Christina Keing
I am really passionate about technology and the
National Lead Director Cloud Security for Deloitte
context, and I think the best advice I was given was to
threats and opportunities it presents in a security stay curious and enjoy learning. I obtained a Certified Information Systems Security Professional (CISSP) qualification. It established a solid foundation for my whole security journey and enabled me to become a trusted security architect. The exam to achieve the qualification was six hours long! So long that we had to pack our lunch to eat while we were taking it. I wish I had also gained the
I
AWS (Amazon Web Services) Solution Architect qualification so that I could have started my cyber am a director in Deloitte Australia’s Cyber team, a
cloud journey earlier.
strategic cyber leader enabling rapid and secure
One of my most memorable experiences was
delivery of digital innovations under a cloud-first and agile strategy. I work with clients as their trusted cybersecurity
partner to solve complex security problems, drive progress in a dynamic and digital world, and build more confident futures. I started my career in cybersecurity 15 years ago when it was still a new thing. I decided to take up a role as the first head of security for the organisation I worked for at that time. Today, the most challenging aspect of my role is staying at least a few steps ahead of cyberattacks. It requires a comprehensive, proactive, risk-based approach to preventing, detecting and responding to cyber threats. I help my clients to become secure, vigilant and resilient organisations with solid defences, expansive threat awareness, and strong response and recovery capabilities that enable them to operate safely in today’s hyperconnected business environment.
50
WOMEN IN SECURITY MAGAZINE
providing advice to a client company on how to respond to a ransom request. If you want to know more, take a look at “subdomain takeover on S3”. Traditional security training is an important component of a cybersecurity program, but on its own is not enough. A policy manual alone will not prepare people to take the right action. Active learning scenarios that deepen understanding of the impact of day-to-day activities on the organisation’s cyber risk posture are required, along with reinforcing the right behaviour through programs that reward speaking up and raising questions. These activities are absolutely critical to achieving cybersecurity program objectives. The rapid adoption of emerging technologies is greatly increasing efficiency, and creating dynamic cybersecurity challenges for organisations. Cyberattacks have moved beyond identity theft and online account hacks. They threaten our codeenabled physical world—our homes, our cities, our infrastructure, and even the medical devices in our bodies.