Kroll Associates UK
Nexus Place, 25 Farringdon Street
Ioan Peters is an Associate Managing Director in Kroll’s Cyber Risk practice, based in the London office. Ioan has nearly 20 years of experience leading transformative information technology projects that have better enabled business operations and managed risks in organizations as diverse as law enforcement, the UK government, and blue-chip companies. His experience includes serving as a representative of the UK Government, for which he has worked bilaterally and multilaterally as a senior manager and consultant on matters relating to intellectual property protection, both in the country and abroad.
Ioan joined Kroll from Airbus Group, where as Head of Security Audit, Corporate Security, he was responsible for ensuring the effectiveness of security controls across the Group, including critical human factors, in defending people, assets, and intellectual property from diverse external threats. In addition to implementing conventional audit measures, Ioan devised and deployed advanced techniques such as cyber-attack simulations; this methodology, which included the use of psychological strategies such as gamification, is currently being investigated as best practice by the UK Government.
Ioan had transitioned to Airbus Group after serving for three years as Head of the Security Consulting Practice with Regency IT Consulting, an Airbus subsidiary. During his tenure, Ioan completed engagements that improved information security within corporate, payment card (PCI DSS), and operational (ICS/SCADA) systems for many blue-chip clients operating at the highest threat levels, including Airbus Group, the European Patent Office, and major utility companies. His extensive expertise in IT architecture often enabled clients to build security into transformative business programs at the earliest stages. In this role, Ioan also carried the formal title of Security Controller, and was responsible for all aspects of Regency’s information security through human, physical, and technical domains.
From 2008-2012, Ioan served as Departmental Security Officer (DSO) for the UK Intellectual Property Office. Ioan established the entire security regime that protects the UK’s largest collection of sensitive intellectual property. With responsibility for technical, physical, and human security, he rapidly instituted a new set of policies in all of these areas and at all levels of the organization to achieve a more robust security culture. His efforts led the organization from noncompliance with government security standards to almost maximum compliance within two years and achieved certification against ISO 27001. It was during this time that Ioan successfully managed the response to the first denial of service attack against the UK Government in 2011 using a team assembled from the Police Central E-Crimes Unit, intelligence agencies, and the security services. Alongside Ioan’s role as DSO, he was also responsible for the technology underpinning the process by which patents are examined and granted in the UK. In this capacity, he regularly represented the UK within the European Union and United Nations, and at other international intergovernmental meetings.
Prior to serving in the UK IPO, Ioan was with the South Wales Police, the UK’s fifth largest police force, where from 2002-2008 he specialized in technical architecture and security controls. His projects included building a secure email and web access system for the force from the ground up and implementing a number of other systems which control access to intelligence systems; all of these systems are still in use today. Earlier in his career, at s8080 Digital Media and Sema Group, Ioan designed, delivered, and maintained secure, high-performance web-based software solutions for large organizations in both the blue-chip and public sectors.
Ioan is an acknowledged expert in his field (the Wall Street Journal has reported his work as a positive example of risk management in government), and often speaks to various professional groups on topics related to information risk governance.
- GIAC Information Security Professional
- Prince II Practitioner
- Qualified ISO 27001 Lead Auditor
- Enterprise Architecture (TOGAF V9.1)
- ITIL Foundation V3 & V2
Affiliations and Membership
- Institute of Information Security Professionals
Select Speaking Engagements
- Inaugural All Wales Cyber Security Conference, April 2015
- European Confederation of Institutes of Internal Auditing (ECIIA) Conference, 2015
- Gartner Security Summit, 2011