Darren Hepburn, CISO, Network Rail Telecoms
Darren Hepburn is an Information and Cyber Security Professional with over 25 years’ experience in the public and private sectors. Over the last seven and a half years Darren has been employed with Network Rail as the Chief Information Security Officer (CISO). Working in the Telecoms side of the business he is responsible for defining and delivering the security strategy to protect the critical national infrastructure aligned to Telecoms and operational railway business areas (CCS and SCADA). He is also an active member in some of the European research areas looking at application of security for future rail systems.
Marc Silverwood, Digital Trains Programme Lead, Northern Trains Ltd.
Marc Silverwood is the Digital Trains Programme Lead at Northern Trains Limited with over 21 years of experience in the railway industry and across multiple disciplines. Marc currently manages the design and fitment of complex digital systems to Northern’s Rolling Stock and is an advocate for accelerating innovation and digital transformation in the railway. An experienced transport professional with an extensive track record of delivering results across the industry, Marc has a strong background in project management and has won multiple awards for delivering innovative solutions in railway operations. Marc holds a Diploma of Higher Education in Railway Operations from Glasgow Caledonian University and a NEBOSH General Certificate.
Joe Ferguson, SC-cleared Cyber Security Consultant, IL7 Consultancy
I am an SC-cleared Cyber Security Consultant with many years experience of MOD, HMG, NCSC security and policy development , particularly with Cloud first migrations. I am IT and OT cyber literate having risk assessed, risk assured Government on-prem and cloud applications as well as major infrastucture projects, including trains, planes and ship and submarines. I am currently working on contracts with the Home Office (DBS) and Govia Thameslink Railway. As a Senior Risk Analyst (Cyber, Software and Architecture) and with 20+ years’ security experience, primarily in UK central Government and critical IndustryLeader of cloud security (IaaS,PaaS, SaaS) projects/solutions across HMG with blue chip experience in private sector. I communicate on all levels with senior business board-level stakeholders as well as implementors and technical architects. Cloud First, Bespoke Last is the mantra but Cloud Security is critical and Governance, Compliance, Risk Management and Assurance are part of my DNA. I am a fully committed individual keeping up with technology, industry trends and business opportunities. As a Senior Member of the Chartered Institute of Information Security (CIISec), I own my own consultancy, IL7 – company has completed ‘Cyber Essentials” (4 years) and has worked to the NCSC CAF and/ Cabinet Office SPF. I have completed the Internal Auditor course for ISO/IEC 27001 and EU GDPR DPO training. Previous 17 years as PRINCE-certified Project Manager but now fully Agile.
George Copeland, Security and Information Risk Advisor and Programme Manager, Marlborough Consulting.
George Copeland MSc MBCS CITP, Marlborough Consulting
George is an accomplished advisor and practitioner, with significant experience leading change and a highly successful track record of mitigating cyber risk and delivering outstanding business results. His experience and expertise spans over 20 years and a wide range of business critical development and support environments, including operational and corporate technologies, across sectors and internationally for leading brands. Most recently, George has focused on cyber-physical system implementations for rolling stock and associated customer data and asset cybersecurity. His pragmatic approach to the introduction and achievement of best practice cybersecurity controls and management capabilities has been well received by clients in the railway industry. He holds a Masters Degree in Cybersecurity from Northumbria University London, UK and is an NCSC Certified Cybersecurity Practitioner.
NCSC Transport Team, presenter details to be announced
Jan Hohenauer, Deputy Chief Information Security Officer SBB AG, BSc and EMBA, University Fribourg, 2006
CISM certified. He has 20 years’ experience in Information Security: in consulting business he was engaged with Identity & Access Management, PKI, Security Operations and Web-Security. In 2003 he joined SBB leading Network Security meanwhile he founded the company-wide Center of Competence for Security. Later roles include strategic work for Telecom and Signaling departments. 2010 he joined the Information Security Team to lead the ICT-Risk Management and to enforce the integration of Operational Technology into the existing Information Security landscape e.g. in Gotthard Base-Tunnel. From 2014 on-going he is the Deputy CISO and right now he acts as a Service Leader in cyber@SBB – a program to strengthen the Cyber Defence Capabilities
George Bearfield, Health & Safety Director, Rock Rail
George joined Rock in January 2019 as Health & Safety Director covering Rock Rail’s asset management activities and other business operations. George has responsibility for all aspects of Rock Rail’s Safety Management Systems including safety assurance responsibilities for all fleets under its management. He has 25 years of experience in the health and safety arena.
