Posts
We’re hiring: Senior Cyber Defence and Response Specialist
06/03/2026 12:09
📍 Sydney (Hybrid) | 🏦 Financial Services | 🛡️ Cyber Defence & Incident Response
We’re continuing to strengthen our Cyber Defence Centre at AMP and are recruiting a Senior Cyber Defence and Response Specialist to help protect an iconic Australian financial institution during a period of genuine transformation.
This is a hands‑on, technical role at the heart of our cyber operations. You’ll be detecting, investigating and responding to sophisticated threats across a complex enterprise environment, while helping us move towards a more proactive, intelligence‑led defence model. Beyond BAU response, you’ll play a key role in improving detection, threat hunting, automation and incident response maturity across AMP.
You’ll be a great fit for this role if you have:
At AMP, we’re intentionally lean, inclusive and outcomes‑focused. You’ll be close to the action, encouraged to challenge the status quo, and supported by leaders who genuinely value strong security thinking. If you enjoy variety, taking ownership, and seeing your work directly improve organisational resilience, you’ll feel at home here.
If you’re keen to protect what matters today and help shape how cyber defence is done tomorrow, we’d love to hear from you.
➡️ Apply now: Senior Cyber Defence and Response Specialist
We’re continuing to strengthen our Cyber Defence Centre at AMP and are recruiting a Senior Cyber Defence and Response Specialist to help protect an iconic Australian financial institution during a period of genuine transformation.
This is a hands‑on, technical role at the heart of our cyber operations. You’ll be detecting, investigating and responding to sophisticated threats across a complex enterprise environment, while helping us move towards a more proactive, intelligence‑led defence model. Beyond BAU response, you’ll play a key role in improving detection, threat hunting, automation and incident response maturity across AMP.
You’ll be a great fit for this role if you have:
- Strong, hands‑on experience in incident response, threat hunting and security event analysis
- Solid capability across SIEM, XDR, endpoint, WAF and cloud security controls
- Experience working in large, regulated enterprise environments
- Practical knowledge of frameworks such as MITRE ATT&CK, NIST and cyber kill chains
- A calm, analytical approach and the ability to perform well in fast‑paced situations
At AMP, we’re intentionally lean, inclusive and outcomes‑focused. You’ll be close to the action, encouraged to challenge the status quo, and supported by leaders who genuinely value strong security thinking. If you enjoy variety, taking ownership, and seeing your work directly improve organisational resilience, you’ll feel at home here.
If you’re keen to protect what matters today and help shape how cyber defence is done tomorrow, we’d love to hear from you.
➡️ Apply now: Senior Cyber Defence and Response Specialist
Geopolitics Is Now a Technology Risk
25/02/2026 09:51
Geopolitics has become a direct and material technology risk, and it now firmly belongs on the CISO’s agenda. 🌐 Trade disputes, sanctions, cyber espionage, and digital sovereignty are reshaping where data lives, who can access it, and how resilient our platforms really are.
Our dependence on globally distributed supply chains and a small number of predominantly US-based ☁️ cloud providers has concentrated high‑value data and critical services in a few strategic locations. In a heightened geopolitical environment, cloud data centres are now strategic infrastructure, and disruptions—malicious or not—can quickly become systemic business events.
In this article, I explore why technology is uniquely exposed to geopolitical shocks and what CISOs and technology leaders should be doing now to factor geopolitics into cloud, availability, and resilience planning.
Cybersecurity Study Group: (ISC)² Certified in Cybersecurity (CC)
20/02/2026 17:35
Looking forward to our pilot Cybersecurity Study Group session with Edward F.! 🚀
If you’re interested in the (ISC)² Certified in Cybersecurity (CC) certification, this is your chance to study with peers, ask questions, and learn from industry professionals.
If you’re interested in the (ISC)² Certified in Cybersecurity (CC) certification, this is your chance to study with peers, ask questions, and learn from industry professionals.
We’re hiring: Senior Security Architect
14/02/2026 10:13
📍 Melbourne (Hybrid) | 🏦 Financial Services | 🔒 Security Architecture
We’re expanding our security team at AMP and hiring a Senior Security Architect to design and implement robust security architectures in a regulated financial environment.
You’ll lead security strategy, architect secure systems, collaborate with engineering teams, and ensure compliance while protecting customer data and operations.
You’ll be great for this role if you have:
🔹 Proven experience in security architecture and design
🔹 Deep knowledge of cloud security, identity management, and threat modelling
🔹 Background in financial services or regulated industries
🔹 Strong communication skills to influence stakeholders
Join us to shape secure financial services innovation and advance your cybersecurity career.
➡️ Apply now: Senior Security Architect
We’re expanding our security team at AMP and hiring a Senior Security Architect to design and implement robust security architectures in a regulated financial environment.
You’ll lead security strategy, architect secure systems, collaborate with engineering teams, and ensure compliance while protecting customer data and operations.
