Jump to navigation Jump to content

Speaker

Tommy Black

Tommy Black

CSO for Sparkoo Ltd, (Huawei Cloud’s Irish subsidiary)

Dublin, Ireland

Actions

Chief Security Officer of Sparkoo Technologies Ireland | Huawei Cloud Europe, leading cybersecurity and compliance strategy across the EU.
With 10+ years of experience in offensive security, IoT risk, and secure software delivery, he has driven NIS2 compliance programmes, global incident response frameworks, and DevSecOps transformation initiatives.
Tommy has held senior roles at CFP Energy, ASLAN Technology Services, Cloudten Industries, and Deloitte, delivering complex security operations and regulatory alignment projects across multiple industries. A recognised thought leader in DevSecOps and emerging technology risk, he combines expertise in penetration testing, adversary simulation, and secure cloud architectures with regulatory knowledge spanning GDPR, DORA, and NIS2. He holds credentials from ISC2, SABSA, Applied Risk, HashiCorp, and EC-Council, and is passionate about advancing secure innovation in cloud and critical infrastructure.

Links

Area of Expertise

  • Energy & Basic Resources
  • Finance & Banking
  • Information & Communications Technology

Topics

  • Cybersecuirty
  • Cybersecurity Strategy
  • Cybersecurity Automation
  • cybersecurity compliance
  • cybersecurity awareness
  • Cybersecurity Governance and Risk Management
  • Cybersecurity Threats and Trends
  • Artificial Intelligence and Machine Learning for Cybersecurity
  • AI and Cybersecurity
  • Emerging Cybersecurity Topics
  • Cyberthreats
  • Active Cyber Defence
  • Cybersecurity Regulations and Compliance
  • Security & Compliance
  • Compliance
  • Governance risk and compliance
  • Continuous compliance (DevSecOps perspective)
  • Compliant Kubernetes
  • PCI DSS Compliance
  • Regulatory Compliance
  • Cloud Computing
  • OT Cybersecurity
  • cyber attacks
  • Data Compliance
  • cybersecurity maturity model certification
  • cybersecurity ethics
  • Industrial Cybersecurity
  • Cyber Threat Intelligence
  • cyber security leader
  • cyber risk
  • offensive cyber security
  • Cyber Security Framework
  • ISO 27701
  • ISO 27001
  • NIS2
  • DORA
  • Artificial intellince
  • artificial intelligence risk
  • artificial intelligence security
  • Cloud Native Artificial Intelligence
  • The Future of Artificial Intelligence: Trends and Transformations
  • DevSecOps
  • DevSecOps Integration
  • Incident Response Planning
  • Incident Response and Management
  • SCADA Hacking
  • industrial control
  • Industrial AI
  • Red Teaming
  • Social engineering
  • Not for Profit

Sessions

Bridging the Gap: Translating Policy into Practice in an AI-Driven Cloud

As Europe’s cybersecurity and AI regulatory landscape accelerates, security teams face the challenge of translating complex legal frameworks such as NIS2, CRA, and the EU AI Act into actionable technical outcomes. This talk unpacks how to operationalise compliance, from SBOMs to Zero Trust, in cloud-native environments. Drawing on real-world lessons from supporting Huawei Cloud’s EU compliance uplift, I’ll walk through practical approaches to risk scoring, mapping controls, and building scalable frameworks that serve both auditors and engineers. Whether you’re a blue teamer or governance lead, you’ll leave with tools and examples to take back to your own org.

Beyond SBOMs: Operationalising Third-Party Risk for Regulatory-Driven Cloud Environment

As software supply chain attacks continue to evolve, regulators are demanding more than just visibility — they expect verifiable control and accountability. This session explores how large-scale cloud environments can go beyond surface-level SBOM compliance to implement scalable, auditable third-party risk management frameworks that align with emerging legislation such as the Cyber Resilience Act, NIS2, and the EU AI Act.

Drawing from practical experience across EU markets, we’ll walk through how to map compliance obligations to technical controls, what it takes to validate supplier assurances, and why Zero Trust and AI governance must now intersect with supply chain strategy.

Attendees will gain insight into how a multi-region cloud provider is adapting security posture, evidence models, and contractual frameworks to meet the next generation of regulatory scrutiny.

NIS2 in Practice: A European Blueprint for Cybersecurity Assurance in Cloud Operations

How can large-scale cloud environments practically align with Europe's toughest cybersecurity regulation? This session offers a real-world blueprint based on Huawei Cloud’s journey to prepare its Hungary office as the company's first, NIS2 compliant location. We share insights on implementing effective incident reporting frameworks, enforcing software bill of materials (SBOM) practices, and managing vendor risk in line with EU expectations. The talk also highlights key lessons on integrating local regulatory priorities with a global cloud security architecture. Attendees will leave with actionable strategies, tooling ideas, and governance structures to help their organisations meet increasing cybersecurity obligations across borders—while reinforcing trust in cloud infrastructure.

Tuesday, 21 Oct 2025 3:50 pm - 4:10 pm (20 minutes)
GovWare 2025: Sands Expo & Convention Centre, Level 1, Exhibition Hall

Huawei Cloud: Redefining Cloud Security Governance in the AI Era

Overview of how Huawei Cloud Compliance and Security enables client confidence in security within an era of AI and LLMS

Wednesday, 22 Oct 2025 3:40 pm - 4:00 pm (20 minutes)
GovWare 2025: Sands Expo & Convention Centre, Level 3, Angsana Room

Events

GovWare 2025 Sessionize Event

October 2025 Singapore

Tommy Black

CSO for Sparkoo Ltd, (Huawei Cloud’s Irish subsidiary)

Dublin, Ireland

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top