CISO of the Year 2017 Journey

Very excited to announce winning the Cyber Security Awards 2017 CISO of the Year award.

The Cyber Security Awards were established in 2014 to reward the best cyber security individuals, teams and companies across the world – with a focus throughout on excellence and innovation.

I consider myself as a technologist with an upbringing in business and a deep background in technology and security. Having over 20 years of industry experience I have worked across Government in Downing St, HM Treasury, Cabinet Office, Ministry of Justice and NSW Health and private sector at CSC, EY, Vocalink and HSBC.

My career has taken me from technology and consulting to healthcare, government and into financial services. Throughout, there has been a consistent theme of wanting to make life better and safer for people, as well as protecting the assets and reputation of any individual company or Government. 

For me it really all started with Unix (BSD/OS), being introduced to it at the age of 6, it fascinated me on how it worked. I have a curious mind and to this day need to understand how everything works! I grew up spending hours each night in my parent’s garage breaking computers, putting them together, building networks, running linux and exploring the digital world through modems. Sometimes I would lose track of time staying up until sunrise before I had to then go to school. Thankfully I have very understanding and supportive parents who helped support and nurture this curiosity.

I didn’t study computer science during school and university, I have always been interested in the business side of technology and how it can help business and people. After completing a Bachelor of Business degree with a major in e-business I took an MBA majoring in strategic management, both at the University of Technology, Sydney.

I began my career at an ISP on the helpdesk, working in technology from the ground up. After a year with E&Y Consulting I joined CSC in 2001 as a Senior Security Architect helping build the security practice and then as EMEA Security Architecture and Consulting Manager and Strikeforce Global Practice Lead based in London. In these roles I advised corporate and government clients on variety of security issues.

In 2007, I re-joined E&Y in London as a Senior Manager where advised a number of Government and commercial clients such as Deutsche Bank, National Grid, Lloyds, The Crown Estate etc and was also responsible for security for Arsenal FC and for 2012 London Olympics.

From there I was seconded to HM Treasury becoming Deputy CTO and CISO with responsibility for all aspects of national security across Whitehall and HMG. After my time there I provided additional CxO support to a number of major corporates and gained a lot of experience in M&A, followed on by roles in HMG at the Ministry of Justice.

There has always been a strong public service component and accountability both to my career and to my motivation and I think this has reached its apex working in or with Government. In 2014 as the CISO of NSW Health and CIO of NSW Ambulance, where, by applying the technical rigour I have developed in other roles, I identified and addressed unique clinical weaknesses in healthcare processes and technologies. This was really impactful as the lack of security in healthcare can result in loss of life. This was the first time I was seeing the real world transition of risk from the digital world to the physical. I’m proud to say some of my work while at Health on privacy has now been written into law to help protect citizens.

Alongside the roles outlined above I have also founded and run of a number of security-related enterprises in Australia, the US and UK, and have played a pioneering role in the understanding and evolution of new technologies and security. Which leads me to Blockchain. I foresaw the importance of the technology in 2009, introducing it to Government while at HM Treasury to determine the impact to the UK. I continued working on its potential and drove the initiative to develop a Blockchain ISO Standard which was approved in October 2016 as TC307, where we have 35 countries and organisations working on it. I am currently the chair of ISO National Committee on Blockchain for the UK.

Another area I am heavily focused on is Artificial Intelligence, I truly see the potential of the technology to not replace what people do, but complement and augment our capability to enhance our output. The areas of machine learning especially deep learning and quantum algorithms really fascinate me and how to apply them to real world use cases. 

I am really excited about the next stage of technology evolution, the convergence of AI, Blockchain and Cybersecurity. The next 5 years will really make a dramatic impact to the world! More on that in upcoming posts.