This panel discussion led by Peter Hind – Senior Analyst at ADAPT and including Maryam Bechtel, CISO at AGL, Anna Aquilina, CISO at University of Technology Sydney and Tony Vizza, Executive Director, Cyber security at KordaMentha, discusses the imperative of top-down leadership in cyber security.

Effective leadership, stakeholder engagement, and the use of metrics for measuring progress are crucial.

Maryam underscores aligning cyber security strategy with business goals, emphasising the need for a defensible risk plan, while Anna highlights executives’ understanding of the dynamic cyber threat landscape and the importance of multi-level leadership.

Tony focuses on governance’s role, noting that weak governance hampers organisations in facing cyber threats.

The discussion explores data governance challenges, including data classification and clarifying data steward roles.

Maryam shares insights from implementing a data purging program at AGL, stressing alignment with regulations and business needs.

Tony emphasises data minimisation for risk management, noting organisations’ tendency to retain unnecessary data.

The panel advocates for a product lifecycle approach to cyber security, stressing continual vigilance and adaptation to evolving threats.

Fostering a culture of cyber security ownership across all organisational levels is pivotal, with metrics serving to assess cyber security posture and evolve alongside the threat landscape.

Optimism stems from AI advancements, regulatory focus, and the dedication of cyber security teams.

Legal and regulatory attention also boosts awareness among senior management, supported by the passion of cyber security teams.

Despite ongoing challenges, embracing collective efforts to bolster cyber security resilience and mitigate threats effectively will lead to advancements.

 

Key takeaways:

Leadership and engagement: Effective cyber security leadership and stakeholder engagement are crucial for navigating the dynamic cyber threat landscape and ensuring alignment with business objectives.

Data governance and risk management: Addressing challenges in data governance, including data classification and minimisation, is essential for reducing risk exposure and aligning data management practices with regulatory requirements and business needs.

Continuous improvement and optimism: Adopting a product lifecycle management approach to cyber security and leveraging metrics for assessing cyber security posture enable organisations to adapt to evolving threats. Despite challenges, optimism prevails due to advancements in AI, increasing legal and regulatory attention, and the dedication of cyber security teams to make a positive impact.

Contributors
Peter Hind Principal Research Analyst at ADAPT
Peter Hind has spent the last 25 years as an analyst and commentator on the ICT industry. ​ His primary areas of interest... More

Peter Hind has spent the last 25 years as an analyst and commentator on the ICT industry. 

His primary areas of interest are the potential of technology to transform the way organisations operate, the change management obstacles executives encounter in realising this potential, as well as the tactics and techniques leaders have deployed to overcome these difficulties.

Peter now takes on multiple roles within ADAPT including the moderation of private events and roundtables, interviewing business executives about the strategies they are pursuing and assisting with the structuring of delegate surveys.

He also interrogates and analyses ADAPT’s treasure trove of end-user and C-suite data.

Less
Maryam Bechtel CISO at AGL
Maryam Bechtel is the Chief Information Security Officer at AGL Energy. With over 17 years of vast experience in information security, Maryam... More

Maryam Bechtel is the Chief Information Security Officer at AGL Energy. With over 17 years of vast experience in information security, Maryam is responsible for the Cyber protection of one of Australia’s most critical infrastructures, essential for the nation’s energy supply and ensuring over 4 million customers energy and telco needs are met.

Maryam’s career has consisted of two phases: ten years of consulting with Deutsche Telekom and Deloitte, working with C-levels and executives in large international companies to define an overarching and achievable cyber security strategy. Her consulting engagements led her to gain industry wide experience across various cyber security domains in multiple countries such as Germany, UK, USA and Australia.

She was named the “AISA Cyber Security Professional of the Year” by Australian Information Security Association in 2022 for her outstanding leadership, integrity, mentoring and coaching in the industry.

Less
Anna Aquilina CISO at University of Technology Sydney
Anna has been working for over 25 years in a variety of roles, primarily with government and in national security/cyber security related... More

Anna has been working for over 25 years in a variety of roles, primarily with government and in national security/cyber security related areas. Her introduction to cybersecurity was in 2011 when she was in the Cyber Command in the Serious Organised Crime Agency (UK) as the UK started to take the cyber threat much more seriously. Those years were spent helping understand the cyber threat landscape more fully, engaging in disruption planning and activities and building up capability and capacity across the agencies.

She has spent a considerable amount of time in intelligence agencies, law enforcement and other various bits of government in the UK and Australia, and is really enjoying the Higher Education sector which she joined February 2021 when she joined UTS as CISO.

Less
Tony Vizza Executive Director, Cybersecurity at KordaMentha
As an Executive Director within KordaMentha, he leads efforts to provide advisory and support to organisations seeking to manage the ever-changing risk... More

As an Executive Director within KordaMentha, he leads efforts to provide advisory and support to organisations seeking to manage the ever-changing risk that is cyber security. Augmenting the firms forensic, financial tech, corporate advisory and restructuring services with a suite of cybersecurity related risk advisory, incident response, business continuity and operational resilience services, his team listens to the challenges being faced by organisations and government and co-creates solutions which increase resiliency, reduce risk, optimise performance and organisational efficiency.

Less
Security