You’ll be great for this role if you have:
🔹 Proven experience in security architecture and design
🔹 Deep knowledge of cloud security, identity management, and threat modelling
🔹 Background in financial services or regulated industries
🔹 Strong communication skills to influence stakeholders
Join us to shape secure financial services innovation and advance your cybersecurity career.
➡️ Apply now: Senior Security Architect
💡 You Can’t Secure What You Can’t See: The Case for SBOMs
02/02/2026 19:09
Modern software is assembled from countless third‑party and open‑source components. And if you can’t see them, you can’t secure them. 🔎🔐
This article explains why SBOMs (Software Bills of Materials) are becoming essential for managing supply‑chain risk, strengthening incident response, and meeting rising security and compliance expectations.
If you want faster visibility, better control, and fewer surprises in your software stack, this one’s for you.
We’re hiring: Security Services Senior Specialist (AppSec)
28/01/2026 13:10
📍 Sydney (Hybrid) | 🏦 Financial Services | 🔐 Application & Vulnerability Security
We’re expanding our security team at AMP and hiring a Security Services Senior Specialist to lead application security, penetration testing, and vulnerability management.
You’ll own and uplift our AppSec framework, pen‑testing program, and vulnerability lifecycle, shaping engineering practices and protecting millions of customers.
You’ll be great for this role if you have:
🔹 Strong AppSec, pen testing, and vuln‑management experience
🔹 Confidence owning services and improving processes
🔹 Experience in regulated environments
🔹 Ability to turn technical risks into clear guidance
Join us to make a real impact on the future of financial services while growing your career.
➡️ Apply now: Security Service Senior Specialist
We’re expanding our security team at AMP and hiring a Security Services Senior Specialist to lead application security, penetration testing, and vulnerability management.
You’ll own and uplift our AppSec framework, pen‑testing program, and vulnerability lifecycle, shaping engineering practices and protecting millions of customers.
You’ll be great for this role if you have:
🔹 Strong AppSec, pen testing, and vuln‑management experience
🔹 Confidence owning services and improving processes
🔹 Experience in regulated environments
🔹 Ability to turn technical risks into clear guidance
Join us to make a real impact on the future of financial services while growing your career.
➡️ Apply now: Security Service Senior Specialist
We’re hiring: 2x Enterprise Security Architects
08/01/2026 10:10
📍 Sydney (Hybrid) | 🏦 Financial Services | 🔐 Enterprise-scale security
We’re expanding our security leadership capability and are recruiting two Enterprise Security Architects to help shape and protect a complex, customer‑centric financial services environment.
If you’re passionate about designing security that enables the business, working at enterprise scale, and influencing outcomes across cloud, data, and core platforms, this could be a great next step.
➡️ Apply now: Entreprise Security Architect
We’re expanding our security leadership capability and are recruiting two Enterprise Security Architects to help shape and protect a complex, customer‑centric financial services environment.
If you’re passionate about designing security that enables the business, working at enterprise scale, and influencing outcomes across cloud, data, and core platforms, this could be a great next step.
➡️ Apply now: Entreprise Security Architect
Australian School Cyber Challenge 2026
06/12/2025 11:30
I am proud to share that AMP will be a sponsor of the Australian Schools Cyber Challenge 2026!
🧑🎓 Thousands of students and schools will be shaping the future of Australia’s cybersecurity talent. ASCC 2026 brings together students from every state and territory, building a sense of competition, community, and pride.
Students step out of the classroom and onto a national stage where creativity, curiosity and critical thinking shine. Schools benefit from increased visibility, community engagement, and recognition for their support of future-ready education.
If your school wants to be part of something meaningful and future-focused, this is it.
At AMP, supporting programs that nurture innovation, education, and technology skills is something we deeply believe in, and the Cyber Challenge is a perfect example of that mission in action.
Looking forward to seeing the creativity, curiosity, and determination of all the participating students this year!
Find out more at https://cyberpathways.com.au/ascc/
🧑🎓 Thousands of students and schools will be shaping the future of Australia’s cybersecurity talent. ASCC 2026 brings together students from every state and territory, building a sense of competition, community, and pride.
Students step out of the classroom and onto a national stage where creativity, curiosity and critical thinking shine. Schools benefit from increased visibility, community engagement, and recognition for their support of future-ready education.
If your school wants to be part of something meaningful and future-focused, this is it.
At AMP, supporting programs that nurture innovation, education, and technology skills is something we deeply believe in, and the Cyber Challenge is a perfect example of that mission in action.
Looking forward to seeing the creativity, curiosity, and determination of all the participating students this year!
Find out more at https://cyberpathways.com.au/ascc/
Looking for a Cyber Engineering Specialist
07/11/2025 09:31
We’re growing our 🛡️Cyber team at AMP!
If you're passionate about building secure systems that enable innovation, we’d love to hear from you.
