"With government moving to cloud services ……understanding the security capabilities is important"

CISO Interview Series: Hai Tran, CISO, WA Police

Could you describe your average day as CISO at WA Police? Do you have a particular routine for the start and end of day??

As I am involved throughout the lifecycle of a project, the typical day includes meetings with a diverse group of stakeholders, committees and technical briefings. I don’t have a particularly daily routine except for keeping my eye on the news.

Many of the big name organisations have recently boosted their security divisions by securing top ranking IT security heads like yourself, do you think the key cyber security threats and recent breaches have pushed companies to invest more in this area?

Organisations have become increasingly aware that information is a key business asset potentially thanks to increased media coverage of security breaches. Over time information security professionals have matured, focusing their skills towards improving business performance through governance, risk and compliance activities. The increasing level of maturity of security professionals has meant that business do see value in investing more into information security.

On a scale 1-5 do you expect that your investment on Cyber & Information Security will be increased over the next 3-5 years? What’s going to drive that??

I expect a moderate uplift in spending on Cybersecurity over the coming years. This is part of ensuring security is inherent in every project and service across the agency. There is also an ongoing effort to reprioritise existing spend on those initiatives that will produce the most significant outcomes

How do you balance your own bandwidth between attention on you longer term security agenda and today's issue that has just arisen?

Targeting longer term security initiatives such as providing security architecture services and risk management services during the conceptual stages of a new information system project is an investment that delivers an ongoing business benefit. Getting some of those initiatives rolling before dealing with the tactical issues of today means that there are less tactical issues going forward. Establishing documented, repeatable processes and procedures is more often than not, a priority than dealing with short term issues.

I’m interested in understanding the degree of engagement that you have with the average policeman? I assume that you are a specialised unit operating within WA Police.

I am fortunate enough to be able to work closely the deputy CIO and his staff officer, both are sworn members. This allows me to socialise ideas and initiatives with them and to obtain feedback from them as to how this might affect frontline policing. The sworn officers help ensure that any communications and engagement with frontline officers are effective. My primary aim is to ensure that frontline officers have access to reliable and accurate information when and where they need it.

There are many new cyber security startups that are appearing. Are there any that have caught your eye recently and you are tracking their progress?

I have seen an increase in cloud services security assessment offerings. The general trend in government moving to cloud services means that getting visibility across the agency on the use of cloud services and understanding the security capabilities is important.

WA Police would clearly be a target for hackers. How do you conduct ‘mock’ incidents so that the team is prepared for data breaches??

Read more: ​8 in 10 ‘government approved’ health apps are insecure

The agency conducts regular vulnerability assessments and penetration tests conducted by both agency staff and external contractors.

I would expect that there is more and more data forensics work that WA Police have to perform in their role. How does these shifts change your cyber security stance that you need to adopt?

The Data forensics is function that is performed by the Technology Crime Unit. Conversely I’m focused on prevention, detection and stopping any security breaches ASAP. Identification of the offender and subsequent prosecution isn’t my focus.

If there is a significant security incident I refer that matter to the technology crime unit. They are appropriately resourced to conduct forensics and investigation.

When you think about adding new talent into your team. What key attributes that you look for when selecting a new staff member? Also I’m aware that there is a shortage of capability in the industry - how long does it take on average to find new talent, is this especially hard in WA??

Traditional security functions have been devolved as technical security controls have become pervasive within the network and server teams, or have been moved cloud services. The key skills I look for in an information security processionals are:

  • The ability to communicate technical information with a diverse group of non-technical stakeholders.
  • Able to build good working relationships across the entire organisation.
  • Research and report writing skills.
  • Being able to objectively look at risk vs reward
  • Have a “can do” attitude
  • Being a trusted advisor instead of a road block

Building a good team can be challenging in WA because many of the experienced security professionals are based on the East coast.

Finally what keeps you awake at night?

It’s pointless worrying about when an attack will occur. I try to focus on ensuring that when one does occur, we have the right process and procedures in place to minimise any damage and be able to restore from backups.

Join the CSO newsletter!

Error: Please check your email address.

Tags strategic discussionscyber activitiessolving customerDavid GeegovernmentCISO LeadersCSO AustraliaEnterprise riskIT security headsHai Trandata breacheswa policeCyber security threatsCISO

More about Technology

Show Comments

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place