The key takeaways of our benchmark.

We’re delighted to share the CISO Lens Benchmark 2022. If you’re an Australian or New Zealand organisation, we’re publishing this report for you. Most organisations do not have a CISO, and could only dream of having dedicated internal security people. So our intention in sharing this is to provide insights into how the largest and most cyber-capable organisations in Australia & New Zealand are viewing cyber security and allocating resources.

https://www.cisolens.com/benchmark

CISO Lens would like to share some positive news as the work year comes to a close for many. Every year, CISO Lens has acknowledged an individual (sometimes two) whose leadership made a notable contribution to our community and/or the wider security industry.
We have a policy of not ‘outing’ members, but sometimes members out themselves. This member has previously outed themselves, and that’s why we’re able to make this acknowledgement public.
Richard Johnson, the Group CISO at Westpac, has been one of the cornerstones of the CISO Lens community since we started eight years ago. And, while CISO Lens was created to draw people together to share experiences and better practices, Richard was already doing that years before we started.
The single most visible demonstration of leadership is when the people around a leader also step up. Through the years, Richard has developed the security leadership team at Westpac into the most stable, most enduring, most outward reaching and collaborative security team in Australia. All of Australia’s big four banks have extraordinary people, and Westpac’s is still acknowledged across the community for its constancy and enviable bench strength. That is one visible manifestation of Richard’s leadership.
Through Log4j, a year (and a lifetime!) ago, Richard’s team mobilised. As all great security teams do, Westpac ISG ensured they had their own metaphorical oxygen mask on, and then they reached out to assist others. This is how the security community works, and Westpac ISG was a force of nature in the face of an industry-wide challenge. It wasn’t just one or two people from Westpac ISG, it was a platoon of expertise, sharing, participating, reviewing, researching. Through our community’s response to Log4j, Westpac ISG was the linchpin.
People don’t rise to the level of their aspirations, they fall to the level of their training; and Westpac ISG - in that crucial moment – demonstrated what they were already capable of, and this was a testament to Richard’s leadership both for Westpac but also for the region.
We are delighted to acknowledge Richard Johnson as the CISO Lens Most Valuable Player for 2022.

#securityleadership #leadership #community #people #security #team #australia #leader #ciso #training #securityindustry #collaborationovercompetition #collaboration

Yesterday in Christchurch was our last roundtable for the year. Topics included:
- Boards are maturing and asking better questions.
- The CEOs that "really get it".
- Vendor management.
- Legal, tax, and HR ripples from "work from anywhere" policies.
- Continued questioning of the value of third party SOCs.

Nadia Yousef (our New Zealand country manager) has produced an Incident Response Template and we're publishing it in the hope that it will help someone through having a bad day and prevent it from being a worse day.
#securityleadership #incidentresponse #template
https://www.cisolens.com/reports#h.a769cex3vkl