Our Security, Risk & Compliance team is deeply embedded in the organisation - driving strategy, enabling transformation, and protecting what matters. We work with purpose, backed by strong leadership and a clear mandate.
We’re hiring a 🧑💻 Cyber Engineering Specialist to join us in Sydney.
➡️ Apply now: Cyber Engineering Specialist
If you're passionate about building secure systems that enable innovation, we’d love to hear from you.
Our Security, Risk & Compliance team is deeply embedded in the organisation - driving strategy, enabling transformation, and protecting what matters. We work with purpose, backed by strong leadership and a clear mandate.
We’re hiring a 🧑💻 Cyber Engineering Specialist to join us in Sydney.
➡️ Apply now: Cyber Engineering Specialist
Cyber Security Awareness Month 2025
31/10/2025 20:20
This week at AMP, we wrapped up our Cyber Security Awareness Month with our annual Cyber Security Showcase!
The event was buzzing with energy: interactive challenges, live demos, and conversations that turned complex topics into practical, actionable insights. Read More…
The event was buzzing with energy: interactive challenges, live demos, and conversations that turned complex topics into practical, actionable insights. Read More…
Cyber Awareness Month 2025
10/10/2025 18:57
Today, as part of Cyber Awareness Month, our Information Security team conducted a webinar for our AMP colleagues, sharing valuable insights on implementing online security practices effectively.
During the session, we covered a wide range of tips applicable to both work and home environments. From utilising auto-updates for all devices, (including robot vacuums!), to segmenting home Wi-Fi networks. We emphasised the importance of proactive security measures in the era of AI. Particularly, we discussed safeguarding children and older family members online.
We wrapped up by asking: “What’s one thing you’d recommend to others to stay secure?” Here are some key takeaways from the discussion:
It's truly commendable to witness our AMP team's commitment to cybersecurity awareness and proactive measures.
Thanks Kathy Grosse, Daniel Lupton, Vineet Ppulikottil, Max Phongsack, Steve Espino and Daisy Clarke.
During the session, we covered a wide range of tips applicable to both work and home environments. From utilising auto-updates for all devices, (including robot vacuums!), to segmenting home Wi-Fi networks. We emphasised the importance of proactive security measures in the era of AI. Particularly, we discussed safeguarding children and older family members online.
We wrapped up by asking: “What’s one thing you’d recommend to others to stay secure?” Here are some key takeaways from the discussion:
- ✨ Enhance security by enabling Multi-Factor Authentication (MFA) and transitioning to passwordless solutions.
- 🔑 Simplify password management with tools like 1Password, Microsoft Wallet, Google Password Manager and iCloud Passwords to handle complex and unique passwords effortlessly.
- 🔍 Stay vigilant by checking for data breaches using Have I Been Pwned and promptly updating compromised passwords.
- 🤔 Exercise caution before clicking on links and maintain awareness of your online activities to protect your digital footprint.
It's truly commendable to witness our AMP team's commitment to cybersecurity awareness and proactive measures.
Thanks Kathy Grosse, Daniel Lupton, Vineet Ppulikottil, Max Phongsack, Steve Espino and Daisy Clarke.
“Your Bank is Calling” - AMP Bank GO adds Caller-Verification to Fight Scams
02/09/2025 16:31
If you’ve ever hesitated to pick up a call that might be from your bank, especially amid soaring rates of phone-based scams, you’re not alone.
I’m very proud of the great work we’re doing at AMP to protect our customers, and with our latest AMP Bank GO app feature, “Your Bank is Calling,” we have your back even more. It’s a smart heads-up in real time, showing up during a call to affirm whether the person on the other end is really from your bank or not.
No more guessing. Instead, the AMP Bank GO app displays messages like “You’re on a call with AMP Bank GO” or “We’ve never called you.” This reassurance is delivered in the moment, not hours later when regret sets in.
Scammers have turned impersonation into an art form. In recent years, Australians lost billions to scams, on average nearly $20,000 per person, because the fakes appear too real. And when a caller sounds like the bank, fear sometimes overrides common sense.
But now, imagine being mid-conversation, and your banking app itself says that you’re on a safe call. That kind of compute-powered nudge to trust (or distrust) isn’t just technology; it’s a lifeline.
Combined with previous security steps we’ve been introducing, such as numberless debit cards that drastically reduce card fraud and a photo-ID plus selfie video check that’s already flagged over 1,000 shady accounts during onboarding, this is another purposeful layer of friction.
Small steps, big peace of mind.
Journey to Scrum
15/07/2025 09:56
The AMP Security, Risk & Compliance Team is on a journey to become more agile, emphasising delivering value over getting bogged down by processes and bureaucracy. This week, I had the opportunity to join several colleagues in an intensive two-day Scrum training… and I’m thrilled to share that I’m now a Certified Scrum Master!
