these are material or impact more than one business. Working with each business’ cyber teams is fun. They are talented and passionate about their business and about ‘defending production’. It’s a challenging role, so I am energised working with them, helping them succeed, and supporting their teams. I got into cybersecurity by chance based on my
Daniella Traino CISO for Wesfarmers vCISO
I
had no idea there was a career behind it, what that path looked like, or what the economic value of those skills and experiences would be. I studied computer science and accounting (commerce) at the University of Sydney. I loved mathematics, business and technology, and wasn’t
am a virtual chief information security officer with an ASX listed company, and the group chief information security officer (GCISO) at Wesfarmers. A virtual CISO is essentially a cybersecurity
sure where my interests would take me, job-wise. My career progress has not been the result of good or solid planning. I just wanted to be in environments where people were mission-focussed, continuously improving and not seeing tech/cybersecurity
executive who is engaged with client(s) on a part-
only as a ‘keep the lights on’ benefit. I looked for
time/project basis rather than full-time. A group
opportunities to work across many complex and
CISO is accountable for CISO-level functions and
growing businesses and industry types where I could
capabilities, but typically for more than one business
develop management skills to help me navigate the
area or company within a group. The role exists
complexity, and influence strategy.
in large enterprises/conglomerates where there are several businesses owned by the same parent organisation. It is less common in Australia than in many other countries.
My first employer was a management consulting/ big four accountancy firm. That job gave me opportunities in financial and IT audit and general IT and risk consulting. It was there I was introduced to
As Wesfarmers GCISO I work closely with the
a small team being paid to test the security of client
cyber teams across the corporate office and our
systems and recommend how to design/harden
retail, chemical, industrial and safety divisions. I’m
them. I was hooked! It was a great team, and we
accountable for group-level strategy and architecture,
worked on a good range of IT and cyber engagements
cyber risk management and assurance, and cyber
in different industries. I invested in my own learning in
defence.
parallel (Hacking Exposed was a great handbook) and
My GCISO role at Wesfarmers is that of a change
my cybersecurity interest grew from there.
agent, building a sense of community and
I think, to be successful in cybersecurity, you need
collaboration across all cybersecurity teams, and
to have a passion for the domain and for learning.
particular practitioner groups such as Cyber Defence
The threats and the technology innovation to counter
and Architects. I identify strategic opportunities
them are evolving rapidly in parallel. Being curious is
to uplift/innovate and have executive and board
a must.
responsibilities to measure and monitor cyber risk and opportunity across all businesses. This includes coordinating incident response and cyber defence efforts across all businesses where
30
interest in it, and the challenges and fun it offered. I
WOMEN IN SECURITY MAGAZINE
I’ve had several memorable experiences in my career, mostly centred around the incredible people I’ve been fortunate to work alongside. I’ve tried to learn from their successes as much
