Greg van der Gaast
Former Hacker, US Gov't Operative, Author, and now advisor and strategist.
"The best security talk I have ever heard."
"Thought provoking."
"Completely different, much needed perspective."
"Engaging, inspirational, insightful."
"World class."
"Incredibly good."
"Epic talk."
A Different Kind of Security Talk
Greg presents in simple, impactful, and often amusing anecdotes that make sense to non-technical and executive audiences, but also make technical security practitioners think in new contexts and open powerful realisations that just because the security industry dictates an approach, that doesn't mean it's what's best for us or our organisations.
The core focus is that security should not be an ever-increasing "risk management" silo, but rather a powerful business quality function that reduces how much cyber risk businesses generate in the first place (because security vulnerabilities are all forms of quality defects, ranging from code to business process).
This latter approach doesn't just reduce risk throughout businesses but often also improves their efficiency and profitability - something completely at odds with the current perception of security as a cost-centre.
As a result, there is something for everyone in Greg's presentations:
Company Boards:
Security Conferences:
Vendor Events:
Something for Every Audience
Greg got his start in security as a teenager who hacked a nuclear weapons facility and went on to work covertly for the US government.
He is frequently sought out for this background as an expert in security, but Greg is adament that these skills are of virtually no value to securing an organisation; organisations are not computers.
Instead Greg provides thought-provoking insights on how to achieve the outcome of security, rather than doing more and more costly "security work".
Greg takes the audience on a journey, full of easy to understand analogies, about how we must shift to focus on addressing why we have vulnerabilities in the first place, rather than forever increasing how much reactive risk-management work we do, and what this means for all parts of the organisation, and how people and technology can be leveraged more proactively to not just reduce risk, but increase quality, performance, and profitability.