The training was insightful, shedding light on the importance of breaking down silos and fostering cross-functional collaboration. Scrum encourages us to think outside the box, adapt quickly, and continuously improve, which aligns perfectly with our mission to drive meaningful outcomes.
A heartfelt thank you to our trainer, Sam B. From Grow Your Agility, whose expertise and engaging approach made the learning experience both impactful and inspiring.
Looking forward to applying these principles as we continue to evolve and deliver greater value as a team.
ISACA Sydney Chapter June Forum
20/06/2025 15:41
Yesterday, I had the privilege of attending the June ISACA Sydney Chapter Forum, where Maryam Shoraka presented on "Build It Like a Brain: Neuroscience-Inspired Approaches to SOC Architecture." Maryam's insights were truly captivating, offering a fresh perspective on security monitoring and response that could revolutionise the field.
A big thank you to the ISACA Team and AMP Security and Risk Teams for their dedication in making this event a success!
A big thank you to the ISACA Team and AMP Security and Risk Teams for their dedication in making this event a success!
Looking for a Senior Cloud Security Architect
31/05/2025 11:09
AMP is transforming—embracing fresh leadership, new thinking, and a future-focused approach. We’re looking for a Senior Cloud Security Architect to help redefine what financial services can be while ensuring our digital security remains world-class. In this role, you will lead our Secure By Design process, influence security decisions and help drive innovation while managing risk
At AMP, our purpose is simple: helping people create their tomorrow.
If you thrive in regulated environments, have deep AWS security expertise, and bring passion for information security, we want you on our team.
➡️ Apply now: Senior Security Architect
At AMP, our purpose is simple: helping people create their tomorrow.
If you thrive in regulated environments, have deep AWS security expertise, and bring passion for information security, we want you on our team.
➡️ Apply now: Senior Security Architect
Looking for a Security Service Senior Specialist (AppSec & Pen Test)
26/05/2025 14:17
We are looking for a new team member to join our fantastic Security Service team! This role will primarily involve overseeing Application Security, Penetration Testing, and Vulnerabilities Management services for AMP. The position entails close collaboration with our Technology, Risk, and other Security teams to ensure comprehensive security measures. Join us in safeguarding AMP!
➡️ Apply now: Security Service Senior Specialist (AppSec & Pen Test)
➡️ Apply now: Security Service Senior Specialist (AppSec & Pen Test)
ISC2 Sydney Chapter Inaugural Meeting
21/05/2025 18:56
It was an absolute honour to be part of yesterday’s inaugural ISC2 Sydney Chapter event and to join the panel discussion on AI and its impact on careers in Cybersecurity. The energy in the room, the insightful conversations, and the passion for building a strong local cybersecurity community were truly inspiring.
A big thank you to the ISC2 Sydney Chapter team for the warm welcome Edward Farrell, Mark Lee, Joe Cozzupoli, Steve Espino and Elaine H. and for putting together such a fantastic event.
Grateful to have shared the stage with such knowledgeable and forward-thinking panelists René Essomba, Cody Kieltyka and Gaurav Vikash — your perspectives made the discussion both engaging and thought-provoking.
Looking forward to seeing how this community grows and contributes to the future of cybersecurity in Sydney and beyond.
A big thank you to the ISC2 Sydney Chapter team for the warm welcome Edward Farrell, Mark Lee, Joe Cozzupoli, Steve Espino and Elaine H. and for putting together such a fantastic event.
Grateful to have shared the stage with such knowledgeable and forward-thinking panelists René Essomba, Cody Kieltyka and Gaurav Vikash — your perspectives made the discussion both engaging and thought-provoking.
Looking forward to seeing how this community grows and contributes to the future of cybersecurity in Sydney and beyond.
CGEIT Certification
09/11/2024 20:27
I'm thrilled to share that I have officially received my Certification in the Governance of Enterprise IT (CGEIT) ! 👨🎓
Looking for a Security Services Senior Specialist
04/05/2024 11:51
We are looking for a Security Services Senior Specialist! - AMP is undergoing a transformative security uplift, and we're seeking exceptional talent to fortify our cyber defenses.
In this pivotal role, you'll transition us from a reactive to a preemptive security posture, safeguarding against ever-escalating threats.
If you're passionate about cybersecurity and want to make a lasting impact, apply now!
➡️ Apply now: Security Services Senior Specialist
In this pivotal role, you'll transition us from a reactive to a preemptive security posture, safeguarding against ever-escalating threats.
If you're passionate about cybersecurity and want to make a lasting impact, apply now!
➡️ Apply now: Security Services Senior Specialist
New role
10/02/2024 14:12
🎉 Exciting news! I am thrilled to announce that I am joining AMP as their new Director of Technology - Security, Risk & Compliance (CISO). Looking forward to embarking on this new journey.
Looking for new CISO @ HSBC
15/11/2023 10:56
We are on a look out for a great new 🔐 CISO in HSBC Australia. Lead a fantastical team and join a great organisation!
