How did you end up in your current role, and what attracted you to the industry?
I’ve been Vice President of Australia and New Zealand at McAfee for the past two and a half years. Prior to this role, I was Managing Director at Brocade for just over two years, after working in the same role at Polycom. I also spent a great portion of my career at Microsoft across various tech and sales roles.
It's fascinating to see where a career path can lead—usually involving planned moves, serendipity and fortuitous timing. During my 25 years in the IT industry, the role of technology has evolved from an infrastructure cost, to a business asset. Having worked across three geographies, I have always been driven by the need to engage with customers and partners to assist in achieving their most critical outcomes.
Anyone who has been in technology for a period enjoys the constant change, competitive challenge and enormous responsibility we have. I have been fortunate to gain a hugely diverse set of experiences—professionally, personally and technically. The industry continues to be one of optimism, change and opportunity.
Do you see diversity in IT/security teams as a priority?
Achieving diversity within security teams is essential to filling the cybersecurity talent gap. Yet, the majority of those employed within the cybersecurity industry still largely come from traditional education pathways, with 84% of cybersecurity professionals being tertiary educated across the ‘traditional’ areas of engineering, IT, telecommunications and cybersecurity.
Recruiting candidates based solely on experience or qualification is a common mistake to make and is a key factor contributing to a lack of diversity, innovation and creativity within security teams. It is critical that managers and HR departments consider unconventional approaches to hiring to create more diverse teams.
Gamers for instance offer a fresh approach to threat hunting compared to traditional security hires. For example, they tend to possess crucial soft skills such as persistence, endurance, observation and logic, as well as an understanding of how to approach adversaries.
What do you see as the biggest threat we currently face in the cybersecurity industry? What do you think the industry/security leaders are doing wrong that means we’re unable to stop it? How would you address this?
The need for more skills and talent is one of the biggest issues facing the Australian cybersecurity industry. Australia needs up to 17,600 additional cybersecurity workers by 2026 to meet demand, but simply hiring more cybersecurity staff isn’t the solution.
Instead, organisations should be looking to upskill employees. With almost half of cybersecurity employees being gamers, there’s significant potential for organisations to train staff using gamification. Gamification can significantly raise awareness among IT teams of how breaches can occur and how to best react to them.
What security-related behaviour or policy have you noticed change the most in the past year?
Organisations are now placing much more emphasis on getting the cyber hygiene basics right, such as application whitelisting. No doubt this has been driven by the ASD’s recent updates to its Essential 8 recommendations. At the same time, organisations are under increasing regulatory pressure with the notifiable data breach scheme coming into effect last year.
What is the best way to win over users so they help cybersecurity efforts rather than hinder them?
It’s critical that Australian organisations implement a ‘culture of security’ from the top down, with internal threats still being a major cause of data breaches. Developing a culture of security should begin during recruitment. Building ‘security-first’ thinking into the hiring process establishes a strong posture from the beginning.
With more and more workers choosing to work remotely, organisations should get ahead of the risks this might pose during the onboarding process. While IT can tackle the security measures for systems and equipment used remotely, HR should enforce security policies by providing new joiners with cybersecurity training.
Is the security industry getting better at using tools like threat intelligence and collaboration policies to work together against a common threat?
There are many cybersecurity vendors, but even more cyber dangers lurking in the shadows. More than ever, we need to continue to share best practices and collaborate with other industry players. Only by working together can we create a global culture of security.
What is the current state of the talent pool gap in cybersecurity? What impact do you think intensive skills-training programs will have on closing the cybersecurity skills gap?
Offering on-the-job training and real-world experience opens up organisations to a wider range of skills and candidates. Organisations should also be reassessing the skills and values they are looking for when hiring. research shows that cybersecurity staff seek the same qualities in others that they see in themselves. Recognising this will go a long way to eliminating unconscious bias and in turn promoting greater diversity. We shouldn’t underestimate the advantages that unique perspectives, skills and backgrounds can bring to an organisation.
How can companies retain and upskill talent in the cybersecurity space?
With the cybersecurity industry suffering a major shortage of skills, companies must not underrate the importance of employee satisfaction. Job satisfaction is critical to improving retention rates, with employees increasingly demanding incentives such as extra leave and greater work-life balance to remain loyal to their company.
Recently we ran a report that in fact found that a whopping 89 percent of cybersecurity professionals would leave their job now with the right incentive such as more flexible hours.
Interestingly, the research showed that those cybersecurity professionals who are most satisfied in their jobs are those that work at organisations with a high degree of gamification. Gamification is an increasingly important tool to drive a better-performing cybersecurity organisation, with almost half of organisations now hosting some kind of gamification exercise at least once per year.
It is vital that organisations nurture the passions of their employees and encourage creative problem solving, curiosity, and collaboration. Only through fostering these traits can we optimise staff satisfaction and avoid turnover.