Toby Lewis

Why organisations work with Toby Lewis

• He holds a vantage point that has no real equivalent on the speaker circuit: founding member of the NCSC, former intelligence services practitioner, and now leader of a 100-person commercial threat analysis operation at Darktrace. The through-line from state-level intelligence to enterprise AI-powered defence is his alone.
• His analysis of AI in cybersecurity is drawn from active operational practice, not research. He leads the team at Darktrace that applies self-learning AI to live customer environments daily, meaning he knows precisely where AI reduces risk and where it creates false assurance.
• His NCSC career spanned the WannaCry attack: the event that transformed the cybercrime landscape from nation-state espionage to ransomware dominance. That firsthand account of that inflection point gives boards a concrete historical anchor for understanding the threat environment they are operating in today.
• As State Threats Task Force Member at the Royal United Services Institute, he works on the geopolitical dimension of cyber threat: which nation-state actors are active, and what commercial organisations in the crossfire need to understand.
• He has translated national security incident management methodology into practical frameworks that enterprise security operations can actually use, not as analogy, but as direct application.

Biography highlights

• Global Head of Threat Analysis at Darktrace, leading 100+ analysts across major global time zones
• Founding member of the UK’s National Cyber Security Centre (NCSC)
• Deputy Technical Director for Incident Management, NCSC – role responsible for coordinating UK government response to major cyber incidents
• Former British Intelligence Services: career began in nation-state espionage and APT analysis
• State Threats Task Force Member, Royal United Services Institute (RUSI)
• Expert commentator, BBC Radio 5 Live and BBC Newsnight; keynote speaker at WIRED Smarter, CyberUK, SANS CyberThreat, and Cheltenham Science Festival
• CISSP certified; MEng (Engineering), University of Bristol
• Lead contributor, inaugural CyberFirst Girls Competition

Biography

Nation-state espionage defined the early threat landscape that Toby Lewis entered. He spent those years inside the British intelligence services, working directly on state-level threats. When the UK established the National Cyber Security Centre, he was among its founding members, and went on to serve as Deputy Technical Director for Incident Management – the role that coordinated the UK’s national response to major incidents, including the period when WannaCry reshaped the entire cybercrime landscape from espionage to ransomware.

That career built something specific: the ability to read how a threat moves through an organisation once inside, not just how it gained entry. Since joining Darktrace in 2021 as Global Head of Threat Analysis, Lewis leads a team of over 100 analysts applying AI and machine learning to that same challenge; across enterprise environments, globally, in real time.

His approach to AI in cybersecurity is deliberately practical. Darktrace’s methodology is built on learning normal network behaviour and flagging deviations rather than cataloguing attacker signatures. Lewis has applied this model across the full threat spectrum. His concurrent role as State Threats Task Force Member at the Royal United Services Institute adds a geopolitical dimension: which actors are active, and what they are likely to target next.

Boards and risk leadership teams engage him because he can explain why most security operations are structurally positioned to fail at the moment they are needed most. What genuine operational readiness requires is the subject of his work, and the argument he makes on every platform he speaks from.

Key speaking topics

• Cyber threat intelligence and threat landscape analysis
• AI and machine learning in cybersecurity
• Incident management and security operations
• Nation-state threats and geopolitical cyber risk
• Ransomware and the evolution of organised cybercrime
• Security operations design and maturity
• Human factors in cyber defence

Ideal for

• CISOs, CTOs, and board-level risk and audit committees
• Security operations and incident response leadership
• Technology and risk leadership forums in financial services, critical infrastructure, and public sector organisations
• Senior leadership teams evaluating AI-driven security investment

Audience outcomes

• A clearer picture of how sophisticated threats develop inside enterprise environments, not just how they arrive
• Practical understanding of where AI-driven security genuinely reduces risk versus where it creates false assurance
• Grounded awareness of how nation-state threat actors operate and what this means for commercial organisations in adjacent industries
• A framework for evaluating incident response readiness against current and emerging threat profiles
• Insight into how national-level cyber defence methodology translates into enterprise security operations