Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Shane Moffitt, the Assistant Chief Information Security Officer (CISO) for the Victorian Government, shares his story about:
As my career progressed, I learned a great deal about IT and cybersecurity but struggled getting organisations to make what I considered the right decision. While there were fewer cybersecurity professionals to network with and learn from early in my career, I had tremendous mentors I could lean on for expertise and guidance. I had the opportunity to work for a director in a prior job that was instrumental in my professional development. He taught me the more nuanced side of organisational politics, governance and influence. Many cybersecurity professionals devalue these disciplines. Without an understanding of the organisation, governance and what drives decision making we will struggle to get the right decisions made. “There is no value in being right if no one listens to you” in this case, we need to re-think our value proposition and purpose. My mentor and I shared the same moral compass. As I look back on our time together, I am thankful for his advice and wisdom as I navigated my cybersecurity career,” emphasises Moffitt. These are his insights. What does cybersecurity mean to you, and how has this evolved during your career? Moffitt describes, "cybersecurity played numerous roles over the course of my career from:
This experience opened doors to new opportunities across financial services and consulting. One opportunity was with EY where I served as the Oceania Practice Lead for ISO27001. I found this role and the organisation to be incredibly influential as I had opportunities to enable a wealth of talent to support our client’s business objectives. After spending time with the Victorian government, I had some strong opinions about what needed to be done. When I saw that my role was being advertised, I felt I could have a significant impact on progressing towards a safer and more secure Australia. I figured I might as well have a swing at it,” Moffitt explains. Why do you do what you do? What motivates you as a cybersecurity professional? Moffitt pauses, "I believe the world should be a certain way. I believe:
There is real meaning behind our work in the cybersecurity space. I am privileged to have roles that provide me with purpose because of the market demands for cybersecurity talent. What, if any, information you would have liked to know starting out in your career? Moffitt pauses, laughs and describes "there are three things I would have told myself:
How would you suggest others new to the field get involved? Moffitt emphasises, "cybersecurity teams require diverse skillsets from:
I look for candidates with prior exposure outside of cybersecurity because of the value we place on influencing and listening to others. As a cybersecurity professional, we enable our colleagues to more securely execute in their role. We lose out on the intended purpose if we become too myopic and push cybersecurity for the sake. For example, if I was leading a security team at a logistics company, I would insist on having a person on my team who had worked in the warehouse. If you understand the business model and an organisation’s objectives, you have an opportunity to become a successful and long-standing cybersecurity professional,” explains Moffitt. In conclusion, this month’s blog post was brought to you in support by Shane Moffitt, the Assistant Chief Information Security Officer (CISO) for the Victorian Government, where he:
Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues. Please leverage the comment box below to suggest future topics or guests, provide feedback or share with others.
0 Comments
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |