4 minute read
Christina Keing
National Lead Director Cloud Security for Deloitte
Iam a director in Deloitte Australia’s Cyber team, a strategic cyber leader enabling rapid and secure delivery of digital innovations under a cloud-first and agile strategy. I work with clients as their trusted cybersecurity partner to solve complex security problems, drive progress in a dynamic and digital world, and build more confident futures.
I started my career in cybersecurity 15 years ago when it was still a new thing. I decided to take up a role as the first head of security for the organisation I worked for at that time.
Today, the most challenging aspect of my role is staying at least a few steps ahead of cyberattacks. It requires a comprehensive, proactive, risk-based approach to preventing, detecting and responding to cyber threats.
I help my clients to become secure, vigilant and resilient organisations with solid defences, expansive threat awareness, and strong response and recovery capabilities that enable them to operate safely in today’s hyperconnected business environment. I am really passionate about technology and the threats and opportunities it presents in a security context, and I think the best advice I was given was to stay curious and enjoy learning.
I obtained a Certified Information Systems Security Professional (CISSP) qualification. It established a solid foundation for my whole security journey and enabled me to become a trusted security architect. The exam to achieve the qualification was six hours long! So long that we had to pack our lunch to eat while we were taking it. I wish I had also gained the AWS (Amazon Web Services) Solution Architect qualification so that I could have started my cyber cloud journey earlier.
One of my most memorable experiences was providing advice to a client company on how to respond to a ransom request. If you want to know more, take a look at “subdomain takeover on S3”.
Traditional security training is an important component of a cybersecurity program, but on its own is not enough. A policy manual alone will not prepare people to take the right action. Active learning scenarios that deepen understanding of the impact of day-to-day activities on the organisation’s cyber risk posture are required, along with reinforcing the right behaviour through programs that reward speaking up and raising questions. These activities are absolutely critical to achieving cybersecurity program objectives.
The rapid adoption of emerging technologies is greatly increasing efficiency, and creating dynamic cybersecurity challenges for organisations. Cyberattacks have moved beyond identity theft and online account hacks. They threaten our codeenabled physical world—our homes, our cities, our infrastructure, and even the medical devices in our bodies.
A host of digital technologies, such as AI, automated botnets, Internet of Things (IoT), and cloud computing facilitate attacks at a scale, speed and level of sophistication never seen before. New types of malware, such as automated phishing tools and crypto mining software, combined with emerging technologies, are expanding the cyber risk landscape.
Organisations must continuously revisit their cybersecurity measures to defend against the onslaught. Cybersecurity has to be a mission-critical priority for organisations, but the cybersecurity profession continues to face a major challenge: a substantial talent gap. There are not enough qualified individuals to fill the millions of open positions globally.
A 2019 (ISC)2 study estimated the cybersecurity skills gap to be almost four million job openings. That same study reported the population of cyber workers would have to grow 145 per cent to meet global demand. These are staggering numbers, and there is no immediate solution.
Closing the cyber talent gap is important, but will take time. By taking proactive steps to create an attractive, inclusive and sustainable cyber culture, organisations can be magnets for attracting top talent.
The cybersecurity industry has experienced a spike in attack activity since COVID-19 hit, with threat actors taking advantage of the pandemic and companies transforming overnight into “work from home” enterprises. According to a Forbes report, Microsoft detected nearly one million COVID-19 themed attacks per day during the first week of March 2020. And government and other organisations have been processing tremendous amounts of health data this year, putting a spotlight on privacy, making it mission-critical to
business operations and creating new challenges for privacy professionals in particular.
At Deloitte, we view diversity and inclusion as central to our ability to execute on strategy and solve problems. Cybersecurity is a complex, multidisciplinary and ecosystem challenge globally.
Through extensive research conducted by Deloitte’s Human Capital Consulting business, we know that, at the intersection of diversity and inclusion, lies an area rich with fresh, innovative ideas and creativity, which drives a better employee experience and, ultimately, better outcomes for our clients.
www.linkedin.com/in/keing/
