Andrew Rose

Resident CISO, EMEA



Andrew Rose is Resident CISO for the EMEA Region at Proofpoint. His focus is driving Proofpoint’s people-centric security vision, strategy and initiatives amongst the company’s customer base, bringing hands on experience, knowledge and perspective in managing risk and improving cyber security posture across complex enterprises. Andrew was previously Chief Security Officer of Mastercard subsidiary Vocalink, who are responsible for much of the UK’s instant and bulk payments covering over 90% of UK salaries, over 70% of UK bill payments and nearly all UK benefit payments.


Andrew brings with him a wealth of additional industry expertise from a number of CISO roles including at the UK’s Air Traffic Control provider, NATS, where he oversaw a security transformation and contributed to the design of the next generation air traffic control system.  Andrew has also held CISO roles at top tier global law firms Allen & Overy LLP and Clifford Chance LLP and was a Principal Analyst at Forrester Research where he covered the role of the CISO and Security Culture and Awareness as two of his specialty areas.


A familiar face in the UK and European cybersecurity community, Andrew was recognised as “European CISO of the year” at the SC Media Europe Awards 2018 and has previously won awards for devising and leading the “Best security awareness program” (UK Cyber Security Awards 2015).


Andrew holds a Master’s degree in information security and is a regular speaker at global security conferences.

Speech Topic & Synopses
An Overdue Shift to People-Centric Security

TOPIC: How to get more information from threat-intel data


The forces of digital transformation are reshaping work and cyber trends at light speed.
As your organisation increasingly outsource its data centres and enable remote working, your people are your new perimeter. But do you know when or how your executives are being targeted? Do you know who the most cyber attacked people in your organisation are? Are your Very Attacked People the same your Very Important People ? And do you know how your Very Attacked People overlap with behavioural vulnerabilities and access privileges?

More than 99% of all targeted cyber-attacks exploit human errors rather than system flaws. You need to protect your companies greatest assets– its people, and the data that they have access to. You must have visibility into the risky behaviours that indicate that your people may fall for a modern, socially-engineered attack. The only way to successfully combat today’s advanced attacks is to focus on protecting your people. This session will explain why the shift to people-centric security is relevant, urgent, and long overdue. We will introduce the new people-based threat intelligence required to prioritise, implement, and evolve your people-centric cybersecurity strategy.