Questions

Answers

How does Services Australia store Australian's personal information?

The Australian Government has established strict guidelines and controls for the storage of sensitive data and personal information. Services Australia stores data in a secure, offsite facility in accordance to these guidelines.

How can you possibly protect software from every vulnerability there is?

That’s a tough one, because in some cases there are vulnerabilities that no one knows about until it’s too late. A good strategy is to make sure that your operating system is always updated and patched. Make sure that you’re using firewalls and antivirus protection. Don’t download illegal software for free; use the genuine product that you’ve paid for, from the actual vendor.

Have you been hacked yourself? And if so, what would you have done differently to minimise the potential harms?

Long before I started in cyber security, there have been instances where I’ve accidentally downloaded malware on to my computer because I clicked a link in a phishing email or something similar. It’s tough to know how and when it happened because the computer may not start behaving strange straight away. I wasn’t using a good antivirus system, nor was I paying attention to the emails I may have opened. What I do differently now is take extra care reading emails where I don’t know the sender, and make sure my antivirus is of good quality and updated regularly.

Are there people who are accessing parts of the dark web to catch criminal activity?

There are some organisations who do that, but we don’t do it at Services Australia

Do you think starting up a business around cyber security would be a good idea?

Absolutely. There’s a growing demand for cyber security because more and more services are online. There are many people who work as contractors in a specialised field who then provide services for other organisations. There’s always a risk in starting your own business, but the rewards can be amazing too.

Can cyber security skills be useful for other careers such as military?

Yes. Many organisations handle sensitive data, and the ability to be protect it while in storage, or in transit is very important. This can include skills such as encryption, investigation and forensics. That’s the great thing about cyber security; skill diversity is beneficial.

How long does it take your organisation to detect if you’ve been hacked?

There’s no definitive answer to that question. Because cybercriminals have different motives and methods, it can range from minutes to months before a cybercriminal is detected. Services Australia implements very strong security measures and has a 24/7 security operations centre to monitor for criminal activity.

Have you ever worked in The Grid?

Yes. My role was researching open source intelligence (news feeds, specialist media etc.) to find information about cyber security issues that may have an impact on our business.

What are the consequences of criminal activity in cyber security?

The penalties are very severe, from large fines to imprisonment. There are a lot of news stories of cyber criminals and their related punishments. Some good examples are Kevin Mitnick and Max Butler.

What are the details for the Digital Transformation Agency (applying for internships, cadetships etc.)?

Go to https://www.dta.gov.au/help-and-advice/learning-and-development/start-your-digital-career-government/digital-apprenticeship-program Applications are open now.

How can an undergraduate student build a portfolio in cybersecurity?

That’s a very big question. A very good article is https://www.forbes.com/sites/danwoods/2017/03/30/how-to-design-your-cybersecurity-portfolio/#3c7cf2fb331e Hopefully this will help!

What degree did you do and where?

This may surprise you, but I don’t actually have a degree in cyber security. My background prior to cyber security was in education. My start in cyber security was through TAFE. I am looking to go on to further study in the near future.

Are mature age entrants welcome in cybersecurity? Or would they be discriminated against in favour in younger entrants?

Mature age entrants are very welcome in cyber security! I myself started as an apprentice through the DTA’s apprenticeship program at age 40. There have been others who have been older. Older people have different levels of knowledge and experience, all of which is valuable.

You legitimately look and sound like Dennis Prior, but how can we be sure?

Excellent question! In a lot of cyber security organisations, staff a required to undertake a background and security assessment before they are allowed to work in sensitive areas. Once someone’s identity has been established, they are then able to access those areas. But in order to maintain the security of that access, staff might need to use multi-factor authentication, which might be in the form of a password and a security card, or a PIN and some sort security token. This is done to ensure that credentials remain with the appropriate person and that sensitive areas remain secure.