Strategic Cyber Security in Academia: Lessons from UTS’s CISO Anna Aquilina

In a conversation with Peter Hind, Principal Research Analyst at ADAPT, Anna Aquilina, CISO at the University of Technology Sydney, dives into the complexities of steering cyber security in the academic world.  

She combines strategic leadership with a profound grasp of the unique challenges faced in an educational setting. 

Anna joins 120 leading CISOs & CSOs at Security Edge, discussing the Implications of AI & Ensuring Top-Down Cyber Leadership. 

Strategic leadership and cyber security 

Anna stresses the need to weave cyber security strategies into UTS’s broader risk management and operational frameworks.  

Her role extends beyond overseeing the cyber security program, embedding its principles within the university’s culture and operations, which is crucial for rallying senior executives and various departments towards enhanced cyber security. 

Engagement and education hurdles 

Despite a supportive backdrop at UTS, Anna notes the challenge of allocating time from senior staff’s busy schedules for extensive cyber security training.  

Tailored education programs are essential for alleviating fears and cultivating a culture of cyber security acceptance across the university’s vibrant and diverse community. 

Implementing cyber security and influencing behaviour 

Anna discusses the rollout of measures like multi-factor authentication, which has seen positive reception, reflecting a societal shift towards better security practices.  

She addresses the task of modifying daily behaviours across UTS’s vast network of faculties and partnerships, aiming to integrate cyber security smoothly into daily routines. 

Data governance in an open research environment 

The open nature of academic research renders traditional cyber security boundaries less effective.  

Anna speaks about the challenges of managing data security while preserving the essential openness for academic collaboration and freedom, balancing data protection with collaborative transparency. 

Cultural shift and success metrics 

While hard metrics for tracking cyber security awareness and behavioural change are difficult to pinpoint, Anna observes a positive shift in UTS’s culture.  

More discussions about cyber security and proactive engagement with the security team suggest growing awareness and commitment to data protection. 

Dealing with sophisticated threats 

Recognising the advanced nature of cyber threats, Anna advocates for a strategy that balances prevention, early detection, and robust response planning.  

She highlights the need for leadership support to enable CISOs like her to guide institutions through the complex cyber security landscape and ensure a secure setting for academic activities. 

Anna joins 120 leading CISOs & CSOs at Security Edge, discussing the Implications of AI & Ensuring Top-Down Cyber Leadership. 

Key Takeaways: 

• Organisational alignment: Integrate cyber security strategies with institutional goals, aligning with broader risk management frameworks.  
• Customised education: Develop tailored cyber security training to meet diverse organisational needs and enhance awareness.
• Seamless cyber security: Embed security practices into daily operations for widespread adoption and minimal business interruption.
• Data protection balance: Manage security while enabling collaboration and open information sharing, respecting privacy and compliance.
• Threat preparedness: To navigate the evolving cyber security landscape, embrace proactive measures in prevention, detection, and response.
• Leadership engagement: Secure executive support for cyber security initiatives, fostering a security awareness and resilience culture.