6 minute read
Rachael Greaves
Chief Executive Officer at Castlepoint Systems
If you are prone to pessimism and fearful of the future do not listen to Rachael Greaves, CEO and cofounder of cybersecurity company Castlepoint Systems. Her view of the future in cybersecurity is dismal in the extreme: a ‘post-privacy’ world in which compromise of personal information will be the norm.
“We can expect all our personal information to be compromised,” she says. “We can’t use security questions anymore. We can’t use mobile phone two factor authentication. Anyone still doing that will be targeted (successfully) by what have previous been fairly inept actors. The low-motivation, low-capability bad guys will increasingly be stealing our money and secrets, because it will become trivial for them to do so.”
Meanwhile, sophisticated threat actors in this postprivacy world will be able to compromise almost anyone. “For every soldier, leader or government official they will know where their kids go to school, what compromising experiences they have had and what financial pressure they are under. They will find many levers to create trusted insiders, either through compromise or just sophisticated social engineering.”
BLEEDING EDGE TECHNOLOGIES
To counter these threats Greaves says organisations will need to rapidly adopt ‘bleeding edge’ technologies. “Government and industry in Australia have historically been slower to adopt artificial intelligence and other emerging technologies at the same pace as many other countries, but we can’t afford to lag when our adversaries are racing ahead.”
Castlepoint Systems, the company she co-founded in 2016, aims to counter such threats. It promises to “manage, protect and de-risk all your information everywhere, with no impact on the way you work now. Every item, every system, on premises and in the cloud.”
Running this company is a far cry from Greaves’ university education, a degree in anthropology and classics, but she says both were solid foundations for the career she eventually chose.
“I wanted to understand things deeply, see patterns, apply rules. That’s what I found so enjoyable about Latin. I am also very values-driven and my anthropology study gave me a strong foundation in human-centred thinking. The intersection of the
rules-based, hard edge of cybersecurity with its human-centric, social-good aspect is why it’s been a perfect discipline for me.”
She adds: “Learning to learn is the most important thing you can do at university. Most of my learning is from being able to read, comprehend and apply information quickly and accurately. Whatever your degree, if it requires you to apply complex comprehension skills and think critically, it will set you up for success in this domain.”
“It’s an extremely rewarding discipline when you have an outcomes-focused brain. I enjoy seeing problems that might be hidden and bringing them into the light, with evidence and, most satisfyingly, solving them.”
ANYONE CAN BE A CYBER PROFESSIONAL
Her conclusion: “Anyone can be a cyber professional. You don’t need a technical background at all. If you like to see patterns, understand the nuances of things, if you are good at identifying risks and red flags (by instinct as well as reasoning), if you care about society and the people who live in it you will have a rewarding experience in cyber.”
It was the threat of compromise to personal information that first piqued Greaves’ interest in cybersecurity and set her on the path to her current role. She was working as a business analyst for Austrade and her role included putting the home phone number of every in-country official into a booklet, which was distributed without security controls.
“This flagged as risky and I did some research. I quickly found out that, with this information, it was trivial for a bad actor to track these officials, and target them,” Greaves recalls. “It was a real-life example that the very mundane decisions we make about data and processes can have serious risks and consequences for our stakeholders.”
Greaves left Austrade to take on roles in national security agencies where she focussed increasingly on information protection and undertook selfstudy to become certified as a security manager, systems auditor and privacy engineer. She says the combination of experience and qualifications she developed over ten years culminated in the opportunity to security-audit some of Australia’s largest, multi billion dollar military projects.
A PIVOTAL EXPERIENCE
However, throughout her very varied cybersecurity career, Greaves cites one incident as being pivotal and a big part of the reason she developed the software underpinning Castlepoint Systems: the unlawful deportation to the Philippines in 2001 of Vivian Solon, a Philippines-born Australian citizen with mental health problems. She was deported because the then Department of Immigration and Multicultural and Indigenous Affairs (DIMIA) and other agencies were unable to coordinate essential information verifying her Australian citizenship. She was repatriated in 2005. DIMIA officers had discovered their error in 2003, but done nothing.
“Our government didn’t manage its records properly. It had a huge impact on me when I found out about it,” Greaves recalls. “It’s a big part of the reason I designed my software. We absolutely must know what data we have, where it is, who is doing what to it. If we don’t, real people can experience catastrophic harm.
“It was hard to get hard numbers on risk and the value of information when I had to audit by sampling. Now I can know what every single bit of information in a network is about and what needs to be done with it in order to protect it.
“Our Castlepoint software is the cornerstone of our security. Having full command and control of all our data and the events on it gives us the evidence we need to make the right security decisions.”
And, she says, the Castlepoint software has delivered some very specific results. “In the last year we have helped find child predators, helped ensure Indigenous
data sovereignty, helped respond to security breaches, and helped prevent them. It’s great to see the benefit of the software we created being realised like that.”
WORKING ACROSS TIME ZONES
Castlepoint Systems is headquartered in Canberra, but Greaves is based in London and works across UK, Australia and US time zones, which creates some time management challenges.
“I have meetings usually from 4:30 or 5:00 am. But I am offline from 7:30am to 9:00am to get the kids ready and take them to school” she says. “Same in the afternoons: no meetings from 2:30pm until bedtime. It makes for late work nights and early mornings, but it keeps the balance.
“As CEO I need to be across everything in my company at a high level, so I am in regular contact with my leadership team. I am also available to all staff to discuss issues and answer questions they want to talk about with me, so a lot of the day is just communication.
“I also have desk work to keep up with: we have a strong quality management culture, and documentation is key. And I attend meetings with partners, clients and other stakeholders where I’m required to provide advice or expertise.”
“Greaves says that running a cyber company is challenging – and cyber is a challenging field in general. “We have a lot to lose, and very motivated people trying to take it. But if we start taking it seriously, and taking some agency, we can significantly reduce our exposure. We need to know what information we have, where it is, and who is doing what with it. And we finally have the technology to do that, and pull ahead in the race to control our data.”
www.linkedin.com/in/rachaelgreavesstlp
