Amandine Nury, Global Ciso Programs Director

often say that I didn’t choose cybersecurity but cybersecurity chose me,” reflects Amandine Nury, Global CISO Programs Director. Back in 2018, she was working as a consultant in the Technology Strategy & Architecture practice at Deloitte Australia in Sydney. One day, the Cyber Advisory team needed someone who could manage a large project and translate highly technical findings into something the client’s C-suite could understand and act on. “I volunteered, just for what was supposed to be a three-month assignment,” she recalls.

That assignment proved to be a turning point. It was with Sydney Trains, focused on assessing the maturity of both their IT and OT environments and developing a strategy around it. “I was surrounded by brilliant subject matter experts, and I quickly became fascinated by the content and the real-world impact of our work,” Amandine says. “We weren’t just solving technical problems, we were helping, in a way, protect critical infrastructure that thousands of commuters relied on every day.”

“That experience opened my eyes to the purpose and impact behind cybersecurity. It wasn’t just about tech anymore, it was about people, safety, and trust. I joined the Cyber practice shortly after and have been immersed in the field ever since. Over time, my interest has only deepened as I’ve continued to explore the evolving landscape of cyber threats, resilience, and strategy.”

Amandine’s path was far from linear, and at times, it was marked by uncertainty. “Yes, I definitely experienced moments of uncertainty, particularly right after the COVID-19 pandemic,” she says. “I was about two and a half years into my cybersecurity journey at the time, and I found myself in a couple of projects that didn’t feel impactful. Without the right leadership and mentorship support, I started to lose sight of what initially drew me to the field.”

She sought help. “To navigate that period, I decided to work with a professional coach,” Amandine explains. “Through a series of reflective exercises,

I reconnected with some aspects of cybersecurity that truly motivated me. More importantly, I gained clarity on what I wanted to pursue, but also on what I didn’t. Those realizations weren’t necessarily about cybersecurity itself, but about the environment I was working in, which I believe is just as important, especially early in your career.”

Her journey has also been shaped by a willingness to embrace the unknown. “When I began my journey in cybersecurity, I didn’t have a clearly defined vision of the roles I aspired to. My path unfolded quite organically,” she says. “Part of the challenge was internal as I often questioned my place in the field because I entered cybersecurity later in my career and didn’t come from a technical background. I also resisted the idea of limiting myself to one niche or capability. What I did know, however, was that I had a strong drive to learn continuously, to never settle, and to apply what I learned to solve complex problems and contribute to broader cybersecurity strategies.”

In her current role, she is candid about the complexity of the work. “One of the most complex aspects of my role, especially from a non-technical perspective, is navigating the rapid evolution of the cybersecurity landscape,” Amandine explains. “As threats grow more sophisticated, the defensive tools and platforms we rely on are becoming increasingly specialized. This specialization is necessary, but it also introduces a challenge: the pace of tool adoption often outstrips the development of supporting processes and cross-functional alignment. This is where I believe governance plays a pivotal role. While it’s sometimes perceived as a bottleneck, I see governance as a strategic enabler. Governance, when well established, helps reduce silos, clarify ownership, and ensure that innovation doesn’t come at the cost of coordination. In my experience, strong governance is what allows organizations to move fast without breaking things.”

She is also attuned to the horizon of emerging threats. “There are definitely several emerging threats, but two stand out to me,” she shares. “The first is the threat posed by quantum computing. As this technology advances, the risk of it breaking current encryption standards and exposing sensitive data becomes very

real. It’s not just theoretical anymore, it’s a looming challenge that requires proactive planning today. The second is AI-driven cyber attacks. This one feels like a no-brainer, but it’s worth mentioning: AI is making attacks faster, more scalable, and significantly harder to detect using traditional methods. Whether at the corporate level or in our personal lives, we’re only beginning to understand how to defend against this new wave of intelligent threats… and that is scary as much as it is fascinating.”

Beyond technical focus, Amandine values roles that allow her to see the bigger picture. “Beyond remuneration, one of the most important factors I consider is the scope of the role, specifically, how much exposure it offers both within and outside the organisation,” she says. “I thrive in roles where I can connect the dots across teams, capabilities, and strategies. My motivation comes from thinking big, not just focusing on a single cybersecurity service or technical function, but understanding how everything fits together to drive business value. I don’t want to be a fish in a fishbowl, I want to be a fish in the ocean, with the freedom and perspective to navigate complexity and contribute meaningfully at scale.”

“Through a series of reflective exercises, I reconnected with some aspects of cybersecurity that truly motivated me. More importantly, I gained clarity on what I wanted to pursue, but also on what I didn’t. Those realizations weren’t necessarily about cybersecurity itself, but about the environment I was working in, which I believe is just as important, especially early in your career.”