Read the Interviews
Distinguished Professor, Director of the 3A Institute and Florence McKenzie Chair at the Australian National University, and a Vice President and Senior Fellow at Intel
What drew you to working in your chosen field?
From a young age my mother had drilled into my brother and me that "if you could see a better world, you were morally obligated to help bring it into existence". When I left my tenure-track job at Stanford University to join Intel back in the late 1990s, I did so because I believed at Intel I could actively work to change the world. At Intel, I was able to put people back into the conversation to help shape a different set of narratives about people and technology. This made it possible to think about intersections of technology and specific cultures, and to use those insights to drive new forms of innovation and technology development.
Which of your many career achievements do you feel is your greatest and/or most exciting?
That would be what I am doing currently with my team at the 3A Institute, which is building a new applied science around the management of artificial intelligence, data, and technology and their impact on humanity. When we mapped out our timeline to create this new applied science, we imagined standing up the first educational program in 2022, but over the course of this year, we've realised the world needs the new applied science now and so we are pushing ourselves to create it in an even more accelerated timeframe. And I am happy to say with the help of my team we are doing just that. I am truly grateful to my team and the overwhelming response to what we're trying to do and we're really excited about the next 12 months and taking it through to 2022.
What would you say is the currently the biggest challenge facing the international cyber community?
I think one of the biggest challenges that we continue to face is that we still haven't yet found a solution to the "human" problem. Which is to say that we always think security is a technology challenge, but really it is a human one too. We cannot design humans out, and we seem to be quite stubborn in terms of our willingness to adopt and adapt to the new things, so how do we find ways to make security scale across both traditional computer platforms? And what does it mean to think about security in the 21st century? Is it a fixed thing? A sliding scale? Is it about safety? Or privacy? Or trust? And who should provide it? And for whom? And when? I think we have yet to find the right questions, let alone the right answers or solutions.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
Build relationships, great partnerships, genuinely understand what other institutions, countries, etc. want and the challenges they are facing. It isn't a one size fits all world.
National Security Advisor, Telstra
What drew you to working in your chosen field?
I started my career as a language specialist and made the transition to cyber security because I was attracted by the strategic and law enforcement elements of cyber and the real world impact I could have working in the field.
Which of your many career achievements do you feel is your greatest and/or most exciting?
In my career, I have most loved the opportunities to create and lead teams around the world that pursue ambitious strategic visions, and what I find most exciting now is being in a position to connect talented people to roles that allow them to make a strong contribution to the cyber security community.
What would you say is the currently the biggest challenge facing the international cyber community?
We need to work to better leverage all available resources to counter the new 'hybrid' online threats that don't align with our democratic values or agreed norms of behaviour. We also need to better define civilian critical infrastructure internationally to establish what is 'off limits' to state actors.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
We need to be humble enough to learn from the governments and companies that are further advanced in their cyber capability and innovation than us, and generous enough to 'pay it forward' to other countries and organisations that are in earlier stages of their capability development. This helps to build the maturity and resilience of our entire global digital economy.
CEO, Cyber Institute, Australian National University
What drew you to working in your chosen field?
I've always been attracted to strategic, systems-level issues, including the intersection of technology and strategy, making a difference and working on matters of national importance.
Which of your many career achievements do you feel is your greatest and/or most exciting?
I have to nominate my Phd, as it really changed both what and how I think, including about cyber. I had a fantastic team at the BoM; working with those guys–women and men–was fulfilling. And now at the Cyber Institute, I have a chance to build Australia's capability in cyber, for which I am deeply appreciative.
What would you say is the currently the biggest challenge facing the international cyber community?
I am starting to think of cyber as a universal acid: what was once restricted to desktops is now affecting all aspects of our lives and business, and the trust we have in business and in institutions–here, and given the global nature of the internet, internationally. We need better partnerships between government, the private sector and individuals–and one suitable for the digital age.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
Values are going to be of increasing importance in how we think about and address problems, given the fast-moving and disruptive nature of technology and associated social and economic change. Building a community of shared values based on liberal, democratic and free-market principles will be increasingly important.
Head of Cyber Risk, Resilience and Governance at Qantas
What drew you to working in your chosen field?
It was actually a fantastic stroke of luck about 4 years ago with a return from maternity leave role to lead a cyber risk assessment project which turned into a business as usual role (my background is in risk and finance).
Which of your many career achievements do you feel is your greatest and/or most exciting?
Being promoted to a leadership role without a technical information security or IT background and that my diversity of thinking and experience is valued by my organisation and the broader cyber community.
What would you say is the currently the biggest challenge facing the international cyber community?
Finding ways to share relevant and actionable intelligence and information at scale. We still use our own trusted networks but struggle to scale or institutionalise this especially outside of our own industry.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
Through public private partnerships where business and Government come together to build capacity particularly in regions with low cyber maturity and solve for the future similar. The DFAT International Cyber Engagement Strategy is a great enabler for this.
