Meet the expert: Federico Iaschi to speak at #RISK London

Taking place on October 18 and 19 at EcXel London, #RISK London addresses the issues impacting organisational risk today, from Governance, Risk and Compliance (GRC), to Environmental, Social and Governance (ESG), organisational culture, and much more.

The event builds on the success of #RISK 2022, allowing organisations to examine the cumulative nature of risk, unite GRC specialities and share views with subject-matter experts.

Federico Iaschi is Head of Cyber Resilience and Observability at Virgin Media O2. He will be at #RISK London to discuss the scourge of phishing, how the malicious practice is evolving, and how organisations can mitigate risk.

We caught up with Federico to hear more about his career so far and for more on the issues on the table at his forthcoming #RISK London session.

Could you outline your professional pathway to date?

My journey in information security over the past 20 years has been an exciting odyssey that has empowered me to influence change and create secure environments. 

Starting as an IT Security Manager in the Italian Government, I then moved to the UK at Lavalin Atkins where I had the opportunity to manage global certifications and lay the foundational policies for risk management.

My time at Vodafone was a journey of innovation and collaboration, as I crafted a unified Global Information Security Strategy across 26 nations, raising the bar for ISO27001 implementation. My tenure at CSL Seqirus transformed me into a pioneer, as I had the chance to establish the Global Information Security Department from scratch. 

Now, in my current roles at Virgin Media O2, I am creating a safer digital world by enhancing Cyber Resilience and Observability, fortifying defences, and paving the way for streamlined operations.

Describe the current phishing attack landscape: what are the latest methods being employed by threat actors to disrupt organisational security?

A wise mentor once taught me, “To defeat your enemy, you must know them.” As businesses digitally transform, so do our adversaries - relentlessly seeking new ways to breach our defences. We must meet this challenge with vigilance, courage, and compassion.

Today’s phishing landscape is characterised by coordinated campaigns, precision targeting, and social manipulation. Threat actors have innovated faster than our protections. But where they see opportunity, I see hope. Every breach is a chance to learn, every victim an opportunity to educate. United, we can weather any storm.

This calling motivates me daily - to outthink those who seek to harm, to see dignity in every user susceptible to deception, and to build communities grounded in care and security best practices. With patient persistence, I believe we’ll get there.

What are key strategies businesses should be employing in order to mitigate risk?

For businesses aiming to safeguard their realms, it’s crucial to realise that cybersecurity is not just a shield but a continuously evolving, adaptive strategy. 

On the technological front, this means nurturing a landscape rich with state-of-the-art threat intelligence solutions, seamless automation, and unblinking monitoring systems for vulnerability detection. 

This must be paired with a human-focused approach – a kingdom is only as strong as its people. Hence, educating employees about evolving threats like phishing and social engineering, and training them to be the first line of defence, is paramount. 

Lastly, strong governance structures and risk management processes are the compass that guides this voyage, ensuring a consistently secure journey towards a secure and resilient future.