Greg van der Gaast
Former hacker, US gov't operative, CISO, author... But more importantly, something very different.
"The best security talk I have ever heard."
"Thought provoking."
"Completely different, much needed perspective."
"Engaging, inspirational, insightful."
"World class."
"Incredibly good."
"Epic talk."


A Different Kind of Security Talk
Everyone wants a hacker as a speaker. Greg was one and he'll be the first to tell you that experience is of little value to audiences (but does make for a great and often hilarious opener).
If, however, you want something completely different from a security talk, something thought-provoking, pragmatic, hard hitting, that completely shatters the status quo, look no further.
Greg presents radical ideas around security in simple, impactful, and often amusing anecdotes that not only make perfect sense to audiences ranging from technical to executive audiences, often leaving them stunned by the realisation presented and why they hadn't thought about them before.
It's no wonder he's more often than not rated the top speaker the events he participates in.
Whether you want to entertain and educate your board, your IT and Security teams, the audience of a security conference, or are a vendor looking for new value propositions to beat the competition, Greg is your man.
Something Very Different, for Every Audience


Greg got his start in security as a teenager who hacked a nuclear weapons facility and went on to work covertly for the US government.
He is frequently sought out for this background as an expert in security, but Greg is adament that these skills are of virtually no value to securing an organisation; organisations are not computers.
Instead Greg provides thought-provoking insights on how to achieve the outcome of security, rather than doing more and more costly "security work".
Greg takes the audience on a journey, full of easy to understand analogies, about how we must shift to focus on addressing why we have vulnerabilities in the first place, rather than forever increasing how much reactive risk-management work we do, and what this means for all parts of the organisation, and how people and technology can be leveraged more proactively to not just reduce risk, but increase quality, performance, and profitability.