Cybersecurity Law & Practice

An advanced two-day programme for in-house counsel: navigating law, incident response and frontline intelligence

Developed and delivered jointly by Mandiant’s (part of Google Cloud) world‑leading incident response and threat intelligence experts together with senior legal specialists from Marks & Clerk, this two‑day advanced programme provides an academic‑grade, practice‑oriented training experience for in‑house lawyers, general counsel, risk leaders and compliance professionals. 

Venue

Oxford Saïd Business School, Park End Street, Oxford, OX1 1HP. Accommodation is not included and should be arranged separately.

Course Date

28 & 29 October 2026

Pricing

The programme fee is £1,600, which includes full course materials, refreshments throughout the day, and a keynote dinner on Day 1.

Programme overview

Who should attend

  • General Counsel and in‑house legal teams

  • Senior executives seeking deeper cybersecurity understanding

  • Compliance and risk professionals working in cyber‑adjacent areas

Why this programme is unique

  • Jointly delivered by Mandiant and Marks & Clerk in a workshop format, offering a combination of legal, forensic and operational expertise.

  • Designed specifically for lawyers, with academic‑grade content tailored to legal responsibilities and real‑world workflows.

  • Hands‑on exposure to how forensic teams work, the terminology they use, and how legal advisors integrate into technical investigations.

  • A focused environment enabling meaningful discussion, peer networking and scenario‑based learning.

Key cybersecurity law in England & Wales

Regulatory duties, reporting obligations, privilege, contractual issues, IP considerations

Understanding how forensic teams operate

Investigative stages, technical jargon, digital evidence handling

Acting as a legal advisor during a live incident

Ransomware scenarios, negotiation dynamics, crisis communications

Psychology and resilience

Supporting teams under pressure in cybersecurity incidents

Board‑level reporting

Obligations, risk frameworks, and effective escalation

Threat intelligence

Attacker motivations, major threat groups, geopolitics and cybersecurity operations

Chief Information Security Officer

Understanding the CISO role and business‑as‑usual cybersecurity risk processes

Supply chain cybersecurity risk

Vendor due diligence, monitoring and advanced cybersecurity contracting

Managing risk

Cybersecurity insurance, insider threats, and ethical hacking under the Computer Misuse Act

Future direction

Cybersecurity legislation and standards (e.g. ISO frameworks)

Our Cybersecurity Law & Practice speakers

Marks & Clerk is an international firm that helps organisations protect, manage and commercialise their innovation. With deep expertise across patents, trade marks and emerging areas such as AI and cyber, the firm supports clients in navigating complex technological and regulatory landscapes.

Mandiant is a leading cybersecurity organisation recognised for its deep threat intelligence, incident response expertise, and strategic security consulting. The company supports organisations around the world in detecting, understanding, and defending against sophisticatedcyber attacks, helping them build resilience in an increasingly complex digital environment.

Paul Tumelty-1

Paul Tumelty

Paul joined Mandiant in March 2019 and he directs both the Mandiant Government practice in EMEA and the UK & Ireland consulting team. In these roles, he works with governments and large enterprise clients across the region to design and implement cybersecurity transformation programmes at scale. Paul directed Mandiant’s Incident Response and Remediation support to 20+ victim organisations in Ukraine in one of the most challenging engagements in Mandiant’s history. He also designed Mandiant’s proprietary National Cyber Capability Framework and specialises in Incident Management. Before joining Mandiant, Paul spent 13 years in the British government in a range of intelligence, operational security and diplomatic roles in the Ministry of Defence (MOD) and Foreign, Commonwealth and Development Office (FCDO). He completed 5 overseas postings, including on secondment to the US Department of Defence, and as the UK’s Cyber Attaché to NATO in Brussels responsible for bilateral Cyber Capacity Building with Allies.
William Malcom

William Malcolm

William is Executive Director of Regulatory Risk & Innovation at the UK Information Commissioner's Office. He leads the ICO's teams focused on regulatory supervision of AI, technology and innovation across UK business, including technology policy, regulatory sandboxes, industry engagement, and strategic collaboration with the Digital Regulation Cooperation Forum.

William has over 25 years of senior executive experience, focusing on legal, policy and regulatory leadership and is a frequent speaker on data protection, privacy and AI issues. Prior to joining the ICO William spent 15 years as a global legal and regulatory leader with a major US tech company as an advisor to senior product and leadership teams on compliance design and data strategy.

