Cyber security is as much about humans as it is technology.

That’s what government cyber expert Dr Roland Padilla has learned after an ICT career spanning more than two decades.

Currently working with the Federal Government in overseeing compliance with relevant legislation, Padilla said cyber security should be driven by a combination of handling external risks and a strong internal risk management culture.

“I view cyber security as an integral part in integrating the concept of not just technology but also business and policy,” he told Information Age.

Padilla has spent the majority of his time working at the cross-section between cyber security, business management and academia.

He described modern-day cyber security as a converging Venn diagram, with technological advances, policies, and business management overlapping.

“Cyber security is increasingly becoming a business engagement, involving collaborations with key stakeholders, management of investments, and considerations of global contexts,” he said.

“Yes, I do agree that the initial perception of cyber security is that it is within the technical realm or may relate to some form of tool.”

“But I would argue that it's a mere enabler and that it’s one of the core components that a senior leader within an organisation should be highly cognisant of.

“So, it has to be looked at in terms of risk management, such as mitigating exposure to vulnerabilities and to cyber exploitations, including external and internal.”

Finding the balance

It’s this interest in balancing business requirements and cyber security that has prompted Padilla to begin a Master of Business Administration (MBA) at the Australian National University.

He explains that he believes completing these studies will provide him with a “different perspective” on the world of ICT security.

Prior to his MBA, Padilla completed a Masters with first-class honours and PhD at the University of Melbourne, where he investigated the business value in cloud computing.

Again, combining business and technological innovation allowed him to advance his ability as a cyber security professional.

As part of his research he interviewed 21 different Australian business managers on their uses and perspectives on cloud computing.

This primary research gave him meaningful industry insights, he says.

“I was able to investigate the problems encountered by managers and by investigating these problems, I fed that into my research,” he said.

“I communicated that to the academic community through peer-reviewed publications, as well as to the broader practitioner community through presentations.

“I shared my findings and provided my insights and eventually it led me to where I am now.”

Challenging our knowledge

Alongside his professional commitments with the Federal Government, Padilla is also employed by the Australian Centre for Cyber Security as a Casual Academic.

“The reason for me doing that is to keep me sharp and up to date with knowledge. It keeps me engaged with the academic community and with the students whom I value in terms of their insights,” he said.

In his role, he assists students completing their Masters of Cyber Security with their coursework while also marking and assessing various tasks.

This position provides him with a front row seat to view the state of cyber security education in Australia.

Working with postgraduate students, he says most if not all do have relevant industry experiences, including both the private and public sector, and that the overall ability of the cohort appears strong.

“I have a sense that they certainly bring with them a wealth of insights,” he said. “There's a high level of experience and knowledge that these postgraduate students do contribute to their course.”

While he can see first-hand the strength of the postgraduate sector, Padilla still believes cyber security education in Australia could be improved through strengthening industry ties.

“There has to be a so-called synchronisation of experiences and knowledge between the academic community, the private sector and the public sector.”

“So, with that, the intended outcome would be for the students to be able to learn specific courses that are aligned with industry practice.

“With this alignment, with this technicality, and relevance, the students would be highly employable for numerous sectors such as the government and the private sector.”

Creating advocacy

And for the industry overall?

“There are still a lot of improvements to be made. We just have to observe what other nations are doing in terms of investments and building their respective cyber workforce,” he says.

“However, we have been observing efforts made by the Australian government, private and academic sector relating to improving advocacy towards cyber security.”

He outlined open source reporting from the government’s official cyber security strategy and the Department of Defence’s 2016 white paper as positive public initiatives that increase visibility when it comes to cyber security, while also recognising similar efforts from the private sector.

“So, I would say that we are on the right track, we're getting there,” he said.

“Cyber security is here to stay.

“The challenge at this stage is building the appropriate cyber security workforce, and there have been indicators that the Australian government has been committed and supportive of that.”

Dr Roland Padilla is an ACS Certified Professional (Cyber Security).

In our CYBER EXPERTS SERIES, Information Age talks to cyber security leaders across Australia and beyond about the biggest threats facing the industry, how they got into cyber security, and what keeps them up at night.