Martin Smith

Why organisations work with Martin Smith

• He built SASIG from a private forum into a community of more than 11,000 cybersecurity practitioners across roughly 4,500 organisations, which gives him a unique read on what CISOs actually worry about, not what vendors say they should.
• His argument that breaches are behavioural before they are technical reframes the cyber conversation for boards that have over-invested in tooling and under-invested in people.
• Three decades of operational security experience across the RAF, Kroll, Standard Chartered and his own firm, The Security Company, lets him talk to executive audiences without retreating into jargon or vendor pitch.
• He speaks with the authority of an industry founder, not a commentator. SASIG, TSC, and his OSPAs Lifetime Achievement Award in 2017 give him standing other cyber speakers cannot match in a UK boardroom.
• He is unusually effective with mixed audiences of technical and non-technical leaders, a direct consequence of his behavioural psychology background and a career spent translating between the two.

Biography highlights

• Founder and Chairman of The Security Awareness Special Interest Group (SASIG), established 2004; now part of Nineteen Group following the January 2024 acquisition.
• Awarded the MBE for 15 years as a commissioned officer in the Royal Air Force Security (Provost) Branch.
• Former Senior Director of Corporate Security at Kroll Associates (UK) and Head of Information Security at Standard Chartered Bank.
• Founded The Security Company (International) Limited in 1997, exiting via management buyout in December 2019.
• Lifetime Achievement Award, inaugural OSPAs (Outstanding Security Performance Awards), March 2017.
• BSc in Behavioural Psychology; FSyI (Fellow of The Security Institute); Freeman Emeritus of the Worshipful Company of Information Technologists.

Biography

The vast majority of cybersecurity failures start with a human decision, not a system flaw. That observation has driven Martin Smith’s work for three decades, and it is the argument SASIG, the network he founded in 2004, was built around. Today it represents over 11,000 practitioners drawn from roughly 4,500 organisations across UK industry, government, law enforcement, and academia.

His credibility is operational, not theoretical. Fifteen years as a commissioned officer in the Royal Air Force Security (Provost) Branch earned him an MBE. He then went into the commercial sector via Touche Ross, took on Senior Director of Corporate Security at Kroll Associates, and ran information security for Standard Chartered Bank before founding The Security Company (International) Limited in 1997.

What ties that career together is a behavioural psychology background that shapes how he reads risk. Boards tend to think of cyber as a technical procurement problem. Smith’s work consistently pushes them toward the harder question of how staff behave under pressure, how culture is engineered, and how awareness is sustained beyond an annual training module.

He retired from TSC in December 2019 in a management buyout to focus on SASIG, which Nineteen Group acquired in January 2024. In March 2017 he received the inaugural OSPAs Lifetime Achievement Award for his work on the human factor in security breaches, which remains the most precise summary of what he has spent his career arguing for.

Key speaking topics

• Cyber and information security
• The human factor in security breaches
• Security awareness and behavioural risk
• Counter-terrorism and crisis management
• Risk and resilience for boards
• The business of security

Ideal for

• CISOs, CIOs and CTOs assessing the cultural side of their cyber exposure
• Boards and audit committees recalibrating cyber risk beyond tooling spend
• HR and learning leaders responsible for security awareness programmes
• Public-sector and regulated-industry leaders working with sensitive information

Audience outcomes

• A clearer view of where cyber budgets are misallocated between technology and people.
• Specific, practitioner-grounded examples of how organisations engineer security awareness into culture rather than treat it as a compliance event.
• A working understanding of the human-factor argument that has reshaped UK cybersecurity practice over the last twenty years.
• The perspective of a founder who has watched 11,000+ cyber practitioners articulate what really keeps them awake.