Tom Harvey

Head of Cyber Product Management, Risk Management Solutions

Tom Harvey leads product management for the RMS cyber model having joined the company six years ago. In 2016 he worked alongside the University of Cambridge’s Centre for Risk Studies and a team of industry partners to define and release the industry’s first cyber exposure data standard. He has since partnered with many of the leading cyber insurers to improve their quantification of cyber risk and managed the development the industry’s first probabilistic cyber catastrophe model.

Prior to joining RMS, Tom was at Hewlett Packard Software (HPS) in the European consulting team, working closely with several FTSE 100 companies within the energy and finance sectors to support the adoption of HP’s IT management and security products. Tom holds a BSc (Hons) from the University of Leeds in Biochemistry and Bio-informatics.


Erin Burns

Concinnity Risks

How can technology bring people together offline and improve lives? That is what Erin tries to answer through her ideas, projects, and explorations of technology. Community drives her passion for technology. To that end, she developed Extraqueericular.com, on online platform connecting the LGBTQ+ community to LGBT-friendly services and events. Her interests lie in web application development and security. You can follow her on Twitter.

Software Liability, Hackbacks, and Deep Fakes

View Erin’s presentation

A brief overview of three emerging topics in cyber risk, all in need of quantification, and with the potential for disrupting the current norms.

Justin Clarke-Salt

Managing Director, Cyber Security, Aon Cyber Solutions

Justin Clarke-Salt is a Managing Director in Aon’s Cyber Solutions. He is in charge of Aon’s proactive business development and partnership efforts for the Security Advisory and Security Testing practices for EMEA (formerly parts of Stroz Friedberg and Gotham Digital Science). Justin also oversees the Red Team services and capability development within the firm, as well as directly overseeing individual client engagements globally in his role as a CREST Certified Simulated Attack Manager (CCSAM) for regulatory Red Team testing such as CBEST, iCAST, and TIBER.

Justin has more than 21 years of experience providing organisations with security and risk management services. He is an internationally recognised expert in the field of information security. He has assisted Fortune 500 and FTSE 250 corporations with information security assessment and advisory services, including the management and running of compliance focused security testing programmes for some of the largest financial services organisations in the world.

Justin is a published author in the areas of application and network security, including as the lead author/technical editor of SQL Injection Attacks and Defenses (Syngress 2009, 2nd Edition 2012), co-author of Network Security Tools (O’Reilly 2005), and a contributing author to Network Security Assessment, 2nd Edition (O’Reilly 2007), as well as a speaker at various security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA and SANS. Justin is also an active member of OWASP, having recently stepped down from chairing the OWASP London chapter for over seven years.

War Games, Simulations, and Scenarios: Preparing Organisations for Long Term Cyber Resilience

View Justin’s presentation

You can’t know that something will work in a certain scenario until you test it. But how can you test your cyber resilience plans to give you assurance? Drawing on Aon’s experience of multiple facets of war gaming, conducting simulations and exercising scenarios we will explore ways to approach the problem – from looking at scenarios from the financial perspective, to exercising plans at the management or board level, to limited or full scale simulations and tests.

We will draw on our experience from numerous cyber risk engagements and matters with clients, and discuss war stories of how the unexpected and unforeseen will often be teased out via the process of scenario-based simulation.

Dr Jennifer Daffron

Cyber Research Lead, Cambridge Centre for Risk Studies

Dr Jennifer Daffron is the Cyber Research Lead at the Cambridge Centre for Risk Studies. Her research interests include defining and exposing cyber threat vulnerabilities on organisational and human behavioural platforms. Jennifer holds a PhD in Experimental Psychology from the University of Cambridge.

Cybergeddon vs. Cybertopia: Key variables in determining the future of cyber risk

View Jennifer’s presentation

The cyber risk landscape changes daily, making projections about the tomorrow difficult, let alone the next 10 years. The variable nature of cyber risk means that the potential futures concerning it can fall anywhere from a ‘cybergeddon’ to a ‘cybertopia’. This presentation aims to give insight to attendees on the variables that are key to determining which futures are developing.