“Innovation in Cyber Security is not just about thinking outside the box, it is also redefining the box.”

CISO Interview Series: Sanjay Verma, Head of Information Security & Risk, Deakin University

I’ve seen that you have academic staff, such as the Deakin University chair of information security Matt Warren, who are opinion leaders. How do you as CISO tap into expertise and opinion leaders within your own organisation to further your goals?

I have the privilege to work closely with enormous pool of talent within our University. Leveraging on the existing skills and expertise across the University will be a key focus to institutionalise our Cyber Security strategy.

Matthew Warren is an esteemed researcher in the areas of Cyber Security and Computer Ethics. Over coffee we not only cover Cyber Security with a 360 degree view points focusing on research, teaching, professional and institutional aspects, but we also discuss everything around broader initiatives across the University regarding Cyber Security@Deakin.

Could you describe your average day as CISO at Deakin University? Do you have a particular routine for the start and end of day?

Every day is not the same but the only thing that is constant is change.

My “average day” starts with meeting people (preferably outside four walls!) and understanding how Cyber Security strategy can be best aligned to help them achieve their goals.

Doing a pulse check on an average day is important for me to ensure my team is focused in delivering on our promises. Everyday can be a D-Day for me and I love to celebrate success, no matter how small it is!

On a scale 1-5, do you expect that your investment on Cyber & Information Security will be increased over the next 3-5 years? What’s going to drive that?

I believe investment in Cyber Security will continue to increase across most of the industry sectors since the web is now the de-facto channel for revenue. Thus, I see a progressive increase in the Cyber Security investment.

There are range of driving factors which includes not only our focus in Digital Innovation but also how we protect our digital footprints with the rapid increase in the cloud adoption.

When you see your Deakin University colleagues refer to hackers in Russia, Ukraine etc in the newspapers. Does this make you and your team concerned that perhaps this will attract the wrong attention from such parties?

Our colleagues talk to media on several fronts – including Cyber Warfare and Cyber Security. This can be individual viewpoints or based on information which may already be out there in the public domain.

Personally I do not think this will attract the wrong attention from such parties as our focus is only to provide the best digital learning experience to our students.

How do you balance your own bandwidth between attention on your longer term security agenda and today's issue that has just arisen?

To be able to link today’s issue with the longer term security agenda is important. This helps me to continuously focus on the big picture and be able to plot every piece of work on the canvas.

Similar as a driver, it is important for me to be vigilant about the surroundings, entry / exit points, detour etc, but making sure that I am heading in the right direction and arrive safely at the destination.

Deakin Digital I understand is a new offering and takes the University into new territory with the business market. Is there a play for Deakin to provide professional Cyber Security accreditation for public and private companies?

The accreditation is an interesting idea – but it is a very complex area.

Clearly, the shortage of experienced Cyber Security talent is putting a lot of pressure on organisations. This has created a new trend where public and private companies are now approaching Universities for a partnership model on how to make Cyber security programs more hands on with real world problems and help to reduce the ever widening gap between threats and defence.

Allyn J Radford, CEO of Deakin Digital, is a thought leader in Credentialing. When discussing this topic with him, he not only appreciates the complexities of accreditation but also believes that considering credentials for Cyber Security would add value in this space.

By not doing “teaching and learning” ourselves we are able to work with both vendors and education providers to build a more flexible model for closing the skills gap. There is little hope that the IT Skills shortage can be met by traditional education methods, the task is too large. If one includes a broader range of learning opportunities and a validated assessment and Credentialing approach, we can make a bigger impact on reducing the IT skills shortage, especially in high value areas like Cyber Security.

How much cooperation do you have with other cyber security teams at other sister universities and also with private companies?

The security professionals here are pretty well networked. It does help each of us to catch-up and share ideas on different fronts. The increased collaboration which I have seen over the last few months being in the education sector is very encouraging. It demonstrates seriousness within the Cyber security world.

I would like to see more cross-collaboration with private companies in establishing a wider Cyber Intelligence community. More or less we share the same pain and learning from each other’s win or losses will enable all of us to solve the problem we face in a very pragmatic manner. We are now living in a world where the risk universe is constantly changing. There is no place for trail and error method in the Cyber world.

On a campus like Deakin with 55,000 users who are all wireless and mobile. What extra challenges does this create for you as CISO?

Every opportunity brings its own risk. In my role, it is important to maintain and provide the best user experience to all our students and staff, while maintaining a Cyber Safety culture. All aspects of controls plays a critical role – so one size does not fit all.

I would like to further mature the concept of ‘cyber elasticity’. This ensures we build a solid Cyber Security footprint, while still making it flexible enough to support the organizational needs.

If you have to estimate, what proportion of the small student population are actually ‘black hat’ or potentially going that way? What measures are you taking to track and re-direct this group?

Sorry, one more point, when it comes to the misbehaving students, traditionally which faculty has the most offenders?

It is a good research area but I am not aware of any analysis done to provide any specific view point. Without labelling an individual or a group, I would say that there are exceptionally talented students within our University. Who knows what role these talented people can play in future – the opportunity in vast in the research, operations, advisory, network and other areas of Cyber Security. There is no boundary or limitations for talented students.

What keeps you awake at night?

I will be bored if there’s nothing to keep me awake at night.

Most of the time, it’s all about spending some time to connect all the dots backwards - reflecting on what’s worked and what’s did not and then plan forward.

When I get some sleep, I love to dream on how to make things better and simpler. Something to have a go first thing in the morning!

Join the CSO newsletter!

Error: Please check your email address.

Tags security professionalsdigital bankSanjay VermaLinkedInCISODeakin UniversityDavid Geecybercrimecyber securityCISO Leaders

More about Cyber WarfareDeakin University

Show Comments

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place