General Manager, Office of the Chief Information Security and Trust Officer Commonwealth Bank of Australia
What drew you to working in your chosen field?
Security is a dynamic field that is always changing, evolving and surprising. It is also at the heart of a customer's trust in your product or service. In financial services, I'm personally motivated by the protection of our customers money and personal information in light of the challenging threat landscape. And working for Australia's largest bank, I'm also motivated by our important role in contributing to a stronger Australian digital ecosystem.
Which of your many career achievements do you feel is your greatest and/or most exciting?
I've had the privilege of leading the Group's Digital and Cyber strategies over the last 4 years and I'm really proud of the impact the Group's digital assets (NetBank and the CommBank App) are having on customers' financial wellbeing. We have leading digital adoption and advocacy which is underpinned by a deep customer trust in the security of our platforms.
What would you say is the currently the biggest challenge facing the international cyber community?
The international cyber skills shortage is impacting all organisations and the answer isn't simple. I firmly believe part of the answer is attracting more diversity into the field and in particular, more women!
How could Australia further engage with our international partners to harness the opportunities of the digital age?
We need to secure the regional cyber ecosystem to better enable the growth of all our digital economies. This should include collaboration of intelligence sharing; capacity building initiatives to spread Australian expertise and establishing norms. I also think the collaboration between industry and universities (eg. CBA's SECedu partnership with UNSW) has created the opportunity for Australia to become a key exporter of Cyber skills.
Senior Analyst, International Cyber Policy Centre at ASPI and PhD Scholar, Coral Bell School of Asia Pacific Affairs, Australian National University
What drew you to working in your chosen field?
I've always been fascinated in the intersection of global politics, international security, cyberspace and strategic technologies. It's an emerging and messy field that, in Australia, we are very much still getting our head around – which makes it a very interesting space to work in. And I would highly recommend it to others, things are moving quickly and there's a lot of international interest in cyber and technology developments in Asia, particularly surrounding China's emerging & influential role in this space.
Which of your many career achievements do you feel is your greatest and/or most exciting?
There is not one in particular that stands out but I thrive when I'm managing big projects, teams and working collaboratively with industry partners, government and media while also being able to participate in the public debate. It's hard to line up that mix, but when it does come together, that's what I find most exciting.
What would you say is the currently the biggest challenge facing the international cyber community?
Until now, governments have rightly focused on defending against traditional cyber-security threats, but concurrently democratic governments have failed abysmally in understanding the influence aspect to the content side of cyberspace. Going forward, most governments including Australia's, will have to play serious catch-up to defend their open political systems from malicious cyber-enabled influence and interference.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
I think that the Australian cyber community has come leaps and bounds over the past few years, but one area we all need to focus on more is developing stronger public arguments, underpinned by data & policy-focused research, which make the case for how our region can better leverage ICTs for development outcomes, while also maintaining an open and free cyberspace. The second part is really key and in order to develop and to convincingly prosecute evidenced arguments there's going to have to be much closer collaboration and coordination between government, research institutes and regional industry so that we are all moving in the same direction.
Cyber Security Cooperative Research Centre (CRC)
What drew you to working in your chosen field?
I have always liked problem solving and the challenge of making the complex become more simple and accessible. When I was a lawyer trying to understand and explain the root cause of data breaches to regulators and affected customers, I was struck by how often the explanations were overly technical and baffling. I wanted to play a role in making cyber more understandable and accessible to those who need to be in a position to make informed decisions. While there are many benefits that come with living in this connected world, there are also challenges and I love contributing to how we solve some of these challenges. Cyber is so diverse, I have had several very different ones from policy, to influence and now a CEO role. This has been a career path that I never would have imagined for myself 20 years ago. Cyber is the career gift that keeps on giving.
Which of your many career achievements do you feel is your greatest and/or most exciting?
I am very proud of starting and building Telstra's Cyber Influence team (one of the first such teams at that time) and the great campaigns we created to raise awareness of the cyber threat. I am also very proud of being the co-author of the Five Knows of Cyber Security. My current role as the CEO of the Cyber Security Co-operative Research Centre is the most exciting role that I have had. It is great to be able to build something from the very beginning, to develop a pipeline of students who will hopefully form part of Australia's cyber security workforce. It is exciting to work with some of Australia's most talented cyber security researchers, government and industry leaders.
What would you say is the currently the biggest challenge facing the international cyber community?
