Tag Archives: Cyber

Navigating the endless sea of threats

Cyber security is a relentless race to keep pace with evolving threats, where staying ahead isn’t always possible. Advancing cyber maturity demands more than just reactive measures—it requires proactive strategies, cultural alignment, and a deep understanding of emerging risks.

I had an opportunity to share my thoughts on staying informed about threats, defining cyber maturity, and aligning security metrics with business goals with Corinium’s Maddie Abe ahead of my appearance as a speaker at the upcoming CISO Sydney next month.

More

RSA CISO Bootcamp

I had the privilege to join a brilliant cohort of CISOs at the RSA Conference CISO Bootcamp. It was an energising experience, where seasoned experts and emerging leaders in cybersecurity came together to tackle our industry’s most pressing challenges.

The bootcamp was more than just a learning experience; it was a platform for sharing personal insights, gaining fresh perspectives and engaging in a thought-provoking debate.

From discussing emerging threats to exchanging strategies for resilience, it was a reminder of the power of community in cybersecurity. A huge thanks to all organisers and speakers for creating a space where we can grow together and tackle our industry’s biggest challenges.

Volunteering with ISACA

It’s been fantastic to have an opportunity to give back to the community and volunteer with ISACA this year.

The Sydney Chapter hosted a number of professional development events for cyber, risk, governance and IT professionals with a common objective of building digital trust and securing our interconnected world. I had a chance to support these initiatives, ranging from fundraising for a mental health charity to helping organise conferences.

I found this experience incredibly rewarding and made some good friends along the way.

How to achieve SOC 2 Type 2 attestation

As a CISO who recently led an organisation through successful SOC 2 Type 1 and Type 2 audits, I’d like to share some insights and steps to help others on their journey toward SOC 2 attestation.

SOC 2 may not be for everyone (refer to my blog on compliance frameworks), but it can be useful for organisations dealing with sensitive customer data, particularly in SaaS, as it demonstrates a commitment to security, privacy, and data integrity. The journey toward SOC 2 attestation can be complex, but with careful planning and the right strategies, it’s achievable.

More

Change management and cyber security

Adapted from Kotter, J. 2007, ‘Leading change: Why transformation efforts fail’, Harvard Business Review, vol. 73, no. 2, pp. 1–10.

Cyber security leaders have to be effective change agents to be successful. Cyber capability uplift and risk reduction initiatives often require significant transformation in the organisation. In this blog, I’ll introduce a tried and tested change management framework and demonstrate its application to cyber security in an illustrative case study.

More

CyberPeace Institute’s Volunteer of the Month

I’m proud to be named CyberPeace Institute‘s Volunteer of the Month.

A big shoutout to CyberPeace for this awesome recognition! It’s been such a rewarding experience to help them in their mission to make the digital world safer for everyone.

The CyberPeace Institute is a non-profit focused on reducing the harm caused by cyberattacks to individuals and communities. Through their CyberPeace Builders program, they offer free cybersecurity support to organisations that need it most, especially those where cyber threats can have a serious impact.

As a volunteer, I’ve had the chance to help for-purpose organisations respond to cyber attacks, develop incident response plans, run security awareness training, perform dark web monitoring and craft essential policies and procedures. Plus, I’ve provided general cyber advice along the way. It’s been an incredible journey being part of a team that’s making a real difference.

Scenario analysis in cyber security: building resilience

Resilience matrix, adapted from Burnard, Bhamra & Tsinopoulos (2018, p. 357).

Scenario analysis is a powerful tool to enhance strategic thinking and strategic responses. It aims to examine how our environment might play out in the future and can help organisations ask the right questions, reduce biases and prepare for the unexpected.

What are scenarios? Simply put, these are short explanatory stories with an attention- grabbing and easy-to-remember title. They define plausible futures and often based on trends and uncertainties.

More

Cross-cultural leadership in China

I had a fantastic time on an international MBA exchange at one of the top universities in China, Fudan University in Shanghai, for the Global Network for Advanced Management program. 

It was an chance to learn first hand about innovation in China and meet some amazing Executive MBA students from the world’s top business schools.

More

How to adopt NIST CSF 2.0

CSF 2.0 Functions. Source: NIST

NIST released a new version of the Cybersecurity Framework with a few key changes:

  • It now can be applied beyond critical infrastructure, making it more versatile and straightforward to adopt.
  • It introduces a new core “Govern” function that includes categories from other sections, with increased focus on supply chain risk management and accountability.
  • It highlights synergies with the NIST Privacy Framework.

I often use this framework to develop and deliver information security strategy. Although, other methodologies exist, I find its layout and functions facilitate effective communication with various stakeholder groups, including the Board.

More