55 Bishopsgate, 2nd Floor
London, England EC2N 3AS
Ryan Rubin is a Senior Managing Director at Ankura based in London. He brings over 26 years of global Big 4 and boutique experience to help clients holistically manage complex cyber and tech challenges from the boardroom to the network. He has a passion for helping others reduce their risks and making the digital and physical world safer to live in.
Ryan has partnered with many global security, risk, internal audit, regulators, and general councils throughout his career leading proactive and event-driven matters covering cybersecurity strategy and execution, crypto currency investigations and digital asset recovery, governance, cyber-crime investigations, compliance, data, and tech advisory and assurance, IT resilience, IR, data privacy, due diligence, and regulatory compliance.
Ryan’s global experience spans insurance, retail, fintech startups, private and investment banking, private equity, payment processing, construction, pharma, retail, oil and gas, technology, media, recruitment, airlines, hospitality, mining, manufacturing, professional services, and legal industries.
Ryan brings a fresh, collaborative approach to solving the most complex challenges for clients exposed to cyber risks and fraud, helping them to:
- Navigate unknown evolving situations, responding to and investigating cyber attacks, IT fraud, crypto thefts and recovery, and data breaches.
- Achieve security and privacy compliance goals across multiple frameworks, cultures, regulations, and jurisdictions.
- Digest and prioritize security strategy, cost optimization, remediation roadmaps, and improvement programs.
- Rapidly understand cyber and technology risk arising from digital transformation, due diligence, third parties, and audits.
- Implement sustainable solutions across a variety of cyber technology domains, based on business risk appetite.
- Decode security requirements for emerging digital technologies such as cloud, blockchain, crypto currencies, AI, and IoT.
Ryan has written articles and presented at events like IIA, ISACA , BCS, CIISec, RSA, IBM, Gartner, Cloud Expo, and Defcon. Recent speaking engagements have included Crypto 101, security in decentralized finance (defi) organizations, ransomware response and payments, a walkthrough of a cryptocurrency heist, cyber insurance and security, crypto disputes and crimes, and DFIR 101.
Before Ankura, Ryan founded Cyberian Defence, supporting the virtual CISO, breach response, and non-executive board positions, as well as partnering with Accenture on cyber insurance pre- and post-breach services. Prior to Cyberian Defence, he was an EY equity assurance partner, leading EMEA cyber crime, DFIR services, and was responsible for UK cyber services in TMT. Specific engagements included cybercrime investigations, cryptocurrency frauds, ransomware, BEC, breaches, software and shadow audits, insider threat programs, strategy reviews, cybersecurity audits, due diligence, and blockchain security. Prior to EY, he spent 10 years at Protiviti, where he established and grew the EMEA cybersecurity and privacy practice and was part of the global cyber leadership team. He led a regional team delivering end to end cybersecurity programs, penetration testing, IAM, PCI QSA advisory and audits, GDPR, ISO 2700x compliance, technology risk and internal audit advisory, e-discovery, digital forensics, and response projects. He began his career at Deloitte, where for 10 years he delivered technical cyber security and general IT advisory services around the world across multiple industries and led the EMEA identity and access management service line.
Ryan’s recent professional experience includes:
- Incident Response Services: Providing proactive retainer services helping plan for, react, and respond to incidents on IT and operational assets. Cases have included ransomware, threat intelligence, EDR deployments and containment, APT attacks, business email compromises, Cloud attacks, M365 breaches, data breaches.
- Cybercrime and Fraud Investigations: Led global DFIR investigations in EMEA with internal audit and general council clients. Multiple business email compromise investigations, multimillion dollar crypto currency thefts and recoveries, ransomware response including regulatory response, negotiations and crypto payment strategies, data breaches, price fixing, hacking, malware, ransomware attack response and remediation, counterfeiting goods, stolen intellectual proprietary, deliberate data destruction, identity theft, financial misrepresentation, data leakage, employee and payment fraud, payment card compromises, and regulatory disclosure.
- Crypto Investigations: Crypto asset transaction tracing linked to frauds, cyber attacks or regulatory enquiries related to NFT thefts, payments, ransomware and extortion cases, and asset recovery for liquidation purposes.
- Cyber Insurance: Security lead advisor for a multimillion-dollar end to end cyber insurance program covering pre- and post-breach services for a global insurer and their client base. Client base included multiple global firms and offered services including threat intelligence as well as pre-insurance risk assessments.
- Payment Card Security: Led EMEA PCI-DSS assessments for global level 1 and 2 organizations. As a QSA and PFI, advised on certification strategy and signed off ROCs as EMEA assurance lead. Consulted on risk management of cryptographic keys, ATM’s, credit and debit cards, smart cards, and payment processing.
- Security Strategy Design and Implementation: Led several security strategy initiatives assisting in architecture design from business requirements gathering and risk assessments through to governance, implementation, and operations covering solutions like Cryptography and PKI, BYOD, SCADA/ICS, SIEM/SOC, IAM, DLP, AV, Data Discovery, VM, Cloud security, and Blockchain security.
- Virtual CISO Services: Supporting general cyber security consulting services including third party assurance, cyber maturity assessments and threat intelligence, risk management, incident response, vulnerability management, security event management, internal audit, business continuity, and disaster recovery.
- Cyber Security Assurance: Led numerous co-sourced consulting or internal/external audits covering penetration testing (internal, external, web apps, mobile, wireless, cloud), operational technology security, network security, compliance reviews, third party audits, and due diligence exercises, benchmarking against standards like the GDPR, ISO27001-2, CESG Top 10, UK, NIST, Cloud Security Alliance, EU DPA, and FSA/FCA.
- Data Privacy Programs: Led global EMEA data privacy audits and consulting engagements benchmarking privacy practices against regulatory requirements such as GDPR, UK DPA, and industry good practices (NIST-P).
- Cyber M&A Due Diligence: Led due diligence projects for private equity clients pre- and post-deal helping investors understand risks, assessing integration plans, and recommending security improvement programs.
- Cyber Security and Privacy and IT Risk Training: Delivered training to a variety of audiences sharing knowledge and experience and making accessible to both technical and non-technical audiences.
- MSc, Computer Science, University of Witwatersrand (South Africa)
- BSc, Hons., Computer Science, University of Witwatersrand (South Africa)
- BSc, Computer Science and Computational Applied Mathematics, University of Witwatersrand (South Africa)
- Full Member Chartered Institute of Information Security (CIISec)
- Certified Information Security Manager (CISM)
- Certified Information Security Professional (CISSP)
- PCI Professional (PCI-P)
- CipherTrace Crypto Tracing Examiner (CTCE)
- Certified Cryptocurrency Forensic Investigator (CCFI)
- Economics of Blockchain and Digital Assets (Wharton Business School)
- Association of Certified Fraud Examiners (CFE)
- Member of the British Computer Science Society (BCS)
- Gold Member of the Information Systems Audit and Control Association (ISACA)