Cyber resilience – from threats, vulnerabilities and incidents to building capabilities, testing and effective management

Raymond Kleijmeer works at APG Asset Management on the implementation of the Digital Operational Resilience Act. Until May 2024 he worked at De Nederlandsche Bank (DNB), the central bank and financial prudential supervisor of the Netherlands. DNB seeks to safeguard financial stability and enhance the resiliency of financial institutions and the financial system as a whole. Raymond was involved in international working groups hosted by the Bank for International Settlements (BIS) publishing among others, the CPMI-IOSCO guidance on cyber resilience for financial market infrastructures in June 2016 and the Financial Stability Board Cyber Incident Response and Recovery toolkit published in 2020. At a national level he worked on the initiation and implementation of the Threat Intelligence Based Ethical Red teaming (TIBER) framework in the Netherlands from 2015 until 2019, when he was seconded to the BIS Financial Stability Institute to publish an FSI Insight on international red team testing frameworks. At the BIS Cyber Resilience Coordination Centre Raymond was seconded from 2020-2022 to establish a program for central banks to perform cyber resilience assessments on critical business services with methodology developed by Carnegie Mellon University.

Paul Macpherson leads the Information Security team for Te Pūtea Matua, with responsibility for managing information and cyber security risks across the organisation.

The Information Security team plays a critical role in ensuring the security and privacy of information entrusted to Te Pūtea Matua as kaitiaki of New Zealand’s financial system.

Paul has over 30 years’ experience in information security administration, consulting and management roles across the public and private sector. Previously he held information security management roles at Westpac NZ and Xero, and spent 10 years with KPMG where he provided information security consulting and audit services to clients globally. He is a Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP).

Stuart has over 30 years of management and analytical experience in the Federal Reserve System.

*1999-present -- Staff and management positions in the Federal Reserve System Board of Governors' Division of Reserve Bank Operations and Payment Systems. Functional areas have included Federal Reserve Bank financial management oversight, Federal Reserve Bank HR oversight, financial market infrastructure oversight, and Federal Reserve System IT oversight and policy (current).

*1991-1999 -- Staff and management positions at the Federal Reserve Bank of Kansas City's Oklahoma City Branch. Functional areas included HR, facilities management, procurement, and financial management.

Simon Onyons brings over two decades of information technology and cybersecurity experience, most recently in the area of finance regulation. He currently serves as a senior advisor to the UK National Cyber Security Centre (NCSC), where he works on the NCSC Advisory Group to support the NCSC Industry 100 initiative to improve cyber resilience across UK industry and will remain in this role while at FTI Consulting.

Prior to FTI Consulting, Mr. Onyons was a Senior Vice President and Head of EMEA Governance, Risk and Compliance within Global Information Security at Bank of America. While at Bank of America, he created and co-led the award-winning Financial Sector Cyber Collaboration Centre (FSCCC) and served as Chair of the Cyber Security Working Group of the Association for Financial Markets in Europe.

Before that, Mr. Onyons worked in cybersecurity at the Financial Conduct Authority (FCA), where he was tasked with defining and implementing the strategy, policy, and structure of the FCA’s cyber supervisory division. Whilst at the FCA, he worked across a range of international working groups and collaboration efforts with global regulators and co-authored best practice cyber resilience guidance for the G7 Cyber Experts Group, the Committee on Payments and Market Infrastructures (CPMI), and the International Organization of Securities Commissions (IOSCO).

Previously, Mr. Onyons worked in business continuity and recovery for a number of IT service providers after beginning his career at IBM.

