Jean-Baptiste Bres

Chief Information Security Officer

Looking for a Security Services Senior Specialist

We are looking for a Security Services Senior Specialist! - AMP is undergoing a transformative security uplift, and we're seeking exceptional talent to fortify our cyber defenses.
In this pivotal role, you'll transition us from a reactive to a preemptive security posture, safeguarding against ever-escalating threats.

If you're passionate about cybersecurity and want to make a lasting impact, apply now!
https://fa-esow-saasfaprod1.fa.ocs.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/2607/?utm_medium=jobshare

New role

πŸŽ‰ Exciting news! I am thrilled to announce that I am joining AMP as their new Director of Technology - Security, Risk & Compliance (CISO). Looking forward to embarking on this new journey.

Looking for new CISO @ HSBC

We are on a look out for a great new πŸ” CISO in HSBC Australia. Lead a fantastical team and join a great organisation!
Plus you get to fix all the crazy ideas I had over the last 3 years! 😁 No chance to get bored πŸ˜„
Apply now and feel free to reach out if you have questions.

NSA's Best Practices for Security your Home Network

In a very recent piece of news, it was revealed that LastPass, a wildly used password manager, fail victim to a cyber attack and got all their customer data (i.e. the users stored passwords) stolen in the form of an encrypted database. Because the database was encrypted, the hackers could not access the content, so they proceed by attacking the personal home devices of one of the only 4 employees that had access to database password, and managed to break into his network and stole that password, getting access to all customer data.
That is a very committed hacker, but sadly, that is the reality: we are now all targets at home, because it is often easier to break into someone personal device and use it as a leverage to attack their organisation they work for.

Just as timely as this news is the recent publication by the NSA of their Best Practices for Security your Home Network. These are great recommendations that we can only recommend everyone to have a look at and, when possible, implement at your home!

New certification: Certified Information System Security Professional (CISSP)

I’m happy to share that I’ve obtained a new certification: Certified Information System Security Professional (CISSP) from (ISC)²!

New certification: Certified in Cybersecurity (CC)

I’m happy to share that I’ve obtained a new certification: Certified in Cybersecurity (CC) from (ISC)²!

Free (ISC)² Cybersecurity Certification Exams

There are no excuses left to not do a security certification now 😁
(ISC)² Pledges One Million FREE (ISC)² Certified in Cybersecurityβ„  Courses and Exams

Open IT Risk Manager role

HSBC is looking for a seasoned IT Risk Management in Australia! A great opportunity to join our incredible Technology and Cyber Security team if you have some experiences in that domain.

Find out more and apply on HSBC career website.

Open Junior Cybersecurity Analyst role in HSBC Australia

HSBC is looking for a junior Cybersecurity Analyst to join our fantastic team in Australia! A great opportunity to join HSBC incredible cyber capabilities if you are a recent graduate or have a little experience in that domain.

If you are interested, please apply on our career website.

Congratulations Avenue Bank

Congratulation to Avenue for getting its restricted banking licence, and officially becoming Avenue Bank!
It was not an easy journey but it was not luck either, because they are an awesome and dedicated bunch. Looking forward for the next steps!

20210908-001

New role: HSBC

I am very proud to announce that I have started a new role as Chief Information Security Officer, Australia and New-Zealand at HSBC.

HSBC-logo-1024x768

New role: Introducing Avenue

I am very proud to announce that I have started a new role as Chief Information Security Officer at Avenue.

Avenue_RED_RGB


Avenue is building a dedicated business bank that finds new, flexible ways to free up cash flow for its customers. Whether you want to grow your business, buy some time, or simply have some breathing space, we'll free up cash with new options that other banks don't offer.

Avenue isn't a bank (yet), but we're on our way. Find out more at https://www.avenue.net.au

Open to new opportunities

As I mentioned in my previous post, Xinja Bank will stop operating as a bank in the next few weeks.

For me, this sadly means that my role will stop to exist at the end of January 2021, so I will be looking for a new position shortly.
Thank you in advance for any connections, advice, or opportunities you can offer.

You can contact me by email or via Linkedin.

Xinja is closing deposit accounts

Xinja Bank Account will soon be discontinued and the Xinja Stash will be discontinued from 23rd December 2020.

It is a sad time for all of us at Xinja. We have worked hard to get there. But we have a lot to be proud of. We demonstrated to all that it was possible to build a bank from scratch, based on a modern cloud-based tech stack.
Some said we were the crazy ones. Maybe we were. But we created momentum. We lead the way. Other will come and continue what we started. Creating better banking, and better tomorrows.

On a personal note, I am proud that Xinja has been rated the most secure bank in Australia for 6 out of the last 12 months (and as per how Dec. is going so far, still is πŸ˜πŸ†). Not a small achievement for the small team we were.

