancy. First Base Technologies now provides information security consultancy and "ethical hacking" services to clients such as Aon Group, B&Q, Bradford & Bingley, LloydsTSB, the Natural History Museum, Skipton Building Society, Tesco and United News and Media.

Peter has hands-on technical involvement in the firm on a daily basis, working in areas as diverse as network security reviews, firewall penetration testing and policy and procedures.

He also lead regular technical seminars on firewalls, ethical hacking techniques, Microsoft NT and Internet Security

Peter is a popular speaker at many conferences, including COSAC, EuroCACS (ISACA), BCS-IRMA and BCS-ISSG. His topics include Casebook of an Ethical Hacker, Intrusion Detection and Implementing BS7799.

Brief History

Peter has worked in the electronics and computer industries since 1969. During the mid 70's he ran the UK operation for Raytheon International Data Systems, a major supplier of wide area network systems for airlines. He also provided training for customers and staff at Raytheon's headquarters in Amsterdam.

In 1979 he founded Amplicon Micro Systems, one of the first personal computer dealerships in the UK. Amplicon grew to be one of the largest suppliers of personal computers in the South of England. In 1983 Amplicon gained IBM Systems Centre accreditation, specialising in network systems and host connectivity. As a main board director, Peter was responsible for all technical issues and staff training.

During 1988, Peter was contracted to South East Computers, where he provided the technical knowledge to achieve IBM Systems Centre and Novell Systems House status. As Technical & Marketing Director he ran the customer support, software and maintenance departments as well as much of the advertising and PR for the company. He was also responsible for staff training on technical and management subjects.

Professional Memberships

Peter is a member of many prestigious organisations, including the British Computer Society, the Institute of Electrical and Electronics Engineers, the Information Systems Audit and Control Association and the Association of Computing Machinery. He is also a BCS Registered Security Consultant, a Microsoft Certified Product Specialist and a member of Mensa.

Peter is speaking in Masterclass M5

This web site is designed and managed by
All content on this web site © 2001-2002 and COSAC
- All Rights Reserved -