Jeremy King, International Director - Europe, PCI Security Standards Council
Mr. King leads the Council’s efforts in increasing adoption and awareness of the PCI security standards internationally. In this role, Mr. King works closely with the Council and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback... from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through European markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors (ASVs), Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and related staff in supporting regional training, certification, and testing programs.
John Elliott, Director, Industry Standards, Mastercard
John is a member of the Industry Standards team at Mastercard. He participates in many of the PCI SSC working groups developing and maintaining various PCI Standards. Before joining Mastercard, John held senior information security roles in a variety of sectors including the financial services and airline industries. John’s involvement in the PCI standards and payment... security extends for over ten years - he started as a Qualified Security Assessor, worked for a European payment band as their PCI SSC representative and until recently was the chair of the UK Merchants’ PCI working group.
Geoff Forsyth, CISO, PCI Pal
Geoff is responsible for the overall information security and regulatory compliance of PCI Pal’s global services, including legal compliance, IT systems risk analysis, incident response planning and business continuity management. As a Fellow of the British Computer Society, Geoff has spent over 26 years working with internet and telecommunications services.
Laura Morgans, Information Security, Risk & Compliance Manager, Dr. Martens
Laura manages the global PCI DSS compliance work and information security risks at Dr Martens. She has contributed to setting out a global security compliance plan at the company, enabling Dr Martens to achieve compliance during the pandemic. Laura has a legal background with over 13 years’ experience in the third sector, with extensive experience of managing... risks across charities including project management for General Counsel and monitoring PCI DSS for income streams. Laura has worked within information security, data governance, volunteer management and retail trading including implementing controls and monitoring compliance programmes for over 40,000 volunteers and employees.
Paul Norris, Senior Sales Engineer, Tripwire
Paul “PJ” Norris has over 28 years of IT experience and 15 years working in the information security industry. In 2015, he joined Tripwire as a Senior Systems Engineer, providing pre-sales support to the UK & EMEA region across multiple industry verticals and international markets. Paul’s security expertise spans across the fields of e-discovery, forensics,... policy and compliance. He regularly contributes to Tripwire’s blog, The State of Security.
Veroniki Stamati, Information Security Lead, Skyscanner
Veroniki Stamati is an information security and privacy professional, who specialises within the area of governance, risk and compliance. Veroniki is responsible for Information Security and Privacy Engineering in Skyscanner, leading the implementation of security and privacy requirements in an agile manner across the organisation in order to respond to existing and... emerging cyber threats. Previously she led the PCI DSS, GDPR and information security programmes of ACCA from their inception, and before that she was working across a variety of industries advising up to CxO level on Information Security Management, Data Protection & Privacy compliance. In addition to technical expertise, she is also a public speaker and has previously been a member of Toastmasters. She studied Informatics in Aristotle University of Thessaloniki in Greece and obtained her Masters in Computing, IT Law and Management from King's College London in the UK
Iain Regan, Chief Revenue Officer, Semafone
Iain is Chief Revenue Officer at Semafone and is responsible for identifying and delivering new revenue opportunities and pioneering new markets. As Semafone’s Chief Revenue Officer Iain leads the sales, pre-sales engineering, partner and marketing teams responsible for revenue growth and market engagement worldwide. He has over 20 years’ experience in outsourcing,... technology and consulting industries; leading international teams for organisations including Firstsource Solutions, SITEL and HGS. Iain holds a degree in Science from Kingston University.
Simon Turner, PCI DSS Advisory for Cloud Services and Contact Centres (QSA), BT
A highly experienced technology and telco leader, Simon brings three decades of industry experience to the forefront having worked in numerous highly regulated roles. Working with BT’s most complex customers, Simon's background gives him valuable insights and practical experiences to support cyber security, compliance, risk management and governance... decisions. Simon's key leadership responsibilities include providing strategic guidance on the BT Consumer (BT, EE & Plusnet), Enterprise (Sales & Service) and BT Group businesses on security governance for customer contact services. At the same time, he supports the enterprise PCI DSS Program management across all payment channels and business units. Simon also provides BT representation at strategic industry stakeholder events.
