A practical approach
I’m super proud to have written this book. It’s the much improved second edition – and I can’t wait to hear what you think about it.
Please leave an Amazon review if you can – this really helps beat the algorithm, and is much appreciated!
As organisations accelerate AI adoption, a familiar pattern is emerging: security teams – often the CISO – are increasingly asked to own or coordinate AI governance. That outcome is not an accident. Security leaders already operate across departmental boundaries, manage data inventories, run cross-functional programs and are trusted by executives and boards to solve hard, systemic problems. AI initiatives are inherently cross-disciplinary, data-centric and integrated into product and vendor ecosystems, so responsibility naturally flows toward teams that already do that work. This operational reality creates an opportunity: security can (and should) move from firefighting to shaping safe adoption practices that preserve value and reduce harm.
In this blog I outline key strategies on how to be successfully in leading AI governance initiatives in your organisation.
We are entering the agentic era – an inflection point defined by AI systems that can reason, plan and take action autonomously. This shift may be among the most consequential technological transformations of our generation, and it carries an equally significant obligation: to ensure these systems are designed, governed and deployed in ways that earn and sustain trust.
I completed a 5-Day AI Agents Intensive Course where we dove deep in Google’s open source Agent Development Toolkit. In this blog, I’ll share key takeaways and practical suggestions so you can navigate this shift and learn to build AI agents of your own.
I recently qualified as surf lifesaver. Starting up as less than a confident ocean swimmer, this 8-week Bronze Medallion course definitely pushed me out of my comfort zone! I learned rescue techniques, first aid, resuscitation and how to operate in rough conditions.
Some lessons I learned apply to leadership and cyber security: practice beats theory, situational awareness matters, clear communication saves time (and sometimes lives) and simple tools often outperform complexity. Most of all, the course reinforced humility – competence grows through steady practice and teamwork.
Grateful for the experience and the reminder that fundamentals matter in any high-risk role. Stay safe!
I’m finishing the year having completed The Observership Program as a Board Observer with the Lokahi Foundation, an experience that provided valuable insight into board governance.
Alongside social impact and governance training from the Australian Institute of Company Directors, tailored to not-for-profit board directors, I spent twelve months observing a purpose-driven board and deepening my understanding of how decisions that matter are made.
Top takeaways:
• The art of questioning – how different types of questions shape discussion and drive clarity.
• Director responsibilities – the difference between reporting to a board and serving on one.
• Bringing stakeholders on a journey – effective communication, buy-in and sustained impact.
• Practical exposure to fundraising, strategy, marketing, sustainability and operations in the not-for-profit sector.
I had a chance to apply skills from my MBA and global corporate experience to support the board. I also drew on my domain expertise in cybersecurity, data protection, technology innovation, AI and impact measurement, particularly championing ethical data practices.
Thank you to the Lokahi Foundation board and the Observership Program for the opportunity to learn and give back. I’m excited to keep building these skills and to support future boardrooms.
I recently took the stage to talk about one of the most consequential inflection points facing FinTech: the rapid arrival of agentic AI – systems that plan, decide and act autonomously – and what it means for risk, reputation, regulation and customer trust. Below is a distillation of the talk: what agentic AI actually is, why FinTechs are racing to adopt it, the real cyber threats it brings, and a pragmatic playbook leaders can use today.
I recently presented on how supplier relationships shape cybersecurity risk and why that risk ultimately becomes a reputational and trust challenge for organisations of every size and sector. Below is a summary of the most important lessons I shared, plus practical next steps security leaders can apply today.
I had the privilege of sharing my views on AI Risk at the AI Security Summit, where senior leaders and practitioners came together to translate high-level fear into practical guardrails. In this blog I share a short playbook of the key themes and real-world strategies.
It was great to chat with Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, about the Australian Cyber Security Strategy as well as key initiatives, strategic imperatives and challenges that CISOs must navigate.
I appreciate an opportunity to contribute to the ongoing conversation on cyber threat landscape, risk and AI governance.
It was so good to attend the RSAC CISO Bootcamp at CyberCon Melbourne – a practical session for CISOs.
Highlights that stuck with me:
💡 A conversation with Brian Krebs on AI security and organised cybercrime: attackers are tooling up fast; our defences must keep pace.
💡 A candid, closed-door session with Tim Brown, CISO of SolarWinds, about crisis response: execution matters, but so does the personal toll on teams and leaders.
💡 A chat with F1’s Guenther Steiner on teamwork and resilience in high-pressure environments.
Events like this remind me how much strength there is in our community. I’m proud to contribute and be part of it. You don’t need a challenge coin to get help – if you want to compare notes or need a sounding board, reach out.
Cyber Security Leadership 