A practical approach
It was great to chat with Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, about the Australian Cyber Security Strategy as well as key initiatives, strategic imperatives and challenges that CISOs must navigate.
I appreciate an opportunity to contribute to the ongoing conversation on cyber threat landscape, risk and AI governance.
It was so good to attend the RSAC CISO Bootcamp at CyberCon Melbourne – a practical session for CISOs.
Highlights that stuck with me:
💡 A conversation with Brian Krebs on AI security and organised cybercrime: attackers are tooling up fast; our defences must keep pace.
💡 A candid, closed-door session with Tim Brown, CISO of SolarWinds, about crisis response: execution matters, but so does the personal toll on teams and leaders.
💡 A chat with F1’s Guenther Steiner on teamwork and resilience in high-pressure environments.
Events like this remind me how much strength there is in our community. I’m proud to contribute and be part of it. You don’t need a challenge coin to get help – if you want to compare notes or need a sounding board, reach out.
It was good to attend the Essential Director Update – a timely reminder that good governance now requires foresight as well as oversight.
Staying on the forefront of contemporary governance demands AI and cybersecurity competency.
My key takeaways for boards and executives:
☑️ Data is the fuel: protect data integrity (accurate, consistent, timely) and focus governance where it creates the most value.
☑️ AI is everywhere, no longer just an IT challenge: adopt a human-centred approach, define guardrails around intent, and factor legal and ethical considerations into every deployment.
☑️ Balance innovation with risk: prioritise highest-value use cases, automate safety controls where possible, but don’t outsource accountability.
☑️ Cybersecurity must be risk-based: know your crown jewels, expect incidents, build crisis response plans and regularly test your defences.
☑️ People first: changing work practices will affect roles and culture; steer the transition and invest in policy and education.
I’m proud to be featured on Moxie Top Minds, joining the most influential figures redefining business and technology in Australia.
It’s always great to collaborate with industry leaders from all aspects of the ecosystem: CEOs, CIOs, CTOs, CDOs, CISOs and Founders.
I look forward to setting the market pace by sharing insights, shaping research data and collaborating among executive networks.
Just wrapped up an engaging panel on AI guardrails where we explored the shifting ground beneath enterprise AI adoption.
The best AI governance starts not with controls, but with culture. When people start asking not just ‘Can we do this?’ but ‘Should we?” that’s when you know you’re on the right path.
Secure by Design is a widely understood concept in cybersecurity, it can be extended to Ethics by Design when building and adopting AI capabilities. Ethical considerations should be embedded from the start, with continuous assurance throughout the lifecycle.
It was great to have a debate on balancing innovation and security keynote panel, where we dug into both the promise and the perils of AI adoption from the CISO and CIO perspectives.
Your biggest AI risks really depend on where and how you’re using it. I recommend reviewing your product roadmap for AI-powered features to anticipate potential gaps.
Map out whether AI is home-grown, vendor-sourced or embedded. When it comes to governance, we can borrow from what we learned with BYOD, cloud and shadow IT. Extend existing security reviews, supply-chain checks and third-party assessments into your AI program. For quick wins, manage it like a SaaS risk: think privacy controls and boundaries around sensitive data.
‘You won’t see it all’ – that’s what I was told before I headed out to the RSA Conference for the first time! With so many great talks, side events, meetings, vendor showcases people will have very different impressions of this event. Here are mine.
I’m thrilled to share that I’ve recently earned the GIAC Strategic Planning, Policy, and Leadership (GSTRT) certification- a milestone that validates my ability to architect and sustain cybersecurity programs with a sharp focus on business value and executive alignment.
I really enjoyed the cyber risk quantification workshop led by Richard Seiersen, co-author of How to Measure Anything in Cybersecurity Risk.
During the session, Richard broke down risk quantification, focusing on identifying the risks most likely to cause significant business losses where assets, threats and vulnerabilities intersect.
I’m also glad to receive his book for correctly estimating cost in our the discussions. It’s one of the most influential books in security: it challenges subjective risk assessments, offering practical frameworks for using data, probability and economics to drive smarter security decisions.
I had the privilege of joining a panel discussion on the rapidly evolving regulatory landscape and its impact on businesses worldwide. With cyber threats, operational disruptions, and AI risks on the rise, governments are strengthening regulations to drive security, resilience and accountability across industries.
In Europe, major frameworks like DORA (Digital Operational Resilience Act), NIS2 (Network and Information Security Directive) and the EU AI Act are reshaping how organisations approach cybersecurity, operational resilience, and responsible AI governance. But this shift isn’t limited to the EU – regulatory scrutiny is increasing globally, from the U.S. to APAC, with frameworks reinforcing risk management, third-party oversight and AI transparency.
A huge thank you to my fellow panelists and engaged audience members for an insightful discussion.
Cyber Security Leadership 