Open to speaking worldwide.
I'm available for keynotes, conference sessions, panels, podcasts, webinars and corporate workshops on identity security and the human side of cyber risk — anywhere in the world, on stage or online. Below are talks I'm ready to deliver, each adaptable to your audience and format.
Formats I deliver
Sessions run from a 20-minute lightning talk to a half-day workshop, and adapt for technical practitioners, security leaders, or non-technical executive and board audiences. Comfortable in person or fully remote, across time zones.
Talks I can deliver
Identity Is the New Perimeter
The network perimeter is gone; the new one is drawn around every identity. This talk cuts through the Zero Trust marketing to what it actually demands of an organisation — per-request decisions, least privilege, and identity as the control plane — and how to start without boiling the ocean.
- Why "inside the firewall" stopped meaning "trusted"
- The anatomy of a real per-request access decision
- A pragmatic first 90 days toward Zero Trust
When Attackers Log In, Not Break In
The biggest breaches of recent years didn't start with malware — they started with valid credentials, stolen tokens, and a phone call to the help desk. A tour of how identity became the primary attack vector, and what identity threat detection and response actually looks like in practice.
- The credential economy feeding modern intrusions
- Help-desk social engineering and MFA fatigue, explained
- Wiring identity signals into detection and response
The Non-Human Identity Reckoning
Service accounts, API tokens and AI agents now vastly outnumber human users — and are governed a fraction as well. Using real 2025 supply-chain breaches, this talk shows why machine identity is the next big risk class and how to get ahead of it.
- Why machine identities are privileged, persistent and unwatched
- Lessons from the OAuth-token supply-chain breaches
- Discovery, ownership and lifecycle for non-human identity
One Missing Control: What Breaches Teach the Boardroom
A non-technical, story-driven talk that turns the year's biggest breaches into clear lessons for leaders — why a single overlooked control can become a systemic crisis, and the handful of questions every executive should be asking their security team.
- How small identity gaps cascade into headline events
- Coverage vs. adoption — the metric that actually matters
- The questions boards should ask, in plain language
Governing AI Like You Govern Identity
AI agents are about to be the most privileged identities in your enterprise. This talk reframes AI governance from a legal exercise into a security and identity discipline — least privilege, scoped credentials and human-in-the-loop for systems that now act on their own.
- AI risk through a familiar security lens (NIST AI RMF, ISO 42001)
- Shadow AI, data leakage and prompt injection
- Treating AI agents as governed non-human identities
Privileged Access, Beyond the Vault
A hands-on workshop on moving from standing privilege toward just-in-time, zero-standing-privilege access — the single highest-leverage thing most organisations can do to shrink their attack surface. Practical, vendor-neutral, and built around real operating decisions.
- Why standing privilege is the real attack surface
- Designing just-in-time elevation that doesn't break operations
- A roadmap from vaulting to zero standing privilege
Don't see the exact angle you need? Every talk adapts, and I'm happy to build something bespoke for your audience and theme — including custom breach analyses tied to current events. The writing archive is a good guide to the depth and range I bring.
Invite me to speak
Tell me your audience, format and date — I'll come back quickly. Available worldwide, in person or virtual.