I speak regularly to audiences from 100-1000+ on security and privacy topics. Interested? Please get in touch or learn more.

Next Up

A busy construction site laying the foundation for a sky scraper

AWS Public Sector Summit // Automated, Scalable, Pragmatic Security in the AWS Cloud

Security in the AWS Cloud is integrated into all aspects of your workloads. Security is a core pillar of the well-architected framework and teams that take advantage of modern building techniques will deploy resilient workloads by default. In this session, learn how security works in the AWS Cloud, the role played by AWS security services, how AWS Partner Network partners fit into the picture, and how existing public sector frameworks function when adapted to modern building techniques.


Business robot kicking human in the rear on the way out of an office

AWS Summit // Automating Your Security Fabric: Connecting AWS Services

AWS offers a number of security-focused services. In isolation, each solves a very specific challenge. Connect these services together and you have the foundations of a strong, automated, modern approach to security. This talk will help you make sense of the AWS security services and look at how you can combine them together to solve common security challenges with your workloads.

I also gave this talk at the AWS Summit in New York, Chicago, and Anaheim.

Paranoid person peering out form behind a set of slat blinds

Serverlessconf // Calling [email protected]*! On Security: A Cultural Challenge

Serverless designs open up a new way of building and a new way of doing business. Cybersecurity teams seem dead set on making sure that doesn’t happen. There is a ton of FUD–fear, uncertainty, and doubt–when it comes to how to approach the security of serverless applications. Why?

In this talk, we’ll examine the culture around this viewpoint and see how it aligns with the principles of modern cybersecurity. Is there a better way forward? How can you bridge the gap between perception and reality?

Team pouring over stats printed out on a table

Gartner // Security in a DevOps World

Organizations are adopting DevOps to seize market opportunities ahead of the competition. Building information security into this new development pattern is challenging. With real world examples, this session will help you to:

This talk was also delivered at the Gartner Security & Risk Management Summit in London, UK on Monday, 10-Sep.

Line up of robots with one upside down

AtlSecCon // The Paradox of Cybersecurity in Operational Technologies

IoT has moved beyond kettles, thermostats, and doorbells. Operational technologies (otherwise known as IIoT) like tractors, factories, healthcare devices, and even robots are helping to enable the fourth industrial revolution.

Companies that embrace these changes will lead the charge. Those that don’t will fall behind. These technologies lead to exciting new designs, leveraging the latest and greatest buzzword-laden offerings. Build on a clean slate, and you can drive strong security concepts into every layer of the system.

Unfortunately, these designs don’t get implemented in the real world. The real world of operational technology is messy. It’s dealing with years and years of technology decisions made with wildly different threat models. It’s trying to match technologies built with 20-year lifespans with defences that need to be updated minute-by-minute.

In this talk, we’ll examine the reality of operational technology deployments. How do we match modern cybersecurity practices with decades-old technologies and regulations? Can we? You’ll come away with a better appreciation of the challenges involved in securing operational technologies.

More info about this talk is available in this post.

Industrial robot working. #roguerobots

SXSW // Rogue Robots and the Potential for Cyberattack

Most people think that robots are either limited to lab experiments or to humanoid robots ready to start an uprising against the humans. Movies, TV, and sci-fi have shaped how we think of robots.

The reality is starkly different and more advanced than you think. In this talk, we examine the current state of industrial robots and the cybersecurity challenges they face.

Mark presenting to the audience. Slide displaying on the side displaying risk ratings for application components spilt screen on the right

AWS re:Invent 2017 // Securing Serverless Applications Step-by-step

Serverless applications let you focus on solving the problem at hand. Gone are most of the worries of traditional solutions. No more support code. No more building out infrastructure to deliver your application. This means you have to do less and get more in return. It also means traditional approaches to security aren’t even possible

This talk tackles the specific steps you need to take to build security into the fabric of these application within the AWS Cloud.

Mark presenting to the audience. Slide displaying on the side with, 'The state of serverless security is strong...maybe' displayed spilt screen on the right

ServerlessConf NYC // The State of Serverless Security

Serverless designs are changing the way we write applications. Removing most of the burden of operations and allowing a focus purely on the solution at hand. Unfortunately—at the same time—these designs have also challenged the fundamentals of cybersecurity. When you control none of the infrastructure and have minimal access to the code running your solution, how can you apply security controls?

In this keynote, we looked at this question and more.

Other talks in 2017