William is qualified as a Solicitor in England and Wales and Scotland. 
Dan Wire

Dan Wire

Based in San Francisco, CA., Dan heads Mandiant's Crisis Communications practice, a global team that provides crisis management and stakeholder communications support for clients preparing for, or experiencing an active cyber event. Dan Wire has more than 20 years of professional communications experience, with more than a decade focused on the cybersecurity industry. In his role as head of the crisis communications practice at Mandiant, he works with clients to develop proactive communications strategies to manage business risk during a cybersecurity event, and help manage brand reputation, audience communications and messaging while actively experiencing a cyber incident. Dan joined FireEye/Mandiant in 2014 - as part of and eventually leading - the corporate communications and brand marketing teams. He has been supporting Mandiant clients with crisis communications services since joining Mandiant, building an informal practice for incident response clients.

Jamie Collier

Dr Jamie Collier

Dr Jamie Collier is the Lead Threat Intelligence Advisor in EMEA at Google Cloud. He works with organizations to help them understand their threat landscape and build threat intelligence capabilities. Jamie is also active within academia as a Visiting Senior Research Fellow at Kings College London and as an Associate Fellow at the Royal United Services Institute (RUSI). Before joining Google, he was the Cyber Threat Intelligence Team Lead at Digital Shadows and completed a PhD in Cyber Security at the University of Oxford. Jamie was previously based at MIT as a Cyber Security Fulbright Scholar and has experience working with the NATO Cooperative Cyber Defence Centre of Excellence, Oxford Analytica, and PwC India. Jamie has presented at numerous global conferences, and his commentary is regularly included in media reports (including Bloomberg, The Wall Street Journal, and The Financial Times).

Fiona Phillips

Fiona Phillips

Fiona Phillips leads Marks & Clerk’s AI and Cybersecurity legal advisory practice, advising clients on the full range of legal, regulatory and governance issues arising from AI deployment and cybersecurity risks. A former senior General Counsel with 15 years’ experience at HSBC and UBS across the UK, Middle East and Asia, she is known for translating complex technology and regulatory challenges into practical, commercial guidance. Fiona chairs the Cybersecurity committee for the Society for Computers and Law. She was recognised in the FT Innovative Lawyer Awards for her interactive cyber tabletop for lawyers - designed to help in-house lawyers learn how to best support in an incident through interactive training.

Eleonor Duhs - Colour

Eleonor Duhs

Eleonor Duhs is a partner in Marks & Clerk's AI & Cybersecurity legal advisory practice. She is a barrister and the Head of Data & Privacy. Eleonor advises organisations on all areas of data protection law, including on the data protection aspects of cybersecurity incidents. She has won awards for her data protection work and is an emeritus fellow of the International Association of Privacy Professionals (IAPP). Before moving into private practice Eleonor was a senior UK government lawyer. She was the government’s lead lawyer in the negotiations on GDPR. She advised on EU and international law at the Foreign and Commonwealth Office and in the Department for Exiting the European Union. Eleonor has given evidence to Parliamentary Committees. She is frequently invited to speak at international conferences and to comment on data protection in the national media. 

Suzanne Williams

Suzanne Williams QPM

Dinner Keynote Speaker

Suzanne Williams is an international hostage and kidnap negotiation expert. She was the most senior ranking officer in the negotiation unit at Scotland Yard, and continues to advise foreign and domestic governments on negotiation strategies and cyber threats. An Associate Fellow at Oxford’s Said Business School and visiting lecturer at Harvard, she covers everything from crisis response and security, to trust and ethics in negotiation.

Suzanne began her career in the police specialising in kidnappings, sieges, domestic barricades, suicide prevention and bank robberies. During her time as a Scotland Yard detective, she became the first woman to head the Kidnap and Hostage Negotiation Units. Over the course of her career, Suzanne has advised and briefed government ministers, worked with the FBI, and consulted for the international aid sector. She has also worked on the Royal Protection senior management team, where she directed security for major royal events and structured response plans in the event of an incident targeting the Royal Household.