Graham Thompson, VP Sales & Marketing, DataDivider Inc
Graham brings over 30 years of sales and marketing experience much of this in early technology startups. Graham leads the charge in DataDivider’s sales and marketing effort embracing the early adopters of DataDivider’s innovative solutions. For the past 15 years Graham has focused his career in early stage startups tackling compliance for both PCI DSS and Sarbanes... Oxley (SOX). At DataDivider he has helped the company transition from PCI DSS into managing Privacy Data for both GDPR (General Data Protection Regulation) and HIPAA (Health Insurance Portability & Accountability Act). Graham has been an active speaker throughout his career which has not only focused on compliance but on data management too. This combination gives great insight on how businesses manage privacy data today and the opportunities for managing this data in the future. Many of the startups Graham initiated continue to thrive today including Semafone, ClusterSeven and Gaine Solutions. Other companies were acquired where their products still generate considerable revenues including Rochade now at ASG and MDM at Informatica.
Connie Penn, Card Payments and PCI DSS Subject Matter Expert, Kilrush Consultancy Ltd
Connie is a hands-on practitioner specialising in all types of card processing & card acceptance at Point of Interaction [POI]. Connie has specialised in supporting merchants with their PCI DSS compliance since 2005, leading the Post Office PCI DSS programme from 2007 to compliance in 2010, the first major retailer in Europe to successfully certify compliance.... Since then Connie has specialised in helping SMEs with their compliance, piloting with Worldpay the channel by channel approach and soon to become known as the customised approach within v4.0 of the DSS, once finalised. Connie has attended the UK Merchant PCI Working Group meetings since it was founded in 2007, serving as its chair for 2 years. She is a subject matter expert on major card operating regulations & the individual requirements of UK Acquirers. Connie has extensive acquirer experience where in her earlier career she worked for three acquirers and maintained a strong relationship with the UK acquirers, through her consultancy role for UK Cards, from May 2005 to December 2016. As an independent consultant since 1993, Connie uses her wide-ranging operational & technical experience to apply governance to card strategy within organisations in a broad range of sectors including retail, hospitality and solution providers. Connie’s extensive knowledge of card standards enables her to make best use of new technologies & macro trends in retailing, while maintaining contractual obligations with acquirers to handle card payments in a secure & compliant manner. Between Feb 2012 to Dec 2016 Connie worked with the Cards Stakeholders Group (CSG) at the European Payments Council in Brussels, representing American Express, and was a major contributor to the SEPA Cards Standardisation volume “The Volume”. On 1st December 2020 Connie was invited to become an External Associate to the University of Northampton's Centre for Sustainable Business Practices (CSBP).
Scott Bridgen, GRC Consulting Director, OneTrust
Scott Bridgen serves as a GRC Consulting Director for OneTrust GRC– a purpose-built software designed to operationalise integrated risk management. In his role, Scott is responsible for driving the development and delivery of OneTrust's integrated risk management product as well as driving the refinement of the toolset and offerings. He advises companies throughout... their risk management implementations to establish processes to support operations and align with their enterprise objectives, including adopting industry best practices and adhering to requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG and more). Scott works with clients to realise the extent of their risk exposure, helping clients to map their digital infrastructure, assess risks, combat threats, monitor ongoing performance, and document evidence throughout the risk lifecycle.
James Moncrieff, Information Security Transformation Strategist
A diversely-experienced Information Security Leader and former Scotland Yard Detective and Intelligence Officer, James has a background spanning through Serious Investigation, Covert Operations and Intelligence in Law Enforcement before the full spectrum of GRC, Security Architecture, Operations and Strategic Leadership in Information Security. With two-decades spent... seeking the impossible by managing the most serious risks through lateral thinking and optimised control application, James has worked effectively in security transformation across multiple industries including Retail, Hospitality, Media and Her Majesty’s Government. As an outspoken Subject Matter Expert in Insider Threat Management and Human Intelligence, with the experience of innovation at both the sharp end of high-risk law enforcement and the transformation of low-budget, highly resistant security postures, James specialises in leveraging internal technical expertise to maximise efficiency through business and security alignment, and enabling secure evolution of even the fastest pace organisations through principle-based security.
Frederik Weidemann, Chief Technical Evangelist, Onapsis Inc
Frederik is a cybersecurity expert and Chief Technical Evangelist at Onapsis. He has presented over 50 times at SAP and security-related conferences including RSA, Troopers, SAPPHIRE, TechEd, SAPinsider, ASUG, DSAG, and OWASP. He has focused on SAP security for the last 14 years and is the co-author of the first book on secure ABAP programming. Frederik also frequently... writes articles on SAP security and has found numerous zero-day defects in mission-critical applications.