George was previously the Director of System Safety and Health at the Rail Safety and Standards Board (RSSB) where he was responsible for RSSB’s work to support the rail industry in all aspects of its health and safety management and assurance processes and capabilities. George also played a key role in the setting of the national rail health and safety strategy and in delivering associated programmes, including sponsoring the successful relaunch of the national supplier qualification scheme, RISQS.
Prior to his work at RSSB he worked as a consultant on safety assurance of complex safety critical systems, following previous roles in the railway supply sector designing rail systems.
George has a PhD in Computer Science, specialising in railway risk modelling and is a Chartered Engineer, and a Fellow of the Safety and Reliability Society. He is the Visiting Professor of Railway System Safety at the Institute of Rail Research, Huddersfield and is an i100 partner with the National Cyber Security Centre.
Rüdiger Riediger, (Co)Head of Cyber Security, Bombardier Transportation
Responsible for implementing, monitoring, reviewing, maintaining and improving Bombardier Transportation (BT)'s Information Services Security Management System (ISSMS), based on ISO 27001 and CIS-CSC20, including the IT security risk management aligned to ISO 27005. Development and management of overall IT security strategy, composed of vulnerability management, threat protection, access controls, and service continuity framework. Development and management of cloud security strategy for virtual datacenter (Cloudburst, PaaS) and cloud services (SaaS) leveraging AWS and Azure, Establishing BT’s Identity and Access Management (IAM), outsourced Security Operations Center (SOC) incl. virtual CERT capabilities, and Public Key Infrastructure (PKI),Ensuring for BT in cooperation with involved 3rd parties that technical security measures are implemented as agreed, regularly reviewed, and compliant to internal and OSC requirements, Leading the awareness program regarding IT security within BT
Didier Van Oosthuyse, Enterprise Security Architect, Business & ICT Consulting, Belgian Public Transport Company
Didier Van Oosthuyse is a Security Consultant with over 25 years’ experience in various sectors like Finance, Transport, Education and Health Care. Didier is currently working for a Belgian Public Transport Company (aka “STIB - Société des Transports Intercommunaux de Bruxelles”) as Enterprise Security Architect and is also Security Lead for the STIB’s Unattended Train Operation Programme which aims to secure, among others, the Rolling Stock Assets, the Rail Signalling Systems and the Critical Network Infrastructure. Didier is a security enthusiast, member of the Belgian Cyber Security Coalition and holds several security certifications (CISSP, CCSP, CISM).
Léa Paties is Programme Manager at the Shift2Rail Joint Undertaking.
In 2010, she became Project Manager at UNIFE, the Association representing the interests of the European Rail Manufacturing Industry. After following the Association's research and innovation activities, including as Co-Secretary of the European Rail Research Advisory Council (ERRAC), she became the Project Manager of UNISIG, the consortium gathering the European ETCS suppliers. She was as well in charge of the political activities related to the promotion of ERTMS in Europe and Worldwide. Prior to that, she was a business analyst for an international consulting company, advising clients on funding opportunities.
Léa joined the Shift2Rail JU in March 2017 and is since then, in charge the Innovation Programme dedicated to "Advanced Traffic Management and Control Systems" which includes, amongst others, research activities related to automatic train operation, next generation communication system and cybersecurity.
Léa graduated in European Affairs and EU Project Management from the University of Strasbourg, France.
Giorgio Pizzi, Special Office for Guided Transport Systems, USTIF – Ministry of infrastructure and transport, Italy
Giorgio Pizzi has a degree in Electronic Engineering and a former 10 years long experience in management and security of IT systems. Since 2013 he is responsible of the “Special Office for Guided Transport Systems” (USTIF – Ministry of infrastructure and transport), competent on safety supervision and authorization of metros, tramways, local railways, cableways, elevators, escalators. He also serves as an executive for the Directorate General for Local Public Transport of the same Ministry. During this activity he has developed the interest for cybersecurity in transport systems, especially about co-engineering of safety and cybersecurity and integrated risk analysis. He is also a scholar in the field of digital transformation of transport and mobility, and in particular of new business models based on platforms.
Alfredo Giangregorio, Head of IT at GB Railfreight
Responsible for developing and implementing IT strategy to support the company's key objectives. Specialties: Support management, facilities management, and operations management.