Plus you get to fix all the crazy ideas I had over the last 3 years! 😁 No chance to get bored 😄
Apply now and feel free to reach out if you have questions.
Plus you get to fix all the crazy ideas I had over the last 3 years! 😁 No chance to get bored 😄
Apply now and feel free to reach out if you have questions.
NSA's Best Practices for Security your Home Network
02/03/2023 15:23
In a very recent piece of news, it was revealed that LastPass, a wildly used password manager, fail victim to a cyber attack and got all their customer data (i.e. the users stored passwords) stolen in the form of an encrypted database. Because the database was encrypted, the hackers could not access the content, so they proceed by attacking the personal home devices of one of the only 4 employees that had access to database password, and managed to break into his network and stole that password, getting access to all customer data.
That is a very committed hacker, but sadly, that is the reality: we are now all targets at home, because it is often easier to break into someone personal device and use it as a leverage to attack their organisation they work for.
Just as timely as this news is the recent publication by the NSA of their Best Practices for Security your Home Network. These are great recommendations that we can only recommend everyone to have a look at and, when possible, implement at your home!
That is a very committed hacker, but sadly, that is the reality: we are now all targets at home, because it is often easier to break into someone personal device and use it as a leverage to attack their organisation they work for.
Just as timely as this news is the recent publication by the NSA of their Best Practices for Security your Home Network. These are great recommendations that we can only recommend everyone to have a look at and, when possible, implement at your home!
New certification: Certified Information System Security Professional (CISSP)
28/01/2023 07:30
I’m happy to share that I’ve obtained a new certification: Certified Information System Security Professional (CISSP) from (ISC)²!
New certification: Certified in Cybersecurity (CC)
05/12/2022 18:55
I’m happy to share that I’ve obtained a new certification: Certified in Cybersecurity (CC) from (ISC)²!
Free (ISC)² Cybersecurity Certification Exams
04/09/2022 17:21
There are no excuses left to not do a security certification now 😁
(ISC)² Pledges One Million FREE (ISC)² Certified in Cybersecurity℠ Courses and Exams
(ISC)² Pledges One Million FREE (ISC)² Certified in Cybersecurity℠ Courses and Exams
Open IT Risk Manager role
30/08/2022 13:38
HSBC is looking for a seasoned IT Risk Management in Australia! A great opportunity to join our incredible Technology and Cyber Security team if you have some experiences in that domain.
Find out more and apply on HSBC career website.
Find out more and apply on HSBC career website.
Open Junior Cybersecurity Analyst role in HSBC Australia
16/06/2022 18:26
HSBC is looking for a junior Cybersecurity Analyst to join our fantastic team in Australia! A great opportunity to join HSBC incredible cyber capabilities if you are a recent graduate or have a little experience in that domain.
If you are interested, please apply on our career website.
If you are interested, please apply on our career website.
Congratulations Avenue Bank
08/09/2021 09:15
Congratulation to Avenue for getting its restricted banking licence, and officially becoming Avenue Bank!
It was not an easy journey but it was not luck either, because they are an awesome and dedicated bunch. Looking forward for the next steps!
It was not an easy journey but it was not luck either, because they are an awesome and dedicated bunch. Looking forward for the next steps!
New role: HSBC
13/05/2021 20:24
I am very proud to announce that I have started a new role as Chief Information Security Officer, Australia and New-Zealand at HSBC.
New role: Introducing Avenue
14/02/2021 10:40
I am very proud to announce that I have started a new role as Chief Information Security Officer at Avenue.
Avenue is building a dedicated business bank that finds new, flexible ways to free up cash flow for its customers. Whether you want to grow your business, buy some time, or simply have some breathing space, we'll free up cash with new options that other banks don't offer.
Avenue isn't a bank (yet), but we're on our way. Find out more at https://www.avenue.net.au
Open to new opportunities
29/12/2020 16:55
As I mentioned in my previous post, Xinja Bank will stop operating as a bank in the next few weeks.
For me, this sadly means that my role will stop to exist at the end of January 2021, so I will be looking for a new position shortly.
Thank you in advance for any connections, advice, or opportunities you can offer.
You can contact me by email or via Linkedin.
For me, this sadly means that my role will stop to exist at the end of January 2021, so I will be looking for a new position shortly.
Thank you in advance for any connections, advice, or opportunities you can offer.
You can contact me by email or via Linkedin.
Xinja is closing deposit accounts
22/12/2020 17:48
Xinja Bank Account will soon be discontinued and the Xinja Stash will be discontinued from 23rd December 2020.
It is a sad time for all of us at Xinja. We have worked hard to get there. But we have a lot to be proud of. We demonstrated to all that it was possible to build a bank from scratch, based on a modern cloud-based tech stack.