Despite many years of cyber now being the focus for many countries, the threat is still intangible and not well understood. Cyber is a conduit that enables crime, espionage, interference, misinformation campaigns and influence to happen at a pace, scale and reach that is unprecedented. Consequently, the challenge is to ensure that the international community recognises and understands all these dimensions of cyber and takes steps to mitigate these risks and to also call out bad behaviour when it occurs - just as Australia and other Five Eyes countries have done this year. Strong research programs that show the benefits of stronger defences as well as highlighting the damage from such cyber threats are essential investments for the international cyber community.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
To harness the opportunities we need to get security right- and this will continue to be something where we need to collaborate with our international partners. The pace of change as the world seeks to connect more devices and automate business processes will mean that Australia must ensure that it walks into automation with its eyes wide open. The importance of understanding when and how something like AI should be used is critical. Australia has a powerhouse of research talent so we are well placed to collaborate on research and different ways of approaching these important issues.
CEO of AustCyber – the Australian Cyber Security Growth Network
What drew you to working in your chosen field?
The ability to bring together my passions for driving national outcomes and helping others to realise their full potential, while supporting Australia to demonstrate its strategic strengths. Growing Australia's cyber security sector does all these things and I am proud to be the CEO of AustCyber.
Which of your many career achievements do you feel is your greatest and/or most exciting?
As one of Australia's women in cyber that has achieved a leadership position, it is natural for me to want to disrupt - so therefore, I have two career achievements that I consider my greatest. The first is providing a significant contribution to the delivery of Australia's 2016 Cyber Security Strategy. The second is having the privilege of ensuring Australia's cyber security sector grows, but also delivers significant economic value to Australia's economy.
What would you say is the currently the biggest challenge facing the international cyber community?
The dislocation of strategic intent to undermine sophisticated malicious cyber activity. Decision-makers across governments and industry need a much deeper appreciation of information manipulation and misinformation - principally through cyber means - and the impact these have on the pursuit of economic prosperity.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
Naturally, I am going to advocate for Australian governments to have a more joined-up approach on digital transformation and cyber resilience as integrated pursuits in a global economy, including through the work of AustCyber.
Chief Information Security Officer, Australian Government Department of Human Services
What drew you to working in your chosen field?
I must say when I joined the navy 25 years ago, Cyber Security didn't really exist. Subject choices that I made while at the Australian Defence Force Academy would, years later, steer me towards cyber. After completing the Navy's year long warfare course I was hoping to return to sea as an Anti-Submarine Warfare Officer, however because I had a degree in English and Information Systems was sent as the Signals Communications Officer – and so changed the course of my career. This was the most fundamental shift in my career direction and upon reflection was one of the best things that happened to me. I was given the opportunity to pursue further studies and I completed two master's degrees - one in Science (Computing), the closest thing to cyber that you could study a decade ago, and the second in Systems Engineering. Throughout my later postings in the Navy it became obvious that there was both significant risk and opportunity in cyber warfare.
Which of your many career achievements do you feel is your greatest and/or most exciting?
I was very fortunate to have an amazing career in the military including several operational deployments and being awarded a Conspicuous Service Medal for my time as Deputy Director Cyber (Maritime) however the most exciting opportunity I have had was assuming my current role as CISO DHS. Upon joining DHS I was giving a $10M budget and six months to deliver a fully operational Cyber Security Operations Centre. Building the facilities was only one aspect, we also required a significant technology uplift and the 28 initial staff needed to grow to over 200. I look back now at what has been almost 2 ½ years and we have achieved all of that and more. The Branch has achieved its aim with over 200 staff and a CSOC that is 24/7 with a mature intelligence/operations fusion cell, we now have a robust risk capability from assessment through to accreditation, a large program directorate with a focus on research, development and innovation and an influence team that interact with all forms of media.
What would you say is the currently the biggest challenge facing the international cyber community?
The current shortage of cyber experts and a lack of situational awareness across industry sectors. To help overcome the first part I have adopted a less than traditional approach to recruitment. I have moved away from recruiting technical expertise and moved towards looking for people with the right mindset and attitude and developing a training program that will equip them with the necessary skills to become excellent cyber professionals. I think we are getting a lot better at sharing information and there is no shortage of collaboration tools available. However, it is challenging sharing across sectors to the extent that is useful, while still maintaining cyber security of that picture. The bigger that group gets the more difficult it is to maintain those trusted connections. While we are, for the most part, technologists, we also know just how easy it can be to engineer yourself into these groups (technically or socially) so we are also probably the least trusting group of professionals. This is why personal relationships in cyber are so important. We hope with initiatives like the annual Cyber War Games, bringing people together that otherwise would have limited opportunities to form relationships, we can start to rectify the second issue.
How could Australia further engage with our international partners to harness the opportunities of the digital age?
Partnerships need to be formed, nationally with public and private sector organisations as well as internationally. Growing relationships and having an appropriate level of transparency in information sharing networks consolidates the knowledge and mitigations that can be adopted to improve security and identify unforeseen threats. This would also be a great enabler in any potential future global cyber event. It would be prudent for us to continue to host cyber events brining these people together, as well as to ensure continued engagement by us overseas.