Constantinos is a Senior Oversight Expert focusing on cyber resilience activities for European FMIs. He is currently a Test Manager for TIBER-EU and is heavily engaged in the further development and evolution of the framework as well as assisting new jurisdictions in adopting and implementing the framework. Constantinos is also involved in the operationalisation and further development of the Cyber Incident and Information Sharing Initiative (CIISI-EU) and in further initiatives to raise the cyber resilience of European FMIs under the Euro Cyber Resilience Board (ECRB). Constantinos also participates in various international cyber groups, including workstreams of the G7 Cyber Expert Group and the CPMI-IOSCO Working Group on Cyber Resilience, as well as World Bank FIGI events, and conducts training for European and International supervisors/overseers on the Eurosystem Cyber Resilience Oversight Expectations. Prior to his Oversight role, he was part of the team monitoring the risks and enhancing the cyber resilience posture of TARGET Services, one of the most critical financial infrastructures in the world. Before joining the ECB in 2017, Constantinos worked at the Central Bank of Cyprus for 6 years, where he was the Bank’s Information Systems Security Officer, leading cyber resilience efforts within the Bank as well as assisting in bank supervision, bank resolution and eDiscovery missions during the financial crisis in Cyprus. Constantinos is a CISSP, CRISC, CISA and CDPSE, and has previously worked at KPMG, Ernst & Young and JCC Payment Systems. He holds a BSc in Mathematics from Warwick University and an MSc in Information Security from the University of Royal Holloway.

Emran joined the IMF in 2020 as a Senior Financial Sector Expert in the Financial Regulation and Supervision Division. In his previous role, Emran was a Senior Oversight Expert at the European Central Bank (ECB) and the lead for developing and operationalising the cyber resilience strategy for the European Union. He was a part of the team that developed TIBER-EU, the Cyber Resilience Oversight Expectations, established the Euro Cyber Resilience Board, developed and operationalized the market-wide cyber exercise (UNITAS) and developed the Cyber Incident and Information Sharing Initiative (CIISI-EU). Emran has been involved in various international cyber groups, including the G7 Cyber Expert Group, the CPMI Task Force for endpoint security, the FSB Cyber Lexicon Working Group, the CPMI-IOSCO Cyber Working Group, the ESRB Systemic Cyber Working Group and the World Bank FIGI. Prior to joining the ECB in 2015, Emran worked at the Bank of England for 5 years, where he was an FMI supervisor, as well as leading the cyber work for UK FMIs (inlcuding the development of CBEST). Emran is a Chartered Accountant, and has previously worked at Goldman Sachs, PwC, IBM and the central government. Emran has a BA and MPhil from the University of Oxford.

Mr. Sukhvir Notra is a Senior Information Security Specialist at the Bank for International Settlements (BIS). He has been an information security professional for over 10 years with majority of his career focused on defensive cyber operations. At the Cyber Resilience Coordination Centre (BIS), Sukhvir is responsible for development and delivery of cyber range exercises, managing cyber resilience assessments of central banks and other projects aimed at strengthening cyber resilience and promoting collaboration in the central bank community. His primary interest include leadership, operations, information security readiness and risk management. He has a Bachelors of Electrical Engineering degree and a Masters of Cyber Security from University of New South Wales.

Brian Gattoni is an Assistant Director in the Federal Reserve Board’s division of Reserve Bank Operations and Payment Systems with responsibilities to ensure the cybersecurity and resilience of Federal Reserve System Information Technology supporting Federal Reserve banks and payment systems. Gattoni is building partnerships and processes that ensure cybersecurity and resilience decisions are risk informed, mission focused, and account for the latest developments in threats and technology.

Prior to joining the Board in January of 2023, Gattoni was the Chief Technology Officer for the Cybersecurity and Infrastructure Security Agency (CISA), where he was responsible for the technical vision and strategic alignment of CISA data and mission services to manage cyber and physical risk to federal networks and critical infrastructure. He led a portfolio of research and development efforts in bringing emerging technologies to use in CISA’s mission including Artificial Intelligence, Zero-Trust, Cyber Deception, Digital Twins, Counter Explosives Robotics and Automated Decision Support systems. Gattoni is a Board Member for the National Institute for Standards and Technology Information Security and Privacy Advisory Board.

Gattoni holds a Master of Science in Cyber Systems and Operations with certifications in Cyber Wargaming and Cyber Operations Infrastructure from the Naval Postgraduate School in Monterey, California, and is a Certified Information Systems Security Professional.