SPEAKING.LOG
Keynotes, panels, and technical briefings on industrial security, cyber-physical risk, and emerging AI oversight — across Europe, the Gulf, the United States, and Asia-Pacific.
Attack chains, defensive architectures, and governance for OT, ICS, and cyber-physical systems.
Translating technical exposure into board-level decisions; framing risk for investors and senior leaders.
Practical AI governance and compliance — what survives real scrutiny under the EU AI Act, NIST, ISO.
ENGAGEMENT.HISTORY
How early-stage technology companies should think about cybersecurity as a strategic asset, not a back-office cost. Practical guidance on building a secure-by-default culture from day one — and why that translates directly into investor confidence, customer trust, and regulatory readiness as the company scales.
A panel session on the operational realities of securing industrial control systems in critical infrastructure. Focused on the gap between IT-style controls and OT-native risk, why most assessments miss real cyber-physical exposure, and what mature operators are doing differently to manage adversary-driven threats.
Cybersecurity due diligence in M&A is consistently treated as a checkbox exercise, then becomes a value-destroying surprise post-close. This session covered the questions PE investors and corporate development teams should be asking pre-acquisition, and how to structure remediation conditions when material findings surface.
Security innovation at the intersection of emerging technology and operational scale. Delivered at Expo 2020 Dubai, the talk explored how organisations and nation-states are rethinking the security stack as connected systems multiply, and where the genuine innovations are happening versus where the marketing ends.
Logistics and transport networks are increasingly cyber-physical attack surfaces, with consequences that flow directly into national resilience. The session covered third-party risk in supply chains, transport-system attack patterns observed in research, and the operational changes that meaningfully reduce exposure without grinding the business to a halt.
Industry 4.0 deployments are rolling out faster than the security models they depend on. This Gitex session covered how IIoT, edge computing, and converged IT/OT architectures expand the attack surface in ways most security programmes are not designed to detect, and what to do about it.
Cyber-physical security is no longer hypothetical. Drawing on field research and adversary simulation engagements, this Gisec talk walked through real attack chains where compromise of digital systems produced physical consequences — and the controls that demonstrably break those chains.
An industrial security session for a technical hacker audience: how the same primitives that make ICS networks reliable also make them brittle under targeted pressure, plus a walkthrough of recurring weaknesses observed across real-world plants and the simple controls that meaningfully reduce blast radius.
A Confidence Conference talk on cybersecurity research — how independent researchers find vulnerabilities the vendor missed, why disclosure economics are broken in places, and how the research community can keep producing high-impact work in an environment of increasing legal and operational friction.
An F5 Networks technical session on how attackers think. Walked engineers through the mental models adversaries use to find weaknesses in production systems — how reconnaissance shapes attack paths, why defenders consistently miss the obvious, and how to apply this lens to your own architecture reviews.
A Fortinet partner session on the hacker's mindset for enterprise defenders. Focused on the gap between control inventories and lived attack reality, with practical exercises engineers can run on their own networks to surface the kind of weaknesses that don't show up in pentests or compliance audits.
Delivered at the world's largest hacker conference two years running. The ICS Killswitch research demonstrated cyber-physical attack chains against industrial control systems — how seemingly minor compromises propagate into safety-relevant outcomes, and the disclosure-and-remediation path the research took post-DefCon.
Three years of BSides London talks on web application security and original research. Covered specific bug classes that were under-reported at the time, methodologies that consistently surface high-severity findings, and the arc of how the research community's web-app focus has shifted as deployment patterns changed.
Cybersecurity policy at Sweden's Almedalen Week — the country's premier political and policy gathering. The session translated technical attack realities into policy-maker language and explored where European cybersecurity legislation was ahead of, and behind, the operational threat environment.