FC
Most boards still treat cyber security as a control function, owned by IT, reviewed quarterly, signed off through a risk register. The people actually breaking into banks and government buildings know that the organisation’s real exposure is rarely in the firewall configuration. It is in the receptionist who holds the door, the contractor badge that nobody checks, and the gap between the security policy on paper and the behaviour on the floor.
FC is an ethical hacker and co-founder of Cygenta who shows boards and executive teams how their organisations are actually breached, drawing on three decades of authorised break-ins to banks, government buildings and global corporations.
Full Profile
Why organisations work with FC
- He is one of a small number of speakers who can describe live, named-method physical and digital intrusion against the kinds of organisations sitting in the audience, because that is his day job at Cygenta.
- His Wiley-published book “How I Rob Banks” gives a senior audience a credible, written reference point for the work, with more than seventy documented intrusion accounts behind the keynote.
- He held the Head of Offensive Cyber Research role at Raytheon Missile Systems, which gives him a defence-grade perspective on nation-state threat actors that most commercial security speakers cannot match.
- He treats cyber security as a culture and behaviour problem, not a technology problem, which is the framing senior leaders need when they are asked to own cyber risk at board level.
- His material translates from technical demonstration to executive insight without losing either audience, which is rare in the cybersecurity speaker market.
Biography highlights
- Co-founder and co-CEO of Cygenta, a cyber security firm specialising in offensive testing, defensive consulting and security culture.
- Former Head of Offensive Cyber Research at Raytheon Missile Systems.
- Author of “How I Rob Banks: And Other Such Places,” published by Wiley in 2023.
- Featured on Darknet Diaries, Episode 66, one of the most listened-to cyber security podcasts globally.
- Mainstream media contributor including the BBC (Fake Britain) and ITV.
- Keynote speaker at named industry events including CPX360, CERN and Intersec.
Biography
The bank’s physical security policy is usually well written. The CCTV is monitored. The access cards are issued through HR. None of that has prevented FC from walking into the vault, more than once, in jurisdictions across the world, with the bank’s permission and a signed scope of work in his pocket.
That is the work behind “How I Rob Banks: And Other Such Places,” published by Wiley in 2023, which collects more than seventy authorised intrusion stories from a career spent breaking into banks, government buildings and multinational corporations to prove how their defences actually fail. The book is a practitioner record, not a thesis, and it is the most credible written artefact in the speaker market on the question of how breaches really happen.
The credibility behind the book is operational. FC is co-founder and co-CEO of Cygenta, the cyber security firm he runs alongside Dr Jessica Barker. Before Cygenta, he was Head of Offensive Cyber Research at Raytheon Missile Systems, working on the kind of nation-state threat picture that almost no commercial security speaker has direct line of sight to. He has briefed audiences at CPX360, CERN and Intersec, and his work has been profiled on the BBC, ITV and Darknet Diaries.
What a senior audience leaves with is a re-framed view of where their organisation is actually exposed. Cyber security as a board-level capability sits inside the human and procedural layer of the business. FC shows that layer being defeated, with the methods named and the lesson made specific to the people in the room.
Key speaking topics
- Cybersecurity as a board-level risk
- Physical penetration testing and social engineering
- Ransomware and phishing as operational threats
- Nation-state cyber activity
- Security culture and human behaviour
- Artificial intelligence in offensive and defensive security
Ideal for
- Boards, audit committees and CISOs reviewing cyber risk ownership at executive level
- Banking, insurance and critical infrastructure leadership teams hardening physical and digital defences
- Heads of internal audit, risk and operations responsible for security culture across the workforce
- Defence, government and regulated-sector audiences engaging with nation-state threat scenarios
Audience outcomes
- A specific picture of how attackers, both criminal and state-sponsored, actually get inside organisations like theirs
- A reframing of cyber security as a leadership and culture problem, with concrete examples, not as a technology checklist
- Named methods used in real-world physical and digital breaches, with the defensive lessons drawn from each
- A clearer view of where board oversight of cyber risk is currently failing, and what it should look like instead
Talks
A first-person account of authorised physical and digital intrusion against banks, drawn from the speaker’s Wiley-published book and live engagements.
Key takeaways:
- How real-world breach paths combine social engineering, physical access and digital exploitation
- Where bank-grade controls reliably fail in practice
- What boards and security leaders should change in response
A briefing on nation-state cyber capability and what it means for commercial organisations now operating inside that threat environment.
Key takeaways:
- How nation-state actors operate against private sector targets
- Where commercial security programmes underestimate the threat
- Practical posture changes for boards and executive teams
A live, demonstrated walkthrough of how phishing and ransomware attacks unfold inside an organisation, end to end.
Key takeaways:
- The actual mechanics of a successful spearphishing campaign
- How a ransomware incident escalates from foothold to full compromise
- The behavioural and procedural defences that hold up under attack
A practitioner view of how AI is changing the offensive and defensive cyber landscape for enterprise security teams.
Key takeaways:
- How attackers are using generative AI in social engineering and intrusion
- Where defenders can use AI without introducing new exposure
- What boards should be asking about AI risk inside their own organisations
Videos
Testimonials
Books
Fees
| EUR | GBP | USD | |
|---|---|---|---|
| Home Country | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| Asia Pacific | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| Europe | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| Middle East & Africa | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| South America | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| United Kingdom | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| US East Coast | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| US West Coast | €12000 to €40000 | £10,001 - £35,000 | $15000 - $50000 |
| Virtual | Under €12000 | Under £10,000 | Under $15000 |