CISO Edge Post Event Report – Leading Sustained Change & Secure Digital Execution, July 2019
While we all try to reinvent as a “Digital Business” and compete via experience and technology, we must remember that without trust there is no digital business; without effective security foundations, there is no good experience.
We’re facing broader challenges around legacy, shadow IT, cloud and app sprawl – and our Heads of Security are leading bigger strategies, programs and change than ever before.
These technical execs not only deliver security, compliance and trust, but now must also deal with the perception of cyber, politics, and managing multiple stakeholders to bring everyone along on that journey.
ADAPT’s annual CISO Edge event focuses on evolving the traditional role of security manager to a modern business executive. Content delves into the leadership and commercial skills to deliver in that elevated position: how to manage up and top-down, how to build high performing teams and culture, and to write and execute the strategy.
We hosted CSOs and CISOs responsible for 1.5 million staff and 45% of Australia’s GDP.
To guide them the agenda brought the former CIO of the US Navy and deputy CIO for the US DoD, local leaders from Westpac, Qantas, NAB and the NBN, the NSW Government, David Spark, Forrester, SEEK and Standard Chartered Bank Singapore.
Thanks to all who attended and collaborated for such an inspiring day.
CISO EDGE STATS
Compliance, awareness, skills, people, culture, detection, visibility – sounds a bit like buzzword bingo – we asked the top of the mind challenges you face when it comes to managing, implementing and succeeding with your security initiatives.
Clearly things are not getting any easier, complexity is increasing while your ability to attract and retain staff to fulfil and overcome these challenges is declining
At the same time, regulatory expectations and requirements are increasing while our customers, employees, leadership and board members are increasingly struggling with new tools, processes and policies.
At every level of Australian organisations, security comes up as a leading technology priority. 90% CIOs attending ADAPT CIO Edge event earlier this year ranked security as their number one technology priority as compared to 78% CDOs and digital leaders attending ADAPT Digital Edge event.
ADAPT finds that this disconnect drives adjacent perceptions, which can have wider organisational ramifications.
When we switch tables to awareness, we are really seeing significant differences with digital leaders believing we are doing a pretty good job, whereas CISOs and CIOs tend to rate awareness across the organisation as average to terrible.
We need to take an organisation-wide approach to awareness and prioritisation, stop addressing security as siloed parts of the business to align perceptions with reality across all parts of the leadership team.
So what is keeping CISOs awake at night?
Brand damage has jumped to the top of the list as the key driver for security strategy, investments and initiatives
Major fines, breaches and nefarious data use have really helped drive this:
BA/Facebook/Marriot/ANU/Revenue NSW/Symantec/Australian catholic university – to name a few
Data privacy rates as the second-highest driver. This lines up nicely with brands as they kind of go hand in hand together – clearly, any data breach and/or loss of information will damage brand value.
Financial loss at the corporate level remains important, again aligning very closely to the other two i.e; brand damage and data privacy, which independently or together can have significant financial impact on the company, its business and its officers
We measure success and failure of IT and IT/Business aligned initiatives, the way we have always measured
ADAPT researches and analyses thousands of c-suite data points every year, and based on our analysis, it is clear the way data is accessed, managed and attacked is changing.
ADAPT is conducting Australia’s most comprehensive ongoing study of cloud migration.
Cloud migrations are not just increasing, they are accelerating with the expectation amongst CISO Edge attendees being that 67% of workloads will be housed in one form of cloud or another.
The good news is that in terms of overall cloud private/public/hybrid; CISO Edge attendees are very closely aligned with their CIO counterparts attending our CIO Edge event earlier this year, as illustrated here.
Disconcertingly, there is a significant disconnect between CISOs and CIOs when it comes to public cloud, with CISOs expecting 24% of workloads in the cloud versus 36% for CIOs.
We recently saw a 6TB hack at Citrix – this was made possible by weak passwords. Security is everyone’s responsibility.
These sort of incidences occur not because our people don’t care, or they are inept. It is more often case of what they don’t know.
It is our responsibility as IT and Security leaders to raise awareness of the implications of employee and customer actions.
We scratch our heads at the “mistakes” people make, yet over half of all attendees at ADAPT CISO Edge event admitted they conducted security awareness programs less than once or twice a year.
Australian consumers lost over $489 million due to Cyber scams in 2018 and this amount is increasing exponentially annually, up 44% year-over-year from 2017.
Security leaders need to make the conversation and awareness programs much more about the “what’s in it for you” rather than “what’s in it for the company”. Start to drive a whole of life approach to how you help train and empower your teams, security does not and should not stop at the company gates.