Some said we were the crazy ones. Maybe we were. But we created momentum. We lead the way. Other will come and continue what we started. Creating better banking, and better tomorrows.
On a personal note, I am proud that Xinja has been rated the most secure bank in Australia for 6 out of the last 12 months (and as per how Dec. is going so far, still is 😁🏆). Not a small achievement for the small team we were.
Thanks to all past and present #xinjasecurity team members. It would not have been possible without you.
Kudo to Aron, Priyal, Richard, Will, Nicole, Gary, Jeremy & Greg. You guys rock! 🤘
For more information about the closure of Xinja accounts, visit https://xinja.com.au/xinja-bank-accounts-and-stash-accounts-being-discontinued/
It is a sad time for all of us at Xinja. We have worked hard to get there. But we have a lot to be proud of. We demonstrated to all that it was possible to build a bank from scratch, based on a modern cloud-based tech stack.
Some said we were the crazy ones. Maybe we were. But we created momentum. We lead the way. Other will come and continue what we started. Creating better banking, and better tomorrows.
On a personal note, I am proud that Xinja has been rated the most secure bank in Australia for 6 out of the last 12 months (and as per how Dec. is going so far, still is 😁🏆). Not a small achievement for the small team we were.
Thanks to all past and present #xinjasecurity team members. It would not have been possible without you.
Kudo to Aron, Priyal, Richard, Will, Nicole, Gary, Jeremy & Greg. You guys rock! 🤘
For more information about the closure of Xinja accounts, visit https://xinja.com.au/xinja-bank-accounts-and-stash-accounts-being-discontinued/
In a time of change, identity has become the key to security - Webminar
08/12/2020 09:33
I was honoured to discuss Identity and Security in the cloud with Nigel Phair and Serkan Cetin at the Quest Software webinar "In a time of change, identity has become the key to security – and business continuity" last week.
Check out the full video on GoToStage.
Xinja emails get maximum security score
20/10/2020 09:56
Email. It is hard to imagine life without it. Although invented back in the seventies, it became mainstream in the nineties. Unlike overalls and bandanas, it remained popular until this day. So popular in fact, that spam and so called ‘spoofing’ has become a real threat on the internet. This is how Xinja keeps their emails super secure.
Incident Response and Breach Impact Minimisation Panel
02/10/2020 13:43
I am looking forward to be part of the panel on Incident Response and Breach Impact Minimisation on Thursday October 8th 2020 (1pm - 1.50pm AEST) with Susie Costa, Alvin Rubyono and Stephen Burmester.
More than ever, Government, industry and businesses have been under increasing attacks. The Australian Cyber Security Centre (ACSC) recently published a report stating it had responded to approximately 2300 cyber security incidents between July 2019 and June 2020. But in these times with many staff working from home, if your business was to suffer from a cyber breach, would you be able to respond effectively?
We will discuss best practices in incident response and how to manage and minimise the impact of a breach on your business.
More information at https://app.livestorm.co/forefront-events/incident-response-1
More than ever, Government, industry and businesses have been under increasing attacks. The Australian Cyber Security Centre (ACSC) recently published a report stating it had responded to approximately 2300 cyber security incidents between July 2019 and June 2020. But in these times with many staff working from home, if your business was to suffer from a cyber breach, would you be able to respond effectively?
We will discuss best practices in incident response and how to manage and minimise the impact of a breach on your business.
More information at https://app.livestorm.co/forefront-events/incident-response-1
Xinja is now PCI DSS compliant certified
22/09/2020 11:13
Xinja just got certified PCI DSS compliant! The PCI DSS compliance refers to the technical and operational standards that businesses must follow to secure and protect your credit and payment card data. These standards for compliance are developed and managed by the Payment Card Industry Security Standards Council.
It is a huge milestone for us and, if you ever got through such a certification process, you would know how challenging it is!
To mark the event, we published a short article on how we designed our environments to get compliance. So read more about it below:
It is a huge milestone for us and, if you ever got through such a certification process, you would know how challenging it is!
To mark the event, we published a short article on how we designed our environments to get compliance. So read more about it below:
Future of Security Conference
26/08/2020 11:07
I was honoured to be part of the FST Security conference on Monday, for a fireside chat around data privacy with Mark Sheppard and a Security Leader's Panel with Larkin Ryder, Michelle Bower and Sumeet Kukar.
If you were not able to attend, you can still catch these sessions on the conference website.
If you were not able to attend, you can still catch these sessions on the conference website.
Future of Security Conference
21/07/2020 10:03
After having to cancel the event back in March due to COVID-19, the Future of Security conference is back (online this time) from the 24/08.
I am very honoured to be one of the speakers. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.
I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA.
Find out more on the conference website.
I am very honoured to be one of the speakers. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.
I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA.
Find out more on the conference website.
How to become a Fierce Female Leader in Cybersecurity Meetup
20/05/2020 10:16
I am very excited to participate with Joss Howard at the very first Women in CyberSecurity Meetup next week! Hopefully I will be able to provide some insightful perspective to all!