Craig Moores , Risk Advisory Practice Director, SureCloud
Craig is responsible for SureCloud’s Risk Advisory Practice including engagement scoping, consultancy delivery and client relationships. Craig was most recently part of the senior delivery team within a global cyber security consultancy, responsible for leading and delivering complex cyber security solutions aligned to strategic business objectives. Craig has broad... cyber security experience including a strong technical, software development and project management background, with particular strengths in the areas of information risk management, PCI DSS, strategic planning and business auditing. Craig is a certified CISSP, Lead Auditor and PCI DSS QSA.
Steve Dobson, Director - Information Security, ATCORE Technology Ltd
Steve is an experienced information security professional with a background in the development and implementation of high volume reservation and distribution solutions for tour, ferry and cruise operators. He is currently the Director of Information Security at ATCORE Technology, a global travel technology group. Steve’s primary role is to ensure compliance with... information security governance requirements, primarily PCI DSS and GDPR / DPA 2018. This has included defining InfoSec strategies, building the corporate ISMS, managing audits and InfoSec contract management; most recently being the development and roll out of Data Processing Agreements and defining the appendices for the GDPR Model Clauses. With his in-depth knowledge of systems design and implementation including; security, design, development, support, testing and live roll out he is also active within the corporate technology and marketing strategies.
Ashley Burton, Head of Product, Eckoh
Ash is an evangelist for world-leading technology solutions as well as a passionate advocate for innovation and digital transformation. He has spent the past 20+ years applying technology to improve customer experience and information security for many organisations. Today, Ash leads and curates Eckoh’s product roadmap... and fosters innovation for Eckoh to apply to improving contact centre performance and effectiveness as well as the agent and customer experience.
Stuart Golding, PCI Compliance Manager, Retail Organisations
Stuart is proud to be a considered a reputable Senior Leader in the Information Security industry with a proven history of success in pioneering and driving high-level strategies to ensure compliance with multiple standards and regulations (ie. PCI DSS, GDPR, Cyber Essentials, ISO27001) across a range of complex business landscapes. With over 35 years of industry... insight and 12 years’ experience in information security, Stuart supports businesses to demystify and comply with data security standards such as PCI DSS, GDPR and Cyber Essentials. He informs corporate strategic direction for protecting sensitive and confidential data, outlining key issues and risks and developing robust Governance structures and practices. Stuart has been actively involved in governing and managing PCI programmes with multiple UK based retailers for over twelve years, including WH Smith Group. He is passionate about keeping data security simple and demystifying the multitude of information security frameworks, focussing on the people and process elements of data security practices and controls, as well as the principles of security by design and security culture.
Simon Brady, Managing Editor, AKJ Associates Ltd
Simon is a former journalist, editor and publisher specializing in wholesale financial markets, particularly the technology intensive areas of derivatives, securities trading, cash management and FinTech. He has sat as an Executive Director on the main board of a FTSE-250 listed media company and has spent a lifetime travelling the globe talking to CEOs, CFOs and... government ministers about the trends driving business and finance. His experience has led him to look at cybersecurity as a key component of the value chain and to ask whether firms are really taking cyber threats seriously and why third-parties will force them to.
Johan Hagdahl, GCRS Director, SecureTrust
Johan is a part of SecureTrust’s Global Management Team, in addition to the management role Johan delivers compliance assessments, information security consulting, IT governance consulting, security gap analysis and risk assessments as a CISSP, CISA, CISM and Qualified Security Assessor, QSA including PA-QSA, QSA (P2PE) and PA-QSA (P2PE) enabling both solution provider... and application validations. He is also appointed the role as the director for PA DSS and P2PE globally, focusing on management, service delivery, methodology improvement and customer satisfaction efforts. Johan has extensive experience in the payment industry, breaking new ground on compliance validation techniques for complex merchants using encrypting systems. Johan has worked with end-to-end encrypting POS- and Backend-systems since long before the release of the P2PE standard, enabling small merchants and large retail chains to achieve PCI DSS compliance by using new techniques and assessment methodologies. He is regularly involved in complex multi-national assessments, providing guidance and helping companies interpret and understand the intent of various PCI DSS requirements, helping them achieve compliance through support in both documentation and in the choice of technical solutions. Through Johan’s work in the financial payment sector he has substantial knowledge of the transaction processing functions both nationally and internationally working at and with payment service providers and banks throughout EMEA, Americas and Asia. With over one and a half decade of experience of inter-banking processing and relations Johan has hands-on knowledge of the systems, stakeholders, requirements and challenges faced when operating on an international market.