DELEGATION AT CISO EDGE
ACT Health – CISO
Adelaide Airport – EGM Technology and Innovation
AIA Australia – Head of Technology Risk
Air New Zealand Limited – CISO
AMP – Acting Head of Cyber
Atlassian – Program Manager, Security
Auckland International Airport Limited – Director – Information Security
Aurizon Holdings Limited – Cyber Security Manager
Australian Bureau of Statistics – CISO
Australian Prudential Regulation Authority – CSO
Australian Red Cross – Senior Manager, Cyber Security
Australian Securities Exchange – CISO
Bank of Queensland – Head of Cyber Security
Bauer Media – APAC Manager, Technical and Information Security
BHP – Global Head of Cybersecurity Programs
Broadspectrum Limited – GM, Infrastructure & Security
Brookfield Asset Management – Director of Security
Bupa Australia – Deputy CISO
Cardno – CTO
Catholic Education Office, Diocese of Parramatta – CIO
CAUDIT – CEO
Charter Hall – Chief Information and Technology Officer
Citipower and Powercor – Head of Cybersecurity
Commonwealth Bank of Australia – GM Cyber Protective Services
Compass Group Australia and New Zealand – CTO
Consultancy – Founder
Department of Environment, Land, Water and Planning, VIC – Program Director, Cybersecurity
Department of Premier and Cabinet, NSW – Executive Manager, Information Security and ICT
Dexus Property Group – IT Risk & Cybersecurity Manager
Domain Group – Information Security & Compliance Manager
Elders – Service Delivery Manager – Information Security
Endeavour Energy – Information Security Management
Energy Queensland – GM Digital Partnerships
Essential Energy – Head of Cyber
Estia Health – Manager, Information Security Office
Fire and Rescue NSW – CISO
Foodstuffs North Island Ltd – Head of Operations and Enterprise Services
Forrester – Principal Analyst serving Security & Risk professionals
Forrester – VP, Principal Analyst, CIO Advisor
Fox Sports – Head of Cyber Security and Compliance
Genesis Care – Head Of Security
George Weston Foods – Security Architect
GPT Group – Head of IT Operations
Harvey Nash – MD
Harvey Norman – Head Of Information Security
Hays Specialist Recruitment – Manager, Information Security and Risk
Healius – CISO
Healius – Senior Security Project Manager, IT
Horizon Power – Information Security Manager
Hyundai Motor Company Australia – Head of Technology
IAG – Head of Cybersecurity Governance & Strategy
ING Direct – Head IT Risk & Security
Inventium – Founder
JBS Australia – IT Director – Projects & Strategy
JLL – APAC CISO
Julia Steel – Speaker, Author, Trainer & Coach
Kathmandu Holdings – CIO
Kordia Australia – CISO and Head of Security Design and Operation
Latitude Financial Services – CISO
Link Group – Head of Information Security – APAC
L’Oreal – Information System Security Manager
Macquarie Group – CISO – Banking and Finance Services
Macquarie Group – Divisional Director Cybersecurity
Mater Health Services – Manager Cyber, Risk and Assurance
ME Bank – CISO
ME Bank – Head of Information Security & Digital Risk
Melbourne Airport – CISO
Melbourne Health – CTO
Mercury – EISO
Metcash – Head of IT Infrastructure
Metcash – General Manager – IT (Infrastructure & Analytics)
Metro South Hospital and Health Service – Senior Technology Manager
Microsoft Australia Pty Ltd – Chief Cyber Security Officer APAC
MLC – Head of Information Security – CISO (acting)
National Australia Bank – Chief Security Officer
NBN – Chief Security Officer
New Zealand Post – Head of IT Risk and Security
News Corp Australia – CISO
Nine Entertainment Co Holdings – Director, Architecture and Security
NSW Health – CISO
NSW Treasury – NSW Chief Data Scientist and CEO of NSW Data Analytics Centre
Orica Australia – IT Security and Standards Management
PepsiCo Asia Pacific Region – AMENA IT Operations Senior Manager – Asia Pacific & China
PWC – APAC CISO
Qantas – Senior Cyber Security Manager
QBE Insurance – Global Innovation Program Lead
Queensland Airports Limited – Head of Cyber Security and Infrastructure Operations
Queensland Health – CISO
Queensland Health – Director, Security Programs
Reece Australia – CISO
SAI Global – CISO & Data Protection Officer
Seek – Head of Cyber Security (CISO)
Seven West Media – Head of Operations and Delivery
Singtel Optus – CISO
Standard Chartered Bank Singapore – Global Head, Cyber Training, Awareness and Exercises, Group CISO
Suncorp – Executive General Manager – Life Transition, Security, Risk & Compliance
Tafe NSW – GM Technology and Management Support
Telstra – GM – Security Controls & Threat Research and Intelligence
The Warehouse Group – GM Infrastructure
The Warehouse Group – Group CISO
Thiess – IT Security & Governance Manager
Toll Holdings Limited – Head of Cyber Security
Treasury Wine Estates – Head of Information Security
University of Adelaide – Ciso
University of Melbourne – Director- Cyber Security
University of Sydney – Director – Head of Cyber Security
Ventia – Group Manager, ICT Security & Risk
Veolia Environmental Services – Head of IT Infrastructure Security and Cloud
Virtus Health – Security Engineer
Vodafone Hutchison Australia – Principal Security Architect
Vodafone Hutchison Australia – Account Director – Security
Volvo Group Australia – Senior IT Manager
Weir Group – CTO Office Security Architect
Western Sydney Local Health District – Head Information Security and Risk
Westpac Banking Corporation – COO & Chief Risk Officer, Technology
Westpac Banking Corporation – Head of Security Protection Services
Willow – Systems & Security Manager
Wilmar Sugar Australia Limited – IT Infrastructure Architect
WPP AUNZ – Group CIO
Yancoal Australia – Manager, ICT Infrastructure Services
ADAPT EDGE EVENTS
ADAPT host a community of 2,000 executives annually across our 6 national Edge events and 60 private executive lunches, where we share ideas and debate ways to gain advantage through personal and organisational success.