Security GRC Manager role @ Xinja
08/04/2020 09:52
We’re on the hunt for a killer Security GRC Manager 🔒 Must be highly skilled with excellent credentials. Ready to come help us build Australia's first (and best 😉) neobank? Apply at https://xinja.com.au/careers/security-grc-manager/
Future of Security Conference, Sydney
10/03/2020 09:20
Unfortunately this event has been cancelled due to the COVID-19 outbreak, but it will be rescheduled for later on this year. Stay safe and see you all in a few month!
I am very honoured to be one of the speakers at the next Future of Security conference in Melbourne on 24/03 and in Sydney on 26/03. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.
On the 26/03 (Sydney), I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA with Wayne Bozza, Sarah O'Brien and Sumeet Kukar and Larkin Ryder.
I am very honoured to be one of the speakers at the next Future of Security conference in Melbourne on 24/03 and in Sydney on 26/03. I will be discussing the Australia Consumer Data Right (CDR), and how it can be used to champion privacy while spurring innovation.
On the 26/03 (Sydney), I will also be part of a panel discussing how emerging technologies are reshaping cyber security risks and controls, strategies to infuse security culture into financial services’ enterprise DNA with Wayne Bozza, Sarah O'Brien and Sumeet Kukar and Larkin Ryder.
CPS 234 NSW Morning Briefing
21/02/2020 13:04
Thanks all for coming to our panel on strategies to prevent data breaches & improve incident response yesterday at the CPS 234 NSW morning briefing.
Thank you to Jason Anderson and Wayne Bozza for their insightfull perspectives. And thanks to Paul Schofield for his fantastic facilitation and direction.
Thank you to Jason Anderson and Wayne Bozza for their insightfull perspectives. And thanks to Paul Schofield for his fantastic facilitation and direction.
CPS 234 NSW Morning Briefing
07/02/2020 13:29
I am looking forward to be one of the speakers at the CPS 234 NSW Morning Briefing in Sydney on 20/02/2020 with 3 great experts: Neil Hopkins, Susie Costa and Wayne Bozza.
With the passing of the July 1st deadline, ARPA regulated entities must meet the mandatory Prudential Standard CPS 234. The Standards have been created to improve resilience against information security threats, and those entities need to put the correct implementation strategy in place to safeguard themselves in the information age.
A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.
With the passing of the July 1st deadline, ARPA regulated entities must meet the mandatory Prudential Standard CPS 234. The Standards have been created to improve resilience against information security threats, and those entities need to put the correct implementation strategy in place to safeguard themselves in the information age.
A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.
Ditch Dad Banking
16/01/2020 09:44
We are launching today our “Ditch Dad Banking” campaign and our stashes (saving accounts) with great interest rates and no fees or hidden rules! Awesome work all! Never been a best time to ditch your old bank 😄
DevOps role @ Xinja
18/12/2019 11:28
A new security-related role we are recruiting for at Xinja: we are looking for a DevSecOps engineer. You’ll be embedded in the DevOps team to facilitate continuous delivery of secure, quality software to the Xinja Banking Platform using DevSecOps practices and principles. You’ll need to have a broad cross section of skills along with a strong consultative approach.
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.
If you think this is something for you, contact me or visit Xinja career website for more information.
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.
If you think this is something for you, contact me or visit Xinja career website for more information.
Unto the breach: let’s face up to data security
15/10/2019 13:10
We just published an article that talks about data security and how we, at Xinja, are protecting our customers. Let us know what you think!
Cyber Attack Conference Sydney 2019
24/09/2019 09:03
I am very honoured to be one of the speakers at the upcoming Cyber Attack 2019 Conference in Sydney on October 17th. I will be facilitating a round table discussion on how to implement a security Bring Your Own Device (BYOD) policy.
Let's. Go.
09/09/2019 12:00
Xinja has officially a full banking licence! We will be opening our first bank accounts today! 🥳
Read more at https://www.xinja.com.au/news/2019/xinja-gets-full-banking-licence/
Read more at https://www.xinja.com.au/news/2019/xinja-gets-full-banking-licence/
Xinja is #5 top startups to work for now!
04/09/2019 09:50
Xinja is #5 top startups to work for now! 🏆🏆
Australian banks face secret penetration tests
03/09/2019 09:57
An interesting initiative from NPP (which coordinate the open access infrastructure for fast payments in Australia, PayID). Following the PayID lookup attacks that occurred in the last months, they might now perform secret penetration tests to ensure that participating banks are up to the right level of protection. 💡
Read more at http://bit.ly/2lyNQT4
Read more at http://bit.ly/2lyNQT4
Super Risk Symposium - Melbourne 14/08
14/08/2019 15:40
I was honoured to be one of the speakers at the Super Risk Symposium organised by the AIST in Melbourne on 14/08.