Thanks to all past and present #xinjasecurity team members. It would not have been possible without you.
Kudo to Aron, Priyal, Richard, Will, Nicole, Gary, Jeremy & Greg. You guys rock! 🀘

For more information about the closure of Xinja accounts, visit https://xinja.com.au/xinja-bank-accounts-and-stash-accounts-being-discontinued/

In a time of change, identity has become the key to security - Webminar

I was honoured to discuss Identity and Security in the cloud with Nigel Phair and Serkan Cetin at the Quest Software webinar "In a time of change, identity has become the key to security – and business continuity" last week.



Check out the full video on GoToStage.

Xinja emails get maximum security score

Email. It is hard to imagine life without it. Although invented back in the seventies, it became mainstream in the nineties. Unlike overalls and bandanas, it remained popular until this day. So popular in fact, that spam and so called ‘spoofing’ has become a real threat on the internet. This is how Xinja keeps their emails super secure.

20201020-001

Incident Response and Breach Impact Minimisation Panel

I am looking forward to be part of the panel on Incident Response and Breach Impact Minimisation on Thursday October 8th 2020 (1pm - 1.50pm AEST) with Susie Costa, Alvin Rubyono and Stephen Burmester.

More than ever, Government, industry and businesses have been under increasing attacks. The Australian Cyber Security Centre (ACSC) recently published a report stating it had responded to approximately 2300 cyber security incidents between July 2019 and June 2020. But in these times with many staff working from home, if your business was to suffer from a cyber breach, would you be able to respond effectively?
We will discuss best practices in incident response and how to manage and minimise the impact of a breach on your business.

More information at https://app.livestorm.co/forefront-events/incident-response-1

Xinja is now PCI DSS compliant certified

Xinja just got certified PCI DSS compliant! The PCI DSS compliance refers to the technical and operational standards that businesses must follow to secure and protect your credit and payment card data. These standards for compliance are developed and managed by the Payment Card Industry Security Standards Council.

It is a huge milestone for us and, if you ever got through such a certification process, you would know how challenging it is!

To mark the event, we published a short article on how we designed our environments to get compliance. So read more about it below:

20200922-001

Future of Security Conference

I was honoured to be part of the FST Security conference on Monday, for a fireside chat around data privacy with Mark Sheppard and a Security Leader's Panel with Larkin Ryder, Michelle Bower and Sumeet Kukar.
If you were not able to attend, you can still catch these sessions on the conference website.

Interview

Future of Security Conference

After having to cancel the event back in March due to COVID-19, the Future of Security conference is back (online this time) from the 24/08.

I am very honoured to be one of the speakers. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.

I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA.

Find out more on the conference website.

20200721-001

Read about Xinja's Journey to the Cloud

20200522

How to become a Fierce Female Leader in Cybersecurity Meetup

I am very excited to participate with Joss Howard at the very first Women in CyberSecurity Meetup next week! Hopefully I will be able to provide some insightful perspective to all!

20200520

Watch outs for Working From Home

Screen Shot 2020-04-14 at 10.02.24

Security GRC Manager role @ Xinja

We’re on the hunt for a killer Security GRC Manager πŸ”’ Must be highly skilled with excellent credentials. Ready to come help us build Australia's first (and best πŸ˜‰) neobank? Apply at https://xinja.com.au/careers/security-grc-manager/

Screen Shot 2019-08-05 at 10.15.51

Future of Security Conference, Sydney

Unfortunately this event has been cancelled due to the COVID-19 outbreak, but it will be rescheduled for later on this year. Stay safe and see you all in a few month!

I am very honoured to be one of the speakers at the next Future of Security conference in Melbourne on 24/03 and in Sydney on 26/03. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.

On the 26/03 (Sydney), I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA with Wayne Bozza, Sarah O'Brien and Sumeet Kukar and Larkin Ryder.

Future of Security

CPS 234 NSW Morning Briefing

Thanks all for coming to our panel on strategies to prevent data breaches & improve incident response yesterday at the CPS 234 NSW morning briefing.
Thank you to Jason Anderson and Wayne Bozza for their insightfull perspectives. And thanks to Paul Schofield for his fantastic facilitation and direction.

0-2

CPS 234 NSW Morning Briefing

I am looking forward to be one of the speakers at the CPS 234 NSW Morning Briefing in Sydney on 20/02/2020 with 3 great experts: Neil Hopkins, Susie Costa and Wayne Bozza.

With the passing of the July 1st deadline, ARPA regulated entities must meet the mandatory Prudential Standard CPS 234. The Standards have been created to improve resilience against information security threats, and those entities need to put the correct implementation strategy in place to safeguard themselves in the information age.

A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

Ditch Dad Banking

We are launching today our “Ditch Dad Banking” campaign and our stashes (saving accounts) with great interest rates and no fees or hidden rules! Awesome work all! Never been a best time to ditch your old bank πŸ˜„


DevOps role @ Xinja

A new security-related role we are recruiting for at Xinja: we are looking for a DevSecOps engineer. You’ll be embedded in the DevOps team to facilitate continuous delivery of secure, quality software to the Xinja Banking Platform using DevSecOps practices and principles. You’ll need to have a broad cross section of skills along with a strong consultative approach.
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.

If you think this is something for you,
contact me or visit Xinja career website for more information.


