Chief Information Security Officer, Australian Government Department of Human Services

What drew you to working in your chosen field?

I must say when I joined the navy 25 years ago, Cyber Security didn't really exist. Subject choices that I made while at the Australian Defence Force Academy would, years later, steer me towards cyber. After completing the Navy's year long warfare course I was hoping to return to sea as an Anti-Submarine Warfare Officer, however because I had a degree in English and Information Systems was sent as the Signals Communications Officer – and so changed the course of my career. This was the most fundamental shift in my career direction and upon reflection was one of the best things that happened to me. I was given the opportunity to pursue further studies and I completed two master's degrees - one in Science (Computing), the closest thing to cyber that you could study a decade ago, and the second in Systems Engineering. Throughout my later postings in the Navy it became obvious that there was both significant risk and opportunity in cyber warfare.

Which of your many career achievements do you feel is your greatest and/or most exciting?

I was very fortunate to have an amazing career in the military including several operational deployments and being awarded a Conspicuous Service Medal for my time as Deputy Director Cyber (Maritime) however the most exciting opportunity I have had was assuming my current role as CISO DHS. Upon joining DHS I was giving a $10M budget and six months to deliver a fully operational Cyber Security Operations Centre. Building the facilities was only one aspect, we also required a significant technology uplift and the 28 initial staff needed to grow to over 200. I look back now at what has been almost 2 ½ years and we have achieved all of that and more. The Branch has achieved its aim with over 200 staff and a CSOC that is 24/7 with a mature intelligence/operations fusion cell, we now have a robust risk capability from assessment through to accreditation, a large program directorate with a focus on research, development and innovation and an influence team that interact with all forms of media.

What would you say is the currently the biggest challenge facing the international cyber community?

The current shortage of cyber experts and a lack of situational awareness across industry sectors. To help overcome the first part I have adopted a less than traditional approach to recruitment. I have moved away from recruiting technical expertise and moved towards looking for people with the right mindset and attitude and developing a training program that will equip them with the necessary skills to become excellent cyber professionals. I think we are getting a lot better at sharing information and there is no shortage of collaboration tools available. However, it is challenging sharing across sectors to the extent that is useful, while still maintaining cyber security of that picture. The bigger that group gets the more difficult it is to maintain those trusted connections. While we are, for the most part, technologists, we also know just how easy it can be to engineer yourself into these groups (technically or socially) so we are also probably the least trusting group of professionals. This is why personal relationships in cyber are so important. We hope with initiatives like the annual Cyber War Games, bringing people together that otherwise would have limited opportunities to form relationships, we can start to rectify the second issue.

How could Australia further engage with our international partners to harness the opportunities of the digital age?

Partnerships need to be formed, nationally with public and private sector organisations as well as internationally. Growing relationships and having an appropriate level of transparency in information sharing networks consolidates the knowledge and mitigations that can be adopted to improve security and identify unforeseen threats. This would also be a great enabler in any potential future global cyber event. It would be prudent for us to continue to host cyber events brining these people together, as well as to ensure continued engagement by us overseas.