James Lyne

Why organisations work with James Lyne

• He runs the world’s most respected cybersecurity training and research institution, so the material he brings into a boardroom reflects what SANS instructors and researchers are seeing in live incidents, not a curated deck of last year’s case studies.
• Twenty years of frontline work across red teaming, malware reverse engineering, incident response and intelligence support. He speaks to boards, regulators and technical teams in the same briefing and holds credibility with all three.
• Live demonstration is his signature. He hacks IoT devices, runs social engineering against willing volunteers and walks audiences through real ransomware. Leaders leave with a felt sense of the risk, not a slide on it.
• Founder of CyberStart, which put 400,000-plus students through hands-on cyber challenges before closing after nine years. That gives him a specific, tested view on the talent gap most organisations are trying to solve.
• TED main-stage, NBC Nightly News, BBC, CNN, Bill Maher, John Oliver. The booking converts into a communications asset as well as a keynote.

Biography highlights

• Chief Executive Officer, SANS Institute, appointed from the Office of the CEO after years of strategic and operational leadership inside the organisation.
• Certified SANS Instructor specialising in offensive operations, with more than two decades in cybersecurity across offensive, defensive and forensic work.
• Former Global Head of Security Research at Sophos, where he led public threat research and commentary via the Naked Security platform.
• Founder of CyberStart, a gamified cyber skills programme that ran nine years and engaged over 400,000 students in more than 200 hands-on challenges.
• TED main-stage speaker on everyday cybercrime, plus TEDx talks including Hacking With Words and Smiles.
• Recipient of the SANS Difference Makers Award for contribution to the UK cybersecurity community.
• Media regular across NBC Nightly News, CNN, BBC News, Real Time with Bill Maher and Last Week Tonight with John Oliver.

Biography

Most cybersecurity briefings for senior audiences fail in the same way. They are either too abstract to act on, or too technical to follow. Lyne built his career working the gap between those two failure modes, first as Global Head of Security Research at Sophos, then as a long-standing Certified Instructor at SANS Institute, and now as its Chief Executive Officer.

Twenty years on the frontline shapes the material. He has reverse engineered malware, red teamed high-security organisations, supported intelligence efforts against adversaries and sat inside the response to major breaches. That work is the reason his keynotes do not rely on slides. He demonstrates. Hacking an IoT device on stage, walking a room through a live phishing capture, pulling apart a ransomware sample in real time. The threat stops being theoretical.

Lyne’s argument as CEO of SANS is that human expertise, curious and mission-driven, is the decisive advantage in cybersecurity, including against AI-enabled attackers. That belief sits behind CyberStart, the gamified cyber skills programme he founded, which ran for nine years and pulled over 400,000 students through hands-on challenges in cryptography, forensics and ethical hacking. It is also why leadership teams book him when they want their people to leave a session with a sharper instinct, not a longer reading list.

The media footprint reinforces rather than replaces the substance. TED main-stage on everyday cybercrime, appearances on NBC Nightly News, CNN, BBC, Bill Maher and John Oliver, and a SANS Difference Makers Award for his contribution to the UK cyber community. Boards get a speaker who can hold a technical room and translate for a non-technical one in the same afternoon.

Key speaking topics

• Cybersecurity as a board-level risk
• AI-enabled threats and the future of cyber defence
• Ransomware economics and incident response
• Social engineering and the human attack surface
• Internet of Things and connected device risk
• The cyber skills gap and building security talent
• Threat intelligence and the live threat landscape

Ideal for

• Boards, CEOs and audit committees setting cyber risk appetite and oversight
• CISOs, CIOs and CTOs briefing executive teams on threat and resilience posture
• Financial services, critical infrastructure and regulated industries with concentrated cyber exposure
• Leadership summits, customer events and partner conferences where a live demonstration reframes the conversation

Audience outcomes

• A concrete, demonstrated view of how modern attackers actually operate, from ransomware crews to social engineers
• A clearer sense of where AI is shifting the economics of both attack and defence
• Named examples of IoT, identity and supply chain vulnerabilities that map onto the audience’s own environment
• A shared language for boards and technical teams to talk about cyber risk without talking past each other
• A sharper read on where cyber talent and training investment actually move the needle