Victoria University’s CISO on protecting openness without sacrificing security

Tara Dharnikota, CISO at Victoria University, explains how cultural change, sector-wide collaboration, and recoverability-first strategies shape her approach to protecting one of Australia’s most complex and open environments.

With a career spanning offensive security, OSINT, telecommunications, and advisory board roles, Tara has built a leadership style that balances technical rigour with cultural transformation.

Her remit at Victoria University extends beyond systems and data, covering both digital and campus security, a responsibility that requires resilience, adaptability, and the ability to build trust across diverse communities.

Ahead of her panel session at Security Edge on 8 October at the Grand Hyatt, Melbourne, Tara spoke with ADAPT’s Content Lead, Justina Uy, about enabling openness in higher education, preparing for AI and geopolitical risks, and ensuring recoverability in the face of ransomware.

From offensive security to cultural change

Tara’s early career in offensive security sharpened her ability to anticipate how systems could be misused, while OSINT reinforced the importance of understanding the entire information ecosystem.

Yet she believes long-term resilience depends on culture more than controls.

“Unless the people, including staff as well as the students, understand and support controls, they are going to be very fragile.”

Enabling openness without sacrificing trust

Universities are built on openness, which creates both opportunities and risks.

Tara’s philosophy is to protect integrity without stifling collaboration, ensuring security is seen as an enabler rather than an obstacle.

“Security must respect the principle of openness. Our role is to create guardrails that allow collaboration to flourish rather than putting up barriers.”

Insights from sector-wide collaboration

Through her advisory work with industry forums, Tara has identified three forces reshaping cyber risk: the rapid pace of AI, geopolitical tensions, and shifting board expectations.

“AI can be a boon or a sword… the geopolitical developments are changing the threat landscape… and boards are moving on beyond asking if incidents will occur. They know they will.”

Translating technical risk into board decisions

Tara emphasises the importance of framing risks in terms of continuity and organisational impact rather than technical jargon.

This approach aligns security investment with core objectives such as teaching, research, and student services.

“We don’t have to wait for a breach to teach. Boards respond when they see the link between security and the continuity of service, reputation, and compliance.”

Non-negotiables for resilience

For Tara, ransomware is a universal concern, and her focus is on proven recovery measures and integrated controls across mixed environments.

“Resilience or the ability to bounce back depends on the ability to restore and not just to store the data.”

Key takeaways:

• Culture, not just controls, defines the success of security programs.
• Security in higher education must enable collaboration while protecting integrity.
• AI, geopolitics, and board expectations are shaping the next wave of risks.
• Framing risk in terms of continuity and impact unlocks investment.
• Recovery-first strategies and consistent data protection are essential against ransomware.

Hear more from Tara and other leading CISOs at Security Edge on 8 October in Melbourne, where the panel will cut through six urgent risks before 2026, from ransomware and credential abuse to AI governance, quantum cryptography, and rising regulatory heat.

150 enterprise and government security leaders will gather to share practical strategies for defending against today’s threats, rebuilding after major incidents, and sustaining leadership resilience in complex environments.