Finalists

Mike Burgess - Telstra

Discovery and Influence

Mike has established discovery and influencing capabilities in Telstra's security ops via a team to improve detection of threat events on the telco’s systems.

The team also recognises the importance of influencing the business at all levels to effect a behavioural change, going beyond hunting for malicious software and other security events.

His approach is designed is to ensure security is baked into business initiatives from the beginning. 

Mike and his team have helped to shift the discussion from technology to one where senior management engages and contribute to managing cyber security risk. 

Sanjay Verma - Dun & Bradstreet

Project Octave

The local operation of D&B became the first Australian organisation to achieve ISO22301 certification, making it one of only 30 firms worldwide, through Project Octave.

With the prime goal of the multi-million dollar project to ensure the organisation remains operational in a crisis, Verma set out to build a solution to suit Dun & Bradstreet’s business needs.

Project Octave included an improved approach to managing current and future threats throughout the security lifecycle.  

The result has been minimised downtime and improved recovery time.

Abbas Kudrati - Public Transport Victoria 

Cyber Security Incident Management plan

After a hacker breached Public Transport Victoria's website in late 2013, the department's security team chose to self-assess its cyber security maturity and strengthen its monitoring control system using NIST, Cobit 5 and CREST.

After enacting the plan, the PTV has seen a reduction in credit card fraud and has improved awareness and reporting of incidents. 

Incident management has also improved as each is classified, a priority level is assigned and a predetermined approach is enacted.

 Darren Simpson - Superpartners Australia

Cyber Defence Strategy                   

To ensure the financial information of 6.5 million Australians was adequately protected, Superpartners built an advanced cyber defence strategy from the ground up. 

The three-year project involved running customised threat and scenario workshops aligned to individual business units to develop a risk profile. 

It included a comprehensive education program with sessions that promoted better workplace behaviours and identifying a security champion network.

The infosec strategy is reviewed every six months and reported against quarterly.

Dmitry Kulshitsky - Carsales.com

Carsales Antifraud/Security Solution 

Carsales wanted to provide a world-class, fraud-free, safe online space for buyers and sellers, and protect the online market's digital assets from cyber threat. 

The company’s development, security and customer care teams built a multilayered “defence-in-depth” security solution optimised for the classified and online retail market in which the company operates.  

It utilised external and internally built tools and the project has completed first stage implementation which has resulted in a significant reduction in credit card chargebacks.