Richard Hollis | SpeakerHub

Personal Details

Bio

Richard is the Founder and Chief Executive of Risk Crew - a unique London-based consultancy specialising in cyber security risk management, ethical hacking, and user awareness training.

A seasoned cyber security expert and ardent privacy rights advocate, Richard possesses over 30 years of “hands on” skills and experience in designing, implementing, and testing the security integrity of business information technology systems. He lives and breathes cyber security and understands how to simplify it and make it relevant.

Richard is a celebrated public speaker and seasoned trainer. He has presented to hundreds of audiences across the world on a wide variety of cyber risk management topics and techniques. As a recognised industry authority, he has published numerous articles and white papers and appeared on national and international broadcast news shows as well as being cited in a wide range of press including the BBC, MSNBC, Radio 4 and the Financial Times, Time magazine and various others. He is also a regular contributor to industry podcasts and publications such as Wired, SC, InfoSec and Security Penetration Testing magazines.

Current position (1)

Founder & Owner

Risk Crew

Degrees (1)

International Affairs

Amercian University

1982 to 1988

Presentations

Presentations (3)

The Circle of Failure: Why the Cybersecurity Industry does not work

The cybersecurity industry does not work. Say it out loud and you will feel better. This is a frank assessment of how and why our vendors, service providers and the businesses we work for have failed to meet the fundamental challenges of cyber security. It examines the commercial motives of each of these critical players and how we as consumers are caught in a “circle of failure”. When trying to protect our businesses. It considers what lessons we can learn from these design failures and what we must do to bring about real, meaningful change in our industry.

Vendors...or Attack Vectors?

Do the commercial products we deploy on your systems provide back doors to attackers? Was the Solar Winds breach an anomaly or a harbinger of things to come?
Commercial software has become extremely complex. We don’t know what it contains, what it runs, what it’s connects to or, what data it may be exfiltrating. We assume its security integrity but cannot verify it. The problem is one of economic incentives. The market rewards vendors who can quickly launch software with new features. It rewards products that covertly collect and transmit user data. The market does not reward security or privacy. The market does not reward transparency or resiliency. The market prioritises profit over security. Why do we fail to recognise this?
This presentation explores our significant reliance on vendors and the premise that the products we purchase from them do not provide attack vectors to our systems. It specifically highlights the vendors we purchase security products from to protect our system

Cybercrime: The Org Chart

To understand the power and professionalism of today’s cybercriminal organisations, we need only take a good look at its organisation chart. This talk deconstructs the modern cybercriminal organisation reviewing the roles, responsibilities and reporting lines associated with 12 key positions in an established CyberCrime.com business. Additionally, it presents the key roles in a cybercriminal “start-up” business to ensure its success. The content of this presentation is based on over 20 years of open-source and dark web available material along with publicly available law enforcement case documentation.