DevSecOps

Unto the breach: let’s face up to data security

We just published an article that talks about data security and how we, at Xinja, are protecting our customers. Let us know what you think!

Screen Shot 2019-10-15 at 13.12.25

Cyber Attack Conference Sydney 2019

I am very honoured to be one of the speakers at the upcoming Cyber Attack 2019 Conference in Sydney on October 17th. I will be facilitating a round table discussion on how to implement a security Bring Your Own Device (BYOD) policy.

Let's. Go.

Xinja has officially a full banking licence! We will be opening our first bank accounts today! πŸ₯³

Read more at https://www.xinja.com.au/news/2019/xinja-gets-full-banking-licence/

XINJA_1920x1280_FINAL

Xinja is #5 top startups to work for now!

Xinja is #5 top startups to work for now! πŸ†πŸ†

Australian banks face secret penetration tests

An interesting initiative from NPP (which coordinate the open access infrastructure for fast payments in Australia, PayID). Following the PayID lookup attacks that occurred in the last months, they might now perform secret penetration tests to ensure that participating banks are up to the right level of protection. πŸ’‘

Read more at http://bit.ly/2lyNQT4

Super Risk Symposium - Melbourne 14/08

I was honoured to be one of the speakers at the Super Risk Symposium organised by the AIST in Melbourne on 14/08.

It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.

UNADJUSTEDNONRAW_thumb_126

Security Designer @ Xinja

Last but not least, we are also hiring a Security Designer, a strategically critical role in defining and assessing Xinja’s security strategy, architecture and practices.

If you think this is something for you, contact me or visit Xinja career website for more information.

Security Designer

Info Sec GRC Manager @ Xinja

Another great opening in the Xinja Security Team. We are looking for an Information Security GRC Manager!

This is a key role for the organisation: You will manage the information risk and security governance, focussing on raising standards and awareness, as well as providing assurance and monitoring compliance with policies and standards.

If you think this is something for you, contact me or visit Xinja career website for more information.

More openings coming soon…
πŸ˜‰

Screen Shot 2019-08-05 at 10.15.51

DevSecOps role @ Xinja

Another great new security-related role we are recruiting for at Xinja: we are looking for a DevSecOps engineer with a focus on security automation. You’ll be embedded in the DevOps team to facilitate continuous delivery of secure, quality software to the Xinja Banking Platform using DevSecOps practices and principles. You’ll need to have a broad cross section of skills along with a strong consultative approach.
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.
You should know that we do things a little differently at Xinja. You won’t be micromanaged and will have the flexibility to choose the tools you need to get your work done. Along with the team you work with, you’ll be given autonomy on how you design and build DevSecOps processes as long as it stays within the guidance of the Xinja Software Development Lifecycle and Information Security Management System. You should be comfortable with pushing new tools and processes and challenging the norms of secure software development and deployment.

If you think this is something for you,
contact me or visit Xinja career website for more information.

More openings coming soon…
πŸ˜‰

DevSecOps

Security Analyst role @ Xinja

I am recruiting a Security Analyst to join the fantastic security team at Xinja. The role will be responsible for assisting in building upon and improving Xinja’s Information Security Program. You will be the primary technical security resource in a small team responsible for the day-to-day operations of the security of all things Xinja.

If you think this is something for you, contact me or visit Xinja career website for more information.

More openings coming soon… πŸ˜‰

Security Analyst

Super Risk Symposium - Melbourne 14/08

I am very honoured to be one of the speakers at the next Super Risk Symposium organised by the AIST in Melbourne on 14/08. I will be discussing being CPS compliant with 2 great experts: Joss Howard (Head of Risk Management and Governance Consulting, APAC, NCC Group) and Matt O'Keefe (Partner, KPMG).

Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.

[Update] Info and tickets at https://bit.ly/2GGHp8v

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. Read more at http://bit.ly/2Xr3Kgv

First State Super integrates advice, overhauls leadership


First State Super has fully integrated its financial advice business, StatePlus.

In a move aimed at making financial advice accessible for all its members, the $70 billion fund has brought its financial advice business StatePlus in-house. Read more at http://bit.ly/2XqxFFu

"Implementing CPS 234" conference

I am very proud and excited to be one of the key speakers at the "Implementing CPS 234" conference on 3rd May in Sydney.

I will be talking on how to build an information security policy framework that is agile to changing threats.

What the Marriott Breach Says About Security

Marriott disclosed earlier this week a four-year-long breach. It involved the personal and financial information of 500 million guests of some of its hotel properties.
What could have gone so wrong that such a breach remained unnoticed for so long? This great article shares some considerations around the security postures that companies take on, and why they work... or not.

Facebook Security Breach Exposes Accounts of 50 Million Users

Facebook is breached, putting 50 Million users’ data at risk. Great time to ask yourself what data you are making available on the net, and what would you do if it ends ends available to all because of a breach? Maybe it’s time to close your social network accounts that are not providing you any real value?...

Thank You Steve

Steve Jobs

Thank You Steve,
None of that would have been possible without you.