The IA's Cyber Resilience Forum​

The third annual IA “Cyber Resilience for Investment Management Forum" will bring together influential and highly experienced cyber security experts and Chief Information Security Officers from member firms to discuss the latest cyber challenges within the industry.

The Regulator’s recent focus on operational resilience has put cyber and overall resilience in the Investment Management industry under the microscope. The increasing volume and sophistication of cyber threats mean that our sector is coming increasingly under attack. Firms are prioritising cyber resilience to ensure they are protected against internal and external threats.

Attending this event will provide you with insight into:

• The regulatory focus on the importance of understanding and addressing cyber risk
• Industry practices to build cyber resilience
• Output from the IA’s Cyber Resilience Committee​

08:45-08:55 Opening remarks
Pauline Hawkes-Bunyan, Director Business: Risk, Culture and Resilience, The Investment Association

09:00-09:25 Presentation
Erika Lewis, Director of Cyber Security and Digital Identity, DCMS

09:30-10:00 Presentation
A senior representative from the NCSC

10:05-10:50 Panel: Current trends in Cyber Security
​Chair: Pauline Hawkes-Bunyan, Director Business: Risk, Culture and Resilience, The Investment Association
​David Scott, Aberdeen Standard and Chair, IA Cyber Resilience Committee
​Rohan Massey, Partner, Ropes & Gray
​​John Harrison, Head of Information and Cyber Security, Charles Stanley
Jenny Radcliffe, “The People Hacker”

10:50-11:10 Break

11:10-11:30 IA TITAN Demonstration
Patrick Fox, Customer Success Manager for Europe, Middle East and Africa, Anomali

11:35-12:20 Panel: Horizon scanning an uncertain world
Chair: John Allan, Senior Operations Specialist, The Investment Association
Don Randall, Executive Director, Don Randall Associates Limited
Robyn Leader, ISO, Sarasin & Partners
Awais Rashid, Professor of Cyber Security, Department of Computer Science, University of Bristol
A.J. Nash, Sr. Director of Cyber Intelligence Strategy, Anomali

12:20-12:30 Closing Remarks
John Allan, Senior Operations Specialist, The Investment Association

The Investment Association

Pauline Hawkes-Bunyan, Director, Business: Risk, Culture & Resilience, The Investment Association
Pauline is the Executive Director responsible for the Business: Risk, Culture & Resilience team at The Investment Association (IA). She supports IA member firms to shape and respond to policy issues that impact on risk, reputation and P&L.
Focus areas include;
• Operational & Cyber Resilience
• Culture and Conduct
• Technology
In addition to this, Pauline’s recent focus has been leading the IA’s work to support its members during the COVID-19 crisis.
Pauline has spent more than 20 years in the investment management industry seeing industry opportunities and challenges from adviser, in-house and trade body perspectives. Prior to joining the IA, Pauline was a Director at Aviva and Financial Services Partner at Deloitte.

John Allan, Senior Operations Specialist, The Investment Association
John is responsible, among other things, for fund operations at The Investment Association (IA), supporting IA member firms through operational challenges and developments, the application of emerging technology and regulatory change. Prior to joining the IA, John has held roles at BMO Global Asset Management and BNY Mellon in fund operations roles covering the UK, Ireland and Luxembourg.

Presenters

Erika Lewis, Director, Cyber Security and Digital Identity, DCMS
Erika Lewis was a founding member of London Government, moving from the voluntary sector to join the set-up team in the London Development Agency in April 2000. At the LDA she delivered regeneration programmes across London, in particular working with the Finsbury Park Partnership and on the Olympic Park delivery programme. Subsequently the Director of Strategy at the LDA, she was responsible for the development and delivery of the Mayor’s Economic Development Strategy.
In 2012, Erika became a Project Director at the Competition and Markets Authority where she delivered two merger investigations and led the Private Motor Insurance and Energy Market Investigation. Moving to the role of Director of Governance and Performance, Erika set up the CMA data, digital and tech team.
Erika joined DCMS in 2018 to deliver the National Data Strategy, in addition she was responsible for Data Policy and Ethics. After leading the ‘No-deal’ data team, she moved in October 2019 to the role of Director, Cyber Security and Digital Identity where she leads on the economic support for the cyber sector, the development of security approaches for consumer IoT, the government work on secure Smart Cities and Digital Identity in the economy. In 2020 she also led for DCMS on the Covid-19 response package for the Voluntary Sector.

A senior representative from the NCSC

Patrick Fox, Customer Success Manager for Europe, Middle East and Africa, Anomali
Customer Success Manager for the Europe, Middle East and Africa regions with Anomali. My role requires me to help our customers with the adoption, training & onboarding for the users of our Threat Intelligence Platform across EMEA.

Panel: Current trends in Cyber Security

David C Scott, Chief Security & Resilience Officer, Standard Life Aberdeen and Chair, IA Cyber Resilience Committee
David Scott is the Chief Security & Resilience Officer and is in charge of cyber & information security and business esilience at Standard Life Aberdeen. David joined Standard Life Aberdeen in 2009 from Bankhall Investment Management, where he was Operations & IT Director for 5 years. Prior to his time with Bankhall David held Executive and Senior Management IT roles at two Asset Management companies and a large global insurance and savings company.
David is a graduate of the University of St Andrews where he majored in Computational Science, as well as Strathclyde Graduate Business School. He is a Chartered IT Professional and a Fellow of the Institute of Directors.