It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.
It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.
Security Designer @ Xinja
07/08/2019 11:31
Last but not least, we are also hiring a Security Designer, a strategically critical role in defining and assessing Xinja’s security strategy, architecture and practices.
If you think this is something for you, contact me or visit Xinja career website for more information.
If you think this is something for you, contact me or visit Xinja career website for more information.
Info Sec GRC Manager @ Xinja
05/08/2019 10:13
Another great opening in the Xinja Security Team. We are looking for an Information Security GRC Manager!
This is a key role for the organisation: You will manage the information risk and security governance, focussing on raising standards and awareness, as well as providing assurance and monitoring compliance with policies and standards.
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
This is a key role for the organisation: You will manage the information risk and security governance, focussing on raising standards and awareness, as well as providing assurance and monitoring compliance with policies and standards.
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
DevSecOps role @ Xinja
01/08/2019 10:05
Another great new security-related role we are recruiting for at Xinja: we are looking for a DevSecOps engineer with a focus on security automation. You’ll be embedded in the DevOps team to facilitate continuous delivery of secure, quality software to the Xinja Banking Platform using DevSecOps practices and principles. You’ll need to have a broad cross section of skills along with a strong consultative approach.
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.
You should know that we do things a little differently at Xinja. You won’t be micromanaged and will have the flexibility to choose the tools you need to get your work done. Along with the team you work with, you’ll be given autonomy on how you design and build DevSecOps processes as long as it stays within the guidance of the Xinja Software Development Lifecycle and Information Security Management System. You should be comfortable with pushing new tools and processes and challenging the norms of secure software development and deployment.
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
You’ll work with software engineers and security experts to ensure that the right practices are in place and to take the security lead on automating the path to production to enable deployment of changes with no manual intervention and in a highly secure manner.
We run a small, crack team of DevOps engineers to help us to build out a world class continuous integration and delivery pipeline for the Xinja Banking Platform as we continue to scale at pace. You will ensure security standards are upheld and secure coding practices maintained.
You should know that we do things a little differently at Xinja. You won’t be micromanaged and will have the flexibility to choose the tools you need to get your work done. Along with the team you work with, you’ll be given autonomy on how you design and build DevSecOps processes as long as it stays within the guidance of the Xinja Software Development Lifecycle and Information Security Management System. You should be comfortable with pushing new tools and processes and challenging the norms of secure software development and deployment.
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
Security Analyst role @ Xinja
29/07/2019 17:22
I am recruiting a Security Analyst to join the fantastic security team at Xinja. The role will be responsible for assisting in building upon and improving Xinja’s Information Security Program. You will be the primary technical security resource in a small team responsible for the day-to-day operations of the security of all things Xinja.
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
If you think this is something for you, contact me or visit Xinja career website for more information.
More openings coming soon… 😉
Super Risk Symposium - Melbourne 14/08
17/07/2019 22:10
I am very honoured to be one of the speakers at the next Super Risk Symposium organised by the AIST in Melbourne on 14/08. I will be discussing being CPS compliant with 2 great experts: Joss Howard (Head of Risk Management and Governance Consulting, APAC, NCC Group) and Matt O'Keefe (Partner, KPMG).
Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.
[Update] Info and tickets at https://bit.ly/2GGHp8v
Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.
[Update] Info and tickets at https://bit.ly/2GGHp8v
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
14/05/2019 19:30
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. Read more at http://bit.ly/2Xr3Kgv
First State Super integrates advice, overhauls leadership
18/04/2019 19:35
First State Super has fully integrated its financial advice business, StatePlus.
In a move aimed at making financial advice accessible for all its members, the $70 billion fund has brought its financial advice business StatePlus in-house. Read more at http://bit.ly/2XqxFFu
"Implementing CPS 234" conference
23/02/2019 06:12
I am very proud and excited to be one of the key speakers at the "Implementing CPS 234" conference on 3rd May in Sydney.
I will be talking on how to build an information security policy framework that is agile to changing threats.
I will be talking on how to build an information security policy framework that is agile to changing threats.
What the Marriott Breach Says About Security
02/12/2018 20:04
Marriott disclosed earlier this week a four-year-long breach. It involved the personal and financial information of 500 million guests of some of its hotel properties.
What could have gone so wrong that such a breach remained unnoticed for so long? This great article shares some considerations around the security postures that companies take on, and why they work... or not.
What could have gone so wrong that such a breach remained unnoticed for so long? This great article shares some considerations around the security postures that companies take on, and why they work... or not.
Facebook Security Breach Exposes Accounts of 50 Million Users
29/09/2018 20:06
Facebook is breached, putting 50 Million users’ data at risk. Great time to ask yourself what data you are making available on the net, and what would you do if it ends ends available to all because of a breach? Maybe it’s time to close your social network accounts that are not providing you any real value?...
