What does it really mean to be crisis-ready? In this conversation from InfoSecurity Europe 2025, Steve Wright—a data privacy and cybersecurity leader with three decades of experience spanning Siemens, Unilever, John Lewis, and the Bank of England—joins Sean Martin and Marco Ciappelli to unpack the heart of effective crisis management. With a career that’s evolved from risk, through cybersecurity, and now into privacy, Wright offers a refreshingly grounded perspective: crisis management starts with staying calm—but only if you’ve done the work beforehand.

Preparation Over Panic

Crisis management isn’t just a technical checklist—it’s a cultural discipline. Wright emphasizes that calm only comes from consistent practice. From live simulations to cross-functional coordination, he warns that too many organizations are underprepared, relying on ad hoc responses when a breach or outage occurs. Drawing on a real-life ransomware scenario from his time at John Lewis, Wright illustrates the importance of verification, collaboration with law enforcement, and informed decision-making over knee-jerk reactions.

Containment, Communication, and Culture

Preparation leads naturally to containment—an organization’s ability to limit the damage. Whether it’s pulling cables or isolating systems, quick thinking can prevent weeks of downtime. But just as important is how you communicate. Wright points to the contrast between companies that respond with transparency and empathy versus those that go silent, risking public trust. Modern crisis management requires the ability to shift the narrative and speak directly to affected stakeholders—before speculation takes over.

Trust and Accountability in a Global Ecosystem

Digital trust has become a board-level concern, not just a technical one. Wright notes that conversations with executives have moved beyond compliance to include broader questions of data ownership, consumer expectations, and supply chain accountability. As global systems grow more complex, clarity about who owns what—and who’s responsible when things go wrong—becomes harder to establish, but more important than ever.

Looking Ahead

Wright ends with a look to the future, imagining a world where individuals control their data through biometric locks and personal data brokers. Whether this utopia (or dystopia) arrives remains to be seen—but the path forward demands organizations prioritize practice, transparency, and trust today.

___________

Guest: Steve Wright, Data Protection Officer, Financial Services Compensation Scheme | https://www.linkedin.com/in/stevewright1970/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

steve wright, sean martin, marco ciappelli, infosecurity, crisis, privacy, cybersecurity, resilience, communication, trust, event coverage, on location, conference

Jemma Davis, founder of Culture Gem and a security behavior and culture transformation consultant, brings a deeply human approach to cybersecurity in this compelling episode. Her mission is simple yet powerful: make cybersecurity understandable and actionable for everyone—including her Nan. If her Nan can get it, anyone can.

This episode challenges the perception that security is primarily a technical domain. Davis argues that real resilience starts with people, not blinking lights or shiny boxes. Too often, security messaging is shrouded in jargon, acronyms, and fear—an approach that isolates the very people it aims to protect. Davis instead emphasizes practical education through relatable stories, real-life consequences, and everyday analogies, such as the “digital dark alley” and the importance of recognizing a cyber threat like we would recognize the sound of a smoke alarm.

She critiques the current imbalance in cybersecurity budgets—where less than 1% goes to human-focused initiatives—and underscores the cost of that neglect. From supply chains disrupted by a phishing email to everyday citizens targeted in scams, Davis points out that people aren’t just the problem; they’re the frontline defenders. She calls for cultural shifts in organizations that reframe security from a compliance checkbox to a personal and collective responsibility.

A particularly powerful part of the conversation addresses the failure to reach young people early. With just one hour of cybersecurity education per year in UK primary schools, Davis sees a missed opportunity to build a new generation of security-minded citizens. She shares her admiration for children’s book author Wendy Goucher and proposes public campaigns akin to “Smokey the Bear” or “Ask for Angela” to normalize cybersecurity awareness from childhood.

Davis doesn’t just highlight the gaps—she shares a vision for fixing them. One that includes marketing, storytelling, and empathy. Because when people understand how cybersecurity affects them personally, they don’t just comply—they care.

___________

Guest: Jemma Davis, Founder and CEO. Security Behaviour and Culture Change Consultant, Culture Gem | https://www.linkedin.com/in/infosecjem/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

jemma davis, marco ciappelli, cybersecurity, behavior, education, culture, awareness, storytelling, infosecurity europe, training, event coverage, on location, conference

What if the key to cybersecurity isn’t more tech—but more humanity?

In this On Location episode of ITSPmagazine, Rob Black—UK Cyber Citizen of the Year and founder of the Global Institute of Cyber Deception—joins hosts Marco Ciappelli and Sean Martin to challenge conventional thinking around cyber defense. With a background spanning military operations and human sciences, Rob brings a fresh perspective that prioritizes multidisciplinary thinking, behavioral insight, and creative disruption over brute-force technology.

Rob highlights the importance of soft skills and critical thinking through initiatives like the UK Cyber Leaders Challenge, where students take on crisis simulation roles to sharpen leadership and communication in real-world scenarios. These experiences underscore the need to cultivate professionals who can think dynamically, not just code efficiently.

A key focus of the conversation is the strategic use of deception in cybersecurity. Rob points out that while organizations obsess over vulnerabilities and zero-days, they often overlook attacker intent. Instead of just locking down infrastructure, defenders should disrupt decision-making—using tools, tactics, and even perception itself to sow doubt and hesitation. From publicizing the use of deception technologies to crafting networks that appear already compromised by rival threat actors, Rob argues for a smarter, more psychological approach to defense.

He also pushes back against the industry’s obsession with tools for every symptom—drawing a parallel to big pharma’s model of selling treatments without tackling root causes. If cybersecurity is to become more resilient, he argues, it needs to embrace a systems mindset that includes governance, behavioral science, and even cultural analysis.

This episode is a must-listen for anyone tired of buzzwords and ready to rethink cybersecurity as a socio-technical system—not just a digital one. From geopolitics to psychology, deception to diplomacy, Rob Black connects the dots between how we live with technology and how we must protect it—not just through code, but through creativity, context, and compassion. Listen now to explore how cybersecurity can grow up—and get smarter—by getting more human.

___________

Guest: Rob Black, Director, UK Cyber Leaders Challenge | https://www.linkedin.com/in/rob-black-30440819/

Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com

Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com

___________

Episode Sponsors

ThreatLocker: https://itspm.ag/threatlocker-r974

___________

Resources

Learn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25

Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf

Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us

___________

KEYWORDS

rob black, marco ciappelli, sean martin, deception, cybersecurity, behavior, intent, resilience, infosec 2025, leadership, event coverage, on location, conference