Thom established himself as CISO at large global organisations, having founded their security teams and services from the ground up. He is an information security professional, award winning blogger, industry commentator and international speaker. Available as a speaking head and presenter on topics relating to information security, risk management and compliance. Thom lives in the beautiful countryside of Chippenham in Wiltshire (UK).
As Chief Information Security Officer of Publicis Groupe, Thom was responsible for all aspects of information security risk and compliance as well as managing the Groupe Information Security Programme. Additionally the role was responsible for business continuity capabilities across the Groupe’s global operations.
Having successfully built security and IT programmes from the ground up Thom brings an often opinionated and forward thinking view of security risk, both in assessments and management, but is able to do so with humour and pragmatism (mostly).
An international public speaker and award winning security blogger, Thom contributes to a number of industry blogs and publications. Thom is also the sole founder of Host Unknown, a loose collective of three infosec luminaries combined to make security education and infotainment films. Thom can be found online at both thomlangford.com and @thomlangford on Twitter.
Information security doesn’t have to be hard; it isn’t a straightforward topic, but it can be made simple. It was this principle that Thom believes the vast majority of companies can benefit from. By establishing a few key principles, such as governance, reporting lines and even the vision of what security is going to do for you, the rest falls into place.
Using an industry unique 10 step approach to establishing a high performing security organisation that actually supports the business rather than hinders it, (TL)2 Security is able to help you demonstrate your value to the business as well as a significant return on investment.
We hold these values close; they drive our actions and our attitude. Without them we are doing security for the sake of it, not because we can help make a fundamental change for the betterment of all through our judicious and principled use of security.
- Openness and honesty. This is the only way both our clients and we can improve. We choose not to deny the gift of improving each other, however hard that conversation will be, and we do it with honesty and integrity.
- Outcome focussed decision making. We focus on what is right for the client or the situation. We take difficult decisions and stand by them, but learn from our mistakes. We operate fearlessly and hold ourselves accountable.
- Security isn’t funny, but it can be fun. Humour creates a visceral change in people that makes for long lasting behavioural transformation.