Information Security

Protecting your assets

Phil Cracknell

Phil is regarded as one of Europe’s leading information security experts. He has held several CISO (Chief Information Security Officer) roles spanning five different industry sectors and thirty years.
His experience has been gained in a variety of high-profile technology and security management roles, enabling him to offer a unique and captivating insight to the world of information security, cyber-threats and risk management. 

As national publicity on the subject of ‘Wireless security’ peaked in 2002, Phil became somewhat of a cyber-security celebrity with appearances on Sky TV, BBC News and in national and industry press.
Phil remains highly technical with a hands-on security capability not normally present with someone of his seniority in the industry. 

He has vast amounts of project success, technical deliverable experience and can operate at any level. Serving as Group Security & Risk Advisory to Arriva Plc.(2015), Advisor to the Board at Camelot UK (2016/17), a board advisor retained by HomeServe plc (2017-18) and more recently the cyber security lead for the government health checks working for the Cabinet Office (2018-2019). He was the founder and chairman of the non-profit ClubCISO group – www.clubciso.org, is also a non-executive director of the Cloud Security firm Everycloud – www.everycloud.co.uk and board advisory for IP Performance www.ip-performance.co.uk.



• Runner-up in the SC Awards 2017 CISO of the year category
• Voted Cyber Security Awards Personality of the Year – July 2015
• BCS Information Security Professional of the Year – December 2014
• Former non-executive director for a Scottish investment company - 2016
• Head of Information Security for TNT Express ICS – Oct 2012 to January 2014 – interim role to structure the information security across 64 global regions
• Virtual (interim) CISO for two UK Airports and a mobile network operator – 2014/2015
• Global Director of Security for Yell Group plc. from April 2010 to August 2012
• Significant cyber-intelligence experience with UK Intelligence Services (1993-1995 and 2001-2003) and consulted for recent government cyber-crime initiatives
• From 1998-2000 Phil was the Global CISO for Japanese investment banking giant Nomura
• Phil has worked extensively with UK government departments and CESG on the design, implementation and operations of new connections to the government network (GSI/PSI) and ISO 27001 compliance and HMG standards
• Phil was the director of the Security Consulting Practice for Capgemini UK- 2006 and then Deloitte in 2007/8 – 2006-2008
• Sept 2006 – Appointed UK President of the ISSA
• 2008-9 – Based in Luxembourg, Phil became Skype’s as Head of Compliance reporting to the CFO
• 2009-10 – Phil worked as Head of Information Security for King Abdullah in Thuwal, Nr Jeddah in Saudi Arabia.
• Guest lecturer at Oxford University (June 2013) for the Cyber-security course
• Guest lecturer at Royal Holloway on Fred Piper’s Information Security Degree course for several years (2001-200















Press links

Dating back from 1998

General Security Articles/Publications

• Computing – A Spammer in the works – 13th May 1998

• New Scientist – Article about Blitzkrieg - 30th May 1998

• The Register – Mobile GPRS Security - 21st Feb 2002

• Computer Weekly – MyDoom patch – 16th Feb 2004

• Computer Weekly – Antivirus – 7th October 2004

• The Times – Piggybacking – 6th August 2005

• Researchgate - Why Phish when you can trawl – December 2005

ITPro – Application Control Article – 27th Sept 2006

• FT.com –Changing faces and places - 18th October 2006

BCS Information Security Now – November 2006 https://www.bcs.org/upload/pdf/isNOW_autumn2006.pdf

• Computer Weekly – Retailers facing card data clampdown – April 10th 2007

• The Sunday Times – October 20th 2013

• The Guardian – February 12th 2013

• The Economist – Intelligence Unit – August 2013

• Computer Business Review – BYO Article - January 23rd 2014

• SC Magazine – Dropbox – 6th May 2014

• SC Magazine – Supply Chain Security 6th June 2015

• SC Magazine – Monitoring – 27th Oct 2015

• SC Magazine – BYOD puts enormous pressure on IT Depts – 4th February 2014

• Changing Employee Behaviour Article – 29th September 2015

• Insights for Professionals – August 2017

• Hiscox Small Business Centre (Online) 

