Glenn Wilkinson
Most boards still treat cybersecurity as a compliance line item managed by the CISO. The attackers do not. They move faster than procurement cycles, exploit the gap between IT controls and human behaviour, and turn ransomware into an operating crisis within hours. Leadership teams need a sharper feel for how attackers actually work, not another framework.
Glenn Wilkinson is an ethical hacker and Agger Labs CEO who shows boards how real attackers compromise organisations, and what changes when cybersecurity is run as a leadership discipline rather than an IT function.
Full Profile
Why organisations work with Glenn Wilkinson
- He performs live attack demonstrations on stage, including the bank-compromise walkthrough that has anchored briefings at Slaughter and May, Linklaters, Allen & Company and Google. Audiences see the mechanics of a breach, not a slide about one.
- He is the offensive practitioner behind Snoopy, the wireless tracking and profiling drone framework presented at DEF CON and covered by BBC and CNN. That gives him standing with technical audiences that most cyber speakers cannot match.
- He runs Agger Labs, a working ransomware-defence business. Boards get current-operator perspective on the ransomware economy, not retired threat-intel commentary.
- Rhodes Scholar with two Oxford master’s degrees, including comparative social policy. That second degree shows up in how he frames cyber for non-technical leadership audiences.
- He has legally compromised more than a hundred banks, governments and corporates over a fifteen-year career. The case material is his own work, not curated public incidents.
Biography highlights
- CEO and founder, Agger Labs, an endpoint ransomware-defence company.
- Founder of three prior technology companies: Maevro (2016), Polira (2017), Kapenta (2020).
- Former senior security analyst at SensePost, where he co-created the Snoopy tracking and profiling drone framework.
- Speaker at Black Hat, DEF CON 22, 44CON and ZeroNights; corporate engagements include Google, Slaughter and May, Linklaters and Allen & Company.
- Featured on BBC, CNN, ITV, Channel 4 and Vice Motherboard, primarily on wireless surveillance, drone-borne attacks and the ransomware economy.
- Rhodes Scholar; MSc Computer Science and MSc Comparative Social Policy, University of Oxford; BSc Computer Science, Rhodes University.
Biography
Ransomware now runs faster than most response playbooks. By the time a CISO is briefing the board, the encryption is finished and the negotiation has begun. That is the operating reality Wilkinson works inside: as CEO of Agger Labs he ships endpoint software designed to halt ransomware before encryption starts, and as a speaker he translates that pace problem for senior audiences who still hear cyber as a compliance topic.
The credibility comes from fifteen years on the offensive side. He started at SensePost in South Africa, running penetration tests against banks, governments and corporates, and co-built Snoopy, a distributed tracking and profiling framework that drew BBC and CNN coverage after its DEF CON 22 presentation. That technical lineage is why Black Hat, DEF CON and 44CON book him, and why his corporate keynotes for Slaughter and May, Linklaters, Allen & Company and Google still rely on live demonstrations rather than abstract slides.
The Oxford background sits alongside the technical work, not on top of it. A Rhodes Scholar with master’s degrees in computer science and in comparative social policy, he brings the second discipline into how he frames a brief for a leadership team: how human systems and technical systems break together, and where boards actually have agency. That is the angle that makes his bank-compromise walkthrough land in a partner meeting rather than a security conference.
The current operator role sharpens the relevance further. Three previous founder roles and the present Agger Labs platform mean briefings are grounded in this quarter’s threat economy, including the ransomware-as-a-service supply chain and the speed gap between attacker tooling and enterprise response.
Key speaking topics
- Cybersecurity as a board capability
- Ransomware economy and operational defence
- Ethical hacking and offensive security demonstrations
- Nation-state cyber conflict
- Smart cities and critical infrastructure exposure
- Wireless and mobile surveillance techniques
- Open source intelligence and human-layer attack vectors
Ideal for
- Boards and executive committees commissioning cyber as a leadership topic, not an IT update
- CISOs and CIOs briefing the rest of the C-suite on attacker behaviour
- Financial services, legal, and professional services firms with high client-data exposure
- Risk, audit and transformation leads designing post-incident response capability
Audience outcomes
- A working mental model of how attackers chain wireless, social and human-layer techniques into a full compromise
- Specific board-level questions to put to a CISO on ransomware readiness and response speed
- A concrete view of where ransomware tooling is in 2026, and what that means for endpoint and backup strategy
- Recognition that cyber decisions belong on the executive agenda, with named accountability rather than delegated comfort
Talks
A live walkthrough of how an attacker compromises a tier-one bank, built from his own penetration-test casework.
Key takeaways:
- How wireless, phishing and physical access combine in a real intrusion
- Where standard control frameworks miss the actual attack path
- The board-level questions that surface these gaps before an incident does
The arms race between attackers and defenders, framed as a history that explains why current tooling keeps losing ground.
Key takeaways:
- Why detection-first strategies are structurally on the back foot
- How attacker economics have changed since the rise of ransomware-as-a-service
- What this implies for security investment priorities at the board level
The cognitive habits that separate attackers from defenders, and how leadership teams can borrow them.
Key takeaways:
- The questions attackers ask that defenders typically do not
- Where this mindset applies beyond cybersecurity, in product, fraud and operations
- Practical exercises for embedding it inside an existing security function
How sovereign actors operate in cyberspace and what that means for civilian organisations caught in the blast radius.
Key takeaways:
- The blurring line between state operations and criminal supply chains
- Sectors most exposed to spillover from geopolitical cyber conflict
- Defensive posture for organisations that are not the primary target but become collateral