Cyber resilience is built long before an incident hits. It depends on how well an organisation communicates under pressure, how clearly leaders understand risk, and how consistently core controls hold up across a complex environment.

That was the focus of Adam Cartwright’s discussion with ADAPT’s Content Lead Justina Uy, where he outlined how Australia Post is strengthening resilience across a national operation shaped by service continuity, public trust, and community responsibility.

As CISO at Australia Post, Adam leads security in an organisation with more than 4,500 post offices and a presence in communities across the country.

That mission gives cyber resilience a practical context.

Protecting systems is closely tied to protecting services people rely on, and that helps create stronger engagement across the workforce.

Key takeaways:

  • Cyber resilience depends on communication, coordination, and leadership alignment as much as technical controls.
  • Boards respond more effectively when cyber risk is tied to operational consequences and trust.
  • Strong fundamentals, tested properly, remain the foundation of resilience.
  • Long term resilience also depends on developing talent and sustaining team capability.

 

Communication and coordination define resilience under pressure

Reflecting on his time at American Express during the 9/11 attacks, Adam pointed to crisis response as a lesson in the value of communication.

In moments of disruption, recovery depends on people being able to coordinate quickly, understand priorities, and act with trust in one another.

That perspective continues to shape his approach to resilience. Incident response is not just a technical process.

It is an organisational capability that depends on clear communication, fast coordination, and shared understanding when pressure rises.

 

Boards engage when cyber risk is made practical

Adam also stressed that resilience improves when executives and boards are brought into the conversation through real business risk.

Security leaders are more likely to gain traction when cyber issues are framed around operational disruption, customer trust, and the consequences that matter to the organisation.

In large environments, resilience cannot sit inside the security function alone. It depends on leadership support across the business.

Pragmatic and transparent risk dialogue helps make that possible and turns cyber resilience into a shared priority rather than a narrow technical concern.

 

The basics and the talent pipeline still matter most

For all the complexity surrounding cyber threats, Adam’s message on priorities was disciplined.

Many breaches still come back to weak execution of the basics, which is why he pointed to Essential Eight as a strong starting point.

The real test is whether those controls work in practice, not whether they exist on paper.

He also made clear that resilience is about people as much as protection.

Leadership means building the next generation of cyber talent, strengthening teams, and creating conditions where people can perform without burning out.

In that sense, resilience is both an immediate operational need and a long term capability built through culture, preparation, and sustained investment in people.

Contributors
Adam Cartwright CISO at Australia Post
A seasoned cybersecurity leader with extensive expertise in establishing and overseeing cybersecurity teams. A published author in the field of cybersecurity, notably... More

A seasoned cybersecurity leader with extensive expertise in establishing and overseeing cybersecurity teams. A published author in the field of cybersecurity, notably with the book ‘Ransomware: Enhancing Threat-Centric Cyber Defense’. Demonstrates strong leadership skills, fostering the growth of individuals within the industry.

Bringing a wealth of experience as an IT executive, adept at customizing security strategies according to specific industry sectors and threat landscapes. Proficiently manages security budgets spanning from $5 million to $160 million. Successfully established both in-house onshore and offshore security operations centers, collaborating with partner organizations to achieve robust security outcomes.

Possesses a rich background working with major global financial institutions such as American Express, Commonwealth Bank, ANZ Bank, as well as prominent players in the technology sector like IBM, and within the manufacturing vertical.

Less
Justina Uy Content Marketing Manager
Justina Uy is a data-driven content marketer that thrives on democratising elite know-how to empower Australia’s underdogs. Skilled at translating complex ideas... More

Justina Uy is a data-driven content marketer that thrives on democratising elite know-how to empower Australia’s underdogs.

Skilled at translating complex ideas into a compelling story across formats and channels, she shifts seamlessly between writing long-form articles, creating viral social media posts, and producing thumb-stopping videos.

Since 2015, Justina executes her vision through a sophisticated understanding of the rapidly evolving digital and business landscape to serve entertaining and educational insights to the executive community.

Less
security compliance management