The industry stalwarts helming Australia’s newest cyber security company have sidestepped chronic skills challenges by amalgamating a dozen smaller firms into a full-service consulting giant with more than 400 security experts.
CyberCX, which was founded with the backing of equity firm BGH Capital and guidance from business consultancy EY, debuted on LinkedIn this week after at least five months of planning.
The company is the brainchild of John Paitaridis – a former Optus Business Managing Director who left for BGH Capital in March and will run CyberCX – and also counts industry bellwether and former national cyber security adviser Alastair MacGibbon as Chief Strategy Officer.
Described as being “relentlessly cyber and obsessed with customer experience”, the new firm unites formerly independent cyber security teams from companies including Alcorn, Assurance, Asterisk, CQR, Diamond, Enosys, Klein & Co., Phriendly Phishing, Sense of Security, Shearwater, TSS and YellIT.
These companies “represent the brightest minds in cyber security in the country, selected because of the high quality of the leading individuals and deep bench of talent,” the firm’s announcement said.
The range of security companies involved gives CyberCX capabilities in consulting and advisory work, risk and compliance, security assurance, integration and engineering, training and education, incident response and digital forensics, and managed security services.
It also gives the firm a nationwide presence from day one, with over 20 offices in six capital cities and more planned in coming months.
More firms are expected to be brought onboard as CyberCX picks up momentum – potentially seeing it vacuum up even more of Australia’s already scarce cyber security talent.
The company “is committed to becoming the employer of choice for cyber security”, MacGibbon said, promising to “recruit, develop and grow the best talent in the country.”
Large cyber security firms have been few and far between, with a recent Hays IT market overview noting that 60 per cent of existing cyber security groups have fewer than five people.
Major enterprises might employ hundreds of cyber security engineers, either through recruitment or internal upskilling: the NAB, for one, has recently seen its internal team grow from 200 to more than 360 cyber security professionals.
CyberCX’s team is even bigger, and Paitaridis believes that offering the industry a “consultative end-to-end approach” will support its continued growth as boards and executives continue to wake up to the critical nature of cyber security.
“It is clear that many businesses, enterprises and government organisations are not yet well enough advised, supported or equipped to defend their mission critical assets,” he said.
CyberCX “understands the intersection between risk and technology,” he continued, “and has the expertise, scale and know-how to confront any cyber threat.”
Breadth of experience
Like seven-year Optus veteran Paitaridis, the firm draws heavily from extensive past experience at the major telco.
Veterans of the telco include director of strategy Phil Siefert; chief customer officer Andrew Bedford, a 20-year Optus veteran and dealmaker; director of culture and communication Melanie Truscott, with nearly 12 years at Optus; and principal consultant and former Optus project manager Nitin Ghai.
Even Paitaridis’ long-serving executive assistant, 12-year Optus veteran Marianne Grigg, has made the jump and will now serve as executive business partner with CyberCX.
Other hires include former Telstra lawyer Chris Sibree as general counsel; former Dimension Data and Cox Automotive executive and now chief people officer Snezana Jankulovski; and communications and public affairs director Peter Anstee, a former senior advisor to Malcolm Turnbull’s office.
TSS Cyber co-founder and former NAB security specialist Steve Keating will manage the firm’s managed services strategy, while former BP and Australian Energy Market Operator accountant Sophia Stefan will handle financial planning and analysis.
Operations director David Lam joins the firm after five years heading sales at Workwear Group, while former Uecomm manager Stephen Thickitt is onboard as director of IT.
Optus has been building out its own cyber security capabilities, having bought most of US-based Trustwave in 2015 and finalised the purchase last year, when it also spent $23.3m to snatch up cyber security consulting firm Hivint.
The creation of CyberCX wasn’t the only security-related move in the investment community: Craig Davies, a former Atlassian head of security, Cochlear chief security officer and AustCyber CEO who launched cyber security firm TriSecOps in June, also moved into finance with an appointment as executive director for technology and cyber security with business advisor GrowthOps.
Former Victorian government minister Philip Dalidakis, who quit Parliament in June to join Australia Post, is a non-executive director of TriSecOps.