Rohan Massey, Partner, Ropes & Gray
Rohan Massey is a leader of the firm’s Data, Privacy and Cybersecurity practice and focuses his practice on data protection, data security, e-commerce, and IT. As well as advising on complex global data protection and security compliance programs, Rohan also advises on issues of risk and value in relation to data and intellectual property in corporate transactions. Rohan’s expertise focuses on the intersection of the extra-territorial scope of national data protection laws and data transfer issues for multinational organisations. Rohan has advised on a number of leading breach data management cases, and has assisted clients in successfully obtaining BCR approval from EU regulators. His industry-focused expertise covers asset management and financial services; life sciences and clinical trials; as well as media, sponsorship, advertising, sales promotions, and intellectual property issues, marketing issues in the sports apparel and food and drink sectors. His client base is international in scope, as he works extensively across Europe, the U.S. and Asia.

Jenny Radcliffe, also known as “The People Hacker” is a world renowned Social Engineer, hired to bypass security systems through a no-tech mixture of psychology, con-artistry, cunning and guile.
A "burglar" for hire, she has spent a lifetime talking her way into secure locations, protecting clients from scammers, and leading educational simulated criminal attacks on organisations of all sizes in order to help secure money, data and information from those with genuine malicious intent.
Jenny is a sought after keynote speaker, panelist and moderator at major conferences and corporate events, both in-person and online, and is a multiple TEDX contributor. An entertaining educator, she is the go-to guest expert on the human element of security, scams, cons and hacks and has appeared on numerous television and radio shows, as well as online media and traditional press outlets.
She is also the host of the award winning podcast “The Human Factor” interviewing industry leaders, writers, bloggers, experts, fellow social engineers and ethical conartists about people and the stories connected to security. Jenny was recognised as one of the top 25 Women in Cyber in 2020 by IT Security Guru, and as a Top 50 Women of Influence in Cyber in 2019. She was nominated for the prestigious “Godmother of Security” award in 2020 and won the “Most Educational Security Blog 2020” and top 30 women in cyber/cyber leaders (pandemic leadership) 2021

John Harrison, Head of Information and Cyber Security, Charles Stanley
John has over thirty years’ experience within Financial Services. His career began in insurance, where his roles included underwriting, claims, pensions, and mortgages. John joined Charles Stanley to manage the IT Service Desk, and he subsequently built new teams to create a business facing IT service function. As the emphasis on information and cyber security grew, John became increasingly involved with this work before electing to pursue it as his chosen career. He created a new information and cyber security function at Charles Stanley and immersed himself in the subject, achieving a number of certifications. John is an active cyber security professional, collaborating with professional bodies and the City of London Police Cyber Crime Unit. He also raises awareness of cyber security by presenting to colleagues, clients and the wider community.

Panel: Horizon scanning an uncertain world

Don Randall, CEO, Don Randall Associates Limited
An internationally renowned and respected senior security expert with 51 years’ experience in the security industry at local, national and international levels. A former senior police officer specialising in fraud and counter-terrorism followed by 24 years in the private sector in investment banking, central banking and private consultancy.

Awais Rashid, Professor of Cyber Security, Department of Computer Science, University of Bristol
My research spans cyber security and software engineering. I focus on novel software modularity techniques that underpin software that is adaptable, evolvable and resilient in the face of changes and the volatile nature of user requirements and behaviours in the modern digital world. This naturally ties in with my cyber security research which focuses on developing tools and techniques that are adaptable to the constantly changing threat patterns utilised by criminals online. I am particularly interested in security of cyber-physical systems, such as, industrial control systems and Internet of Things. I am also a keen researcher of adversarial and non-adversarial behaviours pertaining to cyber security. I lead projects as part of the UK Research Institute on Trustworthy Industrial Control Systems (RITICS) and UK Research Institute on Socio-technical Cyber Security (RISCS), the National Centre of Excellence on Cyber Security of Internet of Things (PETRAS) and am a member of the UK Centre for Research and Evidence on Security Threats (CREST). I also lead research on readiness of software engineers and developers to work with new secure hardware as part of the ESRC Hub on Digital Security by Design (Discribe). I am a Fellow of the Alan Turing Institute. Prior to joining the University of Bristol, I was co-founder and co-director of the Security Lancaster Institute at Lancaster University.

Robyn Leader, ISO, Sarasin & Partners
Robyn has over 17 years’ experience within Financial Services. She moved to London in 2003 and joined a privately owned hedge fund as IT Manager. Robyn has always had an interest in information security and resilience which lead her into the role of Information Security Officer at Sarasin and Partners in 2010. She has a Business Degree in Information Systems Management through Massey University, New Zealand. A Certified Information Security Professional, CISSP. An active member of associated professional bodies.

A.J. Nash, Cyber Intelligence Strategist, Anomali
A.J. Nash is a cyber intelligence strategist and public speaker focused on building cyber intelligence programs that capitalize on disparate data and information to create and deliver tactical, operational, and strategic intelligence to protect personnel, facilities, data, and information systems. He has planned, designed, built, or consulted on the building and maturation of cyber intelligence programs for dozens of companies. A.J. provides training on intelligence tradecraft and standards, consults with clients creating or improving their intelligence capabilities, assists in the creation of organization-specific intelligence requirements, and delivers presentations on the fundamentals of cyber threat intelligence around the globe.