Ryan has partnered with many global information security, risk, internal audit and general councils throughout his career. He has led specialist proactive and event-driven matters covering: cybersecurity strategy and execution, governance, e-crime investigations, compliance, data and technology advisory and assurance, IT resilience, incident response, data privacy, due diligence, ediscovery and regulatory compliance.
His global experience spans insurance, retail, private and investment banking, private equity, payment processing, construction, pharma, retail, oil and gas, technology, media, recruitment, airlines, hospitality, mining, manufacturing, professional services, and legal industries.
Ryan brings a fresh collaborative approach to solving the most complex challenges facing his clients exposed to cyber risks, helping them to:
- Navigate unknown and often evolving situations in responding to and investigating cyberattacks, IT fraud, and data breaches.
- Achieve security and privacy compliance goals across multiple frameworks, cultures and jurisdictions.
- Digest and prioritize security strategy, cost optimization, remediation roadmaps, and improvement programs.
- Rapidly understand cyber and technology risk arising from digital transformation, due diligence, 3rd parties and audits.
- Implement sustainable solutions across a variety of cyber technology domains, based on business risk appetite.
- Decode security requirements for emerging digital technologies such as cloud, blockchain, crypto currencies, AI, and IoT.
He has written articles and presented on security and privacy topics at events like IIA, ISACA, BCS, CIISec, RSA, IBM, Gartner, Cloud Expo, Defcon.
Before Ankura, Ryan set up Cyberian Defense, supporting virtual CISO, breach response and non-exec board positions; as well as partnering with Accenture on cyber insurance pre and post breach services.
Prior to Cyberian Defense, he was an EY equity assurance partner, leading EMEA cyber-crime, DFIR services and responsible for UK cyber services in TMT. Specific engagements include cybercrime investigations, cryptocurrency frauds, ransomware, BEC, breaches, software and shadow audits, insider threat programs, strategy reviews, cybersecurity audits, due diligence, and blockchain security.
Prior to EY, Ryan spent 10 years at Protiviti, establishing and growing the EMEA cybersecurity and privacy practice. Ryan was part of the global cyber leadership team. He led a regional team delivering end to end cybersecurity programs, penetration testing, IAM, PCI, GDPR, ISO 2700x compliance, technology risk and internal audit advisory ediscovery, digital forensics, and response projects.
Ryan began his career at Deloitte. For 10 years he delivered technical cybersecurity and general IT advisory services around the world across multiple industries and led their EMEA IAM services.
Ryan’s recent professional experience includes:
- Cybercrime & Fraud Investigations: Led global DFIR investigations with Internal Audit and General Council. Major cases include multi-million dollar cryptocurrency thefts, data breaches, price fixing, hacking, malware, ransomware attack incident response and remediation, counterfeiting goods, stolen intellectual proprietary, deliberate data destruction; identity theft, financial misrepresentation, data leakage, employee and payment fraud, payment card compromises and regulatory disclosure.
- Cyber Insurance: Security lead advisor for a multi-million-dollar end-to-end cyber insurance program covering pre and post breach services for a global Insurer and their client base.
- Security Strategy Design & Implementation: He led several security strategy initiatives assisting in security architecture design from business requirements gathering and risk assessments through to governance, design, implementation and operations covering solutions like Cryptography and PKI, BYOD, SCADA/ICS, SIEM/SOC, IAM, DLP, AV, Data Discovery, VM, Cloud security, and blockchain security.
- Cyber Security Assurance: Led numerous co-sourced consulting or internal/external audits covering penetration testing (internal, external, web apps, mobile, wireless), network security audits, compliance reviews, third party audits and due diligence exercises – benchmarking against standards like the GDPR, ISO27001-2, CESG Top Ten, UK, NIST, Cloud Security Alliance, EU DPA and FSA/FCA.
- Data Privacy Programs: Ryan led global EMEA data privacy audits and consulting engagements benchmarking privacy practices against regulatory requirements and industry good practices.
- Cyber M&A Due-Diligence: Led many due diligence projects pre and post deal helping investors understand risks, assessing integration plans and recommending security improvement programs.
- Security Training: Ryan has delivered cyber training to a variety of audiences sharing his knowledge and experience and making them accessible to both technical and non-technical audiences.
- Payment Card Security: Led EMEA PCI-DSS assessments for global Level 1 and 2 organizations. As a QSA and PFI, he advised on certification strategy and signed off ROCs as EMEA assurance lead. He consulted on risk management of ATM’s, credit and debit cards, smart cards, and payment processing.