Stuart Barnett

Stuart Barnett

Deputy Director Cyber Advisory, BlueVoyant

Stuart Barnett is Deputy Director of BlueVoyant’s UK professional services team, specialising in general cyber security consulting and threat‑led cyber risk management. With a specialist interest in cyber threat intelligence and third party risk, Stuart has led major cyber security engagements across multiple clients including government, financial services, and defence, building on senior consulting roles at Deloitte and BAE Systems Applied Intelligence.

With a foundation of knowledge gained during a period in military intelligence, Stuart’s industry experience also includes working in Nomura’s IT Security Team and as a cyber researcher within the Home Office’s Critical National Infrastructure group amongst others. At BlueVoyant, Stuart supports clients in strengthening resilience across their supply chains, steering the development and delivery of expert cyber consulting services helping organisations stay ahead of evolving cyber threats.

9:35 am - 10:25 am

DORA IN PRACTICE: WHAT’S STILL NOT WORKING IN ICT RISK AND THIRD‑PARTY OVERSIGHT? – PANEL DISCUSSION

Translating regulatory intent into implementation

  • Moving from static lists to dynamic, risk‑based inventories of third‑ and Nth‑party providers
  • Designing and executing meaningful operational resilience tests across complex, multi‑vendor and chain‑outsourcing scenarios
  • Consistently meeting DORA’s tight incident reporting timelines when information sits across multiple providers and jurisdictions
  • Retrofitting DORA requirements into legacy contracts, SLAs and governance structures without disrupting critical services

9:00 am - 9:45 am

DORA IN PRACTICE: FROM REGULATORY INTENT TO OPERATIONAL REALITY – PANEL DISCUSSION

Where DORA implementation is breaking down in practice and how firms are translating regulatory expectation into scalable, defensible operating models

  • Moving from static lists to dynamic, risk‑based inventories of third‑ and Nth‑party providers
  • Designing and executing meaningful operational resilience tests across complex, multi‑vendor and chain‑outsourcing scenarios
  • Consistently meeting DORA’s tight incident reporting timelines when information sits across multiple providers and jurisdictions
  • Retrofitting DORA requirements into legacy contracts, SLAs and governance structures without disrupting critical services