What does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that’s evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you’ve done the work beforehand.

Preparation Over Panic

Crisis management isn’t just a technical checklist—it’s a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions.

Containment, Communication, and Culture

Preparation leads naturally to containment—an organization’s ability to limit the damage. Whether it’s pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over.

Trust and Accountability in a Global Ecosystem

Digital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who’s responsible when things go wrong—becomes harder to establish, but more important than ever.

Looking Ahead

Wright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today.

___________

Guest: Steve Wright, Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

steve wright, sean martin, marco ciappelli, infosecurity, crisis, privacy, cybersecurity, resilience, communication, trust, event coverage, on location, conference

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.

The Power of the Crowd: Community, Policy, and Lifelong Learning

This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.

Maximizing the Experience: Prep, Participate, and Party

From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference

What if the key to cybersecurity isn’t more tech—but more humanity?

In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology.

Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently.

A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense.

He also pushes back against the industry’s obsession with tools for every symptom—drawing a parallel to big pharma’s model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis.

This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human.

___________

Guest: Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

rob black, marco ciappelli, sean martin, deception, cybersecurity, behavior, intent, resilience, infosec 2025, leadership, event coverage, on location, conference

In this episode, Amanda Finch, Chief Executive Officer of the Chartered Institute of Information Security, offers a perspective shaped by decades of experience in a field she has grown with and helped shape. She shares how cybersecurity has transformed from an obscure technical pursuit into a formalized profession with recognized pathways, development programs, and charters. Her focus is clear: we need to support individuals and organizations at every level to ensure cybersecurity is inclusive, sustainable, and effective.

Amanda outlines how the Chartered Institute has developed a structured framework to support cybersecurity careers from entry-level to fellowship. Programs such as the Associate Development Program and the Full Membership Development Program help individuals grow into leadership roles, especially those who come from technical backgrounds and must now influence strategy, policy, and people. She emphasizes that supporting this journey isn’t just about skills—it’s about building confidence and community.

A significant part of the conversation centers on representation and diversity. Amanda speaks candidly about being one of the only women in the room early in her career and acknowledges the progress made, but she also highlights the structural issues still holding many back. From the branding of cybersecurity as overly technical, to the inaccessibility of school programs for under-resourced communities, the industry has work to do. She argues for a wider understanding of the skills needed in cybersecurity—communication, analysis, problem-solving—not just coding or technical specialization.

Amanda also addresses the growing threat to small and medium-sized businesses. While large organizations may have teams and resources to manage security, smaller businesses face the same threats without the same support. She calls for a renewed emphasis on community-based solutions—knowledge sharing, mentorship, and collaborative platforms—that extend the reach of cyber defense to those with fewer resources.

In closing, Amanda urges us not to forget the enduring principles of security—know what you’re protecting, understand the consequences if it fails, and use foundational practices to stay grounded even when new technologies like AI and deepfakes arrive. And just as importantly, she reminds us that human principles—trust, empathy, responsibility—are vital tools in facing cybersecurity’s biggest challenges.

___________

Guest: Amanda Finch, CEO of the Chartered Institute of Information Security | https://www.linkedin.com/in/amanda-finch-fciis-b1b1951/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference

Dr. Jason Nurse, academic and cybersecurity behavior researcher, joins Marco Ciappelli at Infosecurity Europe to unpack the shift in cybersecurity thinking—away from purely technical measures and toward a deeper understanding of human behavior and psychology. Nurse focuses his work on why people act the way they do when it comes to security decisions, and how culture, community, and workplace influences shape those actions.

Behavior is increasingly taking center stage in security conversations, and for good reason. Nurse points to recent attacks that succeed not because of flaws in technology but due to the manipulation of individuals—such as social engineering tactics that target help desk personnel. These incidents highlight how behavioral cues and psychological triggers are weaponized, making it critical for organizations to address not just systems, but the people using them.

The conversation then shifts to artificial intelligence, particularly the growing issue of “shadow AI” in corporate settings. Nurse cites research from the National Cybersecurity Alliance’s Behavior Report, revealing that approximately 40% of employees who use AI admit to sharing sensitive corporate information with these tools—often without their employer’s awareness. Even more concerning, over half of those organizations offer no training on safe or responsible AI use.

Rather than banning AI outright, Nurse advocates for responsible use grounded in training and transparency. He acknowledges that some companies attempt to enforce boundaries by deploying internal AI systems, but these are often limited in capability. Others are exploring solutions to filter or sanitize inputs, though achieving a practical balance remains elusive.

The conversation also touches on the emotional and psychological bonds forming between individuals and AI. Nurse notes that users increasingly treat AI like a companion, trusting it with personal information and seeking advice, even in sensitive contexts such as mental health. That trust, while understandable, opens new avenues for misuse and misjudgment—especially when users forget AI lacks genuine understanding.

This episode prompts an important question: as AI becomes part of our daily routines, how do we maintain control, context, and caution in our interactions with it—and what does that mean for the future of security?