A globally recognised expert on security and cyber threats, Suzanne applies negotiation strategies to business and politics. In recounting stories from her career, she offers a glimpse into the extraordinary and high-pressured life of a hostage negotiator. She discusses communication across cultures, and reveals how negotiation relies on knowing what is attainable and understanding the other party’s objectives. Suzanne looks at the intersection between leadership, communication and performing in stressful environments, and tackles the fragility of trust and ethics in negotiation strategies.

Register today

Terms & Conditions

1. Introduction & Agreement
  • These Terms & Conditions (“Terms”) govern the purchase of tickets and attendance at the Cybersecurity Law & Practice 2 day training course (“Event”). By completing a registration or purchasing a ticket, you agree to be bound by these Terms.
  • No other terms apply unless expressly agreed in writing.
  • Your registration constitutes an offer; acceptance occurs when we confirm your booking in writing or electronically.
2. Booking & Payment
  • Bookings are processed on a first‑come‑first‑served basis and may be accepted or refused at our discretion.
  • Payment must be made in full by the deadline stated at checkout. If payment is not received before the Event start date, access may be denied.
  • Tickets are issued only upon receipt of full payment.
  • Prices may be subject to VAT where applicable. Marks & Clerk Insights LLP VAT Reg. No. GB511293815.
3. Refunds, Cancellation & Substitutions
  • Refunds will be processed as follows: Up to 60 days before the Event: 100% refund; Up to 30 days: 50% refund; Less than 30 days: No refund.
  • Substitution requests may be granted subject to written notice and approval.
  • If the Event is cancelled by the organiser, a full refund of registration fees will be issued.
  • We reserve the right to alter the schedule, speakers, content, or format of the Event.
4. Conduct & Right to Refuse Entry
  • We may refuse entry or remove any attendee for inappropriate, disruptive, unlawful, or non‑compliant behaviour.
  • Attendees must not publish or share content that is threatening, defamatory, obscene, infringing, illegal, or harmful.
  • We may restrict or remove Event access in response to unacceptable behaviour.
5. Intellectual Property Rights
  • All Event materials, presentations, recordings, photos, and other content are protected by copyright and other intellectual property rights.
  • You may not reproduce, distribute, or commercially use content without written permission.
  • We may film, photograph, or record the Event and use such materials for promotional purposes.
  • Attendees may take limited photos or recordings for personal use, but not for commercial use.
6. Data Protection
  • Personal data will be processed in accordance with applicable data protection laws and our Privacy Notice.
7. Health, Safety & Venue Compliance
  • Attendees must comply with all venue rules, including health & safety requirements.
  • Attendees are responsible for their personal belongings; the organiser accepts no liability for loss, theft, or damage.
8. Sanctions
  • Neither you, nor, so far as you are aware, any agents or other persons acting on your behalf:
    • is listed on the “Specially Designated Nationals and Blocked Persons” list maintained by the Office of Foreign Assets Control of the United States Department of the Treasury (“OFAC”) or any similar list maintained by the United Nations, the United Kingdom, the European Union, or any other relevant governmental entity;
    • directly or indirectly, has conducted, conducts or is otherwise involved with any business with or involving any government (or any sub-division thereof), or any person, entity or project, targeted by, or located in any country that is the subject of, any of the sanctions administered by OFAC or any equivalent sanctions or measures imposed by the United Nations, the European Union or any other relevant governmental entity (collectively “Sanctions”);
    • directly or indirectly supports or facilitates, or plans to support or facilitate or otherwise become involved with, any such person, government, entity or project; or
    • is or ever has been in violation of or subject to an investigation relating to Sanctions.
  • Each Participant shall ensure they are legally entitled to attend the Event and by attending each Participant warrants that they are not the subject of any Sanctions or trade controls or other restrictions that mean they should not attend.
8. Force Majeure
  • We are not liable for delays or failure to perform due to events beyond reasonable control, including natural disasters, pandemics, war, terrorism, and government actions.

9. No legal advice or reliance
  •  This event is provided for educational and informational purposes only.
  • Nothing presented constitutes legal advice, no lawyer-client relationship is created and you should not rely on any information or commentary as professional or technical advice.
10. Liability
  • We are not responsible for disruptions caused by internet failures or technical issues beyond our control.
  • Our total liability is limited to the ticket price paid.
11. Age & Eligibility
  • Bookings are not accepted from individuals under 18 years old.

12. Governing Law & Jurisdiction
  • These Terms are governed by the laws of England and Wales. Disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.