• IT Security Guru (Online) – The Future of Hacking

• Summit – Focus on lack of quantification in the sphere of cyber security

• IT Security Summit – London – 3rd July 2018

• Internet of Business (Online) IoT Summit – November 2017

• ClubCISO – CISO Survey 2015 Invitation

• InfoSec Magazine – BYO and Cloud Q&A - 24th February 2014

• SC Magazine Interview re: Sony CEO – 12th January 2015

• LWood – Insurance Brokers (Online) – 30th August 2016

• Computer Weekly – InfoSec Panel Session – 26th April 2012

• Computer Weekly – Article on lack of awareness – 2nd June 2014

• The Wireless Survey of London - 2002

• The Register -February 14th 2003

• Comments on WiFi survey – taint.org – 10th April 2003

• ZDNet – WiFi hacked – Defcon - Aug 12th 2004

• BBC News – 10th March 2005

• Reining in Washington’s WiFi hotspots – 9th Mar 2005 

• BBC News – Wireless Hijacking - 28th July 2005

• CIO Update – Wifi networks still at risk 

The Register – Wifi Security Survey – 11th May 2005

• eWeek – May 25th 2006

• Wireless Survey – 18th Apr 2007


• Computing - Security fears over WiFi – 3rd May 2007

• Reseaux Telecoms – WiFi Security (In French) – 18th May 2007

• SC Magazine – Measuring cyber-security


WiFi Evil Twin Concept

• ComputerWorld - 25th April 2007

• PCWorld – 25th April 2007

• The Inquirer - Wireless Evil Twin – 26th Apr 2007

• ARS Technica – Evil Twin – 26th April 2007

• Network World – Wifi Evil Twin – 25th April 2007


Metrics

• Ascentor Online Article - Jan 2018

• LinkedIn Slideshare – 11th May 2016

• Bank Info Security - Metrics Project – July 28th 2016

• Cyber Defense Magazine – 8th November 2017

• Global Marketing Alliance – Risk Management Article – 16th November 2017

• Cyber Security Awards - 2015

• Cyber Security Awards 2015 

• BCS Industry Awards - 2014

• UK IT Industry Awards – 2014


Books/Official Publications

• Foreword mention - Book Publication – “The Weakest Link” - 2016

• Operation Banner – Northern Ireland 1969-2007



Polls

• Top CISOs to follow on twitter April 4th 2014

• Top 100 CISO’s - 2017 


Conferences/Presentations and Lectures

• Professional Security Magazine – NISC Conference – 3rd Dec 2007
https://www.professionalsecurity.co.uk/news/news-archive/nisc-date/

• Oxford University – 12th June 2013
https://www.oii.ox.ac.uk/events/bring-your-own-device-cyber-security-seminar-series-part-7/

• Oxford University – Guest lecture – Bring your own Device – 12th June 2013
http://www.cs.ox.ac.uk/seminars/889.html

• Security Experts Speak – Online Webinar – Jan 15th 2016
https://www.checkmarx.com/2016/01/15/p15898/

• Daily Telegraph m- DEN Live Event – 11/12th December 2017
http://denlive.com/seminars/smart-security

• Daily Telegraph Cyber Security Conference – 15th May 2018
https://app.qwoted.com/opportunities/event-the-telegraph-cyber-security-conference-2018

• Cyber Security for Critical Infrastructure – Conference – Amsterdam – February 2019
https://www.cybersenate.com/cyber-senate-news/2019/2/15/cybersecurity-for-critical-infrastructure-amsterdam-march-2627th

• Accellion - Information Sharing - 11th July 2018
https://vincoevents.com/events/learn-ciso-best-practices-copy-copy/

• Masterclass Workshop – EGG, London – 18th July 2018
https://london.eventful.com/events/masterclass-workshop-proactive-management-info-/E0-001-115325688-6

• Cyber Breach Response Workshop – 19th February 2018
https://www.evensi.uk/cyber-breach-response-workshop-library-private-members-club/232745899
• Known unknowns – 19th November 2019
Known Unknowns tour – 19th November 2019
 
White Papers
• Semantic Scholar - 2006
https://www.semanticscholar.org/paper/A-Study-of-the-TKIP-Cryptographic-DoS-Attack-Glass-Muthukkumarasamy/4e5ee6f50d20249816ba327564b5cd517252edb7?tab=abstract&citingPapersSort=is-influential&citingPapersLimit=10&citingPapersOffset=10&year%5B0%5D=&year%5B1%5D=&citedPapersSort=is-influential&citedPapersLimit=10&citedPapersOffset=0


Training Courses

• Cyber Security Breach Workshops

https://www.teiss.co.uk/cyber-breach-leave-professionals/

https://www.everycloud.co.uk/services/security-training/


Video Interviews

• InfoSec – Friday 13th 2012
http://www.infosecisland.com/videos-view/21446-The-Growing-Responsibilities-of-a-CISO.html

• Telecom TV – Talking security to the board
https://www.youtube.com/watch?v=3tamm5J1Qx4

• MESA Interview – Dubai – 24th Sept 2016
https://www.youtube.com/watch?v=PVjqGh1Fnx0

• InfoSec 2012 - Interview
https://www.youtube.com/watch?v=WXHFqVzdxLs


Podcasts

• Insecure Software: Whose fault is it anyway?
https://www.podomatic.com/podcasts/computerweekly/episodes/2007-03-26T06_48_06-07_00

Services

Cyber Breach

Playbook creation, scenario enactment and cyber breach response planning

Compliance

PCI-DSS, NIS (D), GDPR, SoX, MiFiD, ISO 27001

Awareness

Staff awareness training
Induction 
Periodic testing

Gap Analysis and Maturity Assessment

An independent view of the capability and maturity of your information security

Interim Management

Interim CISO
Transformation Projects
Security Leadership & Governance Development

Information Security

Gap Assessment
NIS Directive/GDPR Compliance
Penetration Testing
KPI's/Reporting/Metrics
 
Events

The Studio, Ministry of Sound, London - 4th December 2019

Cyber Security Live - Marshall Arena, Milton Keynes - 19th November 2019 - https://www.cybersecurityeventlive.com/

Cyber Security and Data Protection Summit - QEII Centre, London - 20th November 2019 - https://cybersecuritysummit.co.uk/

DOWNLOADS 

29 Highly Influencial CISO - 2020

Download PDF here