___________

Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

marco ciappelli, jason nurse, infosecurity europe, behavior, psychology, cybersecurity, ai, social engineering, workplace, trust, event coverage, on location, conference

Security teams often rely on scoring systems like Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) to make sense of vulnerability data—but these frameworks don’t always deliver the clarity needed to act. In this episode, Tod Beardsley, Vice President of Security Research at runZero, joins host Sean Martin at InfoSec Europe 2025 to challenge how organizations use these scoring systems and to explain why context is everything when it comes to exposure management.

Beardsley shares his experience navigating the limitations of vulnerability scoring. He explains why common outputs—like a CVSS score of 7.8—often leave teams with too many “priorities,” forcing them into ineffective, binary patch-or-don’t-patch decisions. By contrast, he highlights the real value in understanding factors like access vectors and environmental fit, which help security teams focus on what’s relevant to their specific networks and business-critical systems.

The conversation also explores SSVC’s ability to drive action through decision-tree logic rather than abstract scores, enabling defenders to justify priorities to leadership based on mission impact. This context-centric approach requires a deep understanding of both the asset and its role in the business—something Beardsley notes can be hard to achieve without support.

That’s where runZero steps in. Beardsley outlines how the platform identifies unmanaged or forgotten devices—including IoT, legacy systems, and third-party gear—without needing credentials or agents. From uncovering multi-homed light bulbs that straddle segmented networks to scanning for default passwords and misconfigurations, RunZero shines a light into the forgotten corners of corporate infrastructure.

The episode closes with a look at merger and acquisition use cases, where runZero helps acquiring companies understand the actual tech debt and exposure risk in the environments they’re buying. As Beardsley puts it, the goal is simple: give defenders the visibility and context they need to act now—not after something breaks.

Whether you’re tracking vulnerabilities, uncovering shadow assets, or preparing for your next acquisition, this episode invites you to rethink what visibility really means—and how you can stop chasing scores and start reducing risk.

Learn more about runZero: https://itspm.ag/runzero-5733

Note: This story contains promotional content. Learn more.

Guest: Tod Beardsley, Vice President of Security Research at runZero | On Linkedin: https://www.linkedin.com/in/todb/

Resources

Learn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzero

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Keywords: sean martin, tod beardsley, runzero, exposure, vulnerability, asset, risk, ssdc, cvss, iot, brand story, brand marketing, marketing podcast, brand story podcast

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.

The Power of the Crowd: Community, Policy, and Lifelong Learning

This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.

Maximizing the Experience: Prep, Participate, and Party

From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Saima Poorghobad, Portfolio Director at Reed Exhibitions | https://www.linkedin.com/in/saima-poorghobad-6a37791b/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

sean martin, marco ciappelli, saima poorghobad, infosecurity europe, cybersecurity, quantum, ai, policy, community, innovation, event coverage, on location, conference

As Infosecurity Europe prepares to mark its 30th anniversary, Portfolio Director Saima Poorghobad shares how the event continues to evolve to meet the needs of cybersecurity professionals across industries, sectors, and career stages. What began in 1996 as a niche IT gathering has grown into a strategic hub for over 14,000 visitors, offering much more than just vendor booths and keynotes. Saima outlines how the event has become a dynamic space for learning, collaboration, and strategic alignment—balancing deep technical insight with the broader social, political, and technological shifts impacting the cybersecurity community.

The Power of the Crowd: Community, Policy, and Lifelong Learning

This year’s programming reflects the diverse needs of the cybersecurity community. Attendees range from early-career practitioners to seasoned decision-makers, with representation growing from academia and public policy. The UK government will participate in sessions designed to engage with the community and gather feedback to inform future regulation—a sign of how the show has expanded beyond its commercial roots. Universities are also getting special attention, with new student guides and tailored experiences to help emerging professionals find their place in the ecosystem.

Tackling Today’s and Tomorrow’s Threats—From Quantum to Geopolitics

Infosecurity Europe 2024 is not shying away from bold topics. Professor Brian Cox will open the event by exploring the intersection of quantum science and cybersecurity, setting the tone for a future-facing agenda. Immediately following, BBC’s Joe Tidy will moderate a session on how organizations can prepare for the cryptographic disruption quantum computing could bring. Rory Stewart will bring a geopolitical lens to the conversation, examining how shifting alliances, global trade tensions, and international conflicts are reshaping the threat landscape and influencing cybersecurity priorities across regions.

Maximizing the Experience: Prep, Participate, and Party

From hands-on tech demos to peer-led table talks and new formats like the AI and Cloud Security Theater, the show is designed to be navigable—even for first-time attendees. Saima emphasizes preparation, networking, and follow-up as keys to success, with a new content download feature helping attendees retain insights post-event. The celebration culminates with a 90s-themed 30th anniversary party and a strong sense of pride in what this event has helped the community build—and protect—over three decades.

The message is clear: cybersecurity is no longer just a technical field—it’s a societal one.

___________

Guest: Geoff White, Author, Speaker, Investigative Journalist, Podcast Creator | https://www.linkedin.com/in/geoffwhitetech/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

marco ciappelli, sean martin, geoff white, cybersecurity, ransomware, laundering, crypto, hacking, journalism, infosec europe, event coverage, on location, conference