....with
Steve Simpson
Manager, Security Consulting , Amcom
Steve Simpson has been working in security environments since joining the army at 18 years of age. He has been working solely in IT and Information Security for 16 years, and today he heads up Amcom’s security consulting division which allows him to advise Perth companies and Government departments on security governance, risk and compliance. He is also a business advisor for Amcom, advising the organisation on the strategic direction for security. Since 2010, he has been executive member of the Perth AISA branch. How did you get into the security industry? I am not entirely sure how I came to be in security, it just sort of happened. Security was such a big part of my everyday work in military communications that I did not even realise how much experience and knowledge I was amassing. However, once I became an IT consultant it soon became very clear just how much security advice I was able to impart to my clients and it was not long before this became my primary role. Security is a topic that I am quite passionate about so am very glad that fate led me down this path. This is why I am happy to dedicate some of my spare time to the Australian Information Security Association. How did your current position come about? L7 Solutions advertised for a business advisory consultant just as a contract job was finishing and I jumped at the opportunity. I have always enjoyed working in a consulting role and this was the chance to establish a security consulting practice within an established IT organisation which I was very keen to take on. Two years down the road L7 was acquired by Amcom and here I am. What are some of the challenges you think the industry is faced with? The security industry as a whole will always have challenges to face, that is our job after all. However, things have changed considerably in the last few years. Cyber attackers are far more criminally motivated and appear to be more organised than some corporate and Government organisations are. We have also seen more recently, a lot of public finger pointing at International Governments as being the source of some cyber incursions and attacks which generates further challenges. With all these changes in the profile and motivation of attackers we certainly need to be cautious and
8 | APSM Asia Pacific Security Magazine | Issue #50
ensure that we have a security strategy in place that is up to this challenge. My personal belief is that security activity monitoring is becoming more essential for any business to help them have a greater understanding of the activity that is happening within their IT environment. The one challenge that is going to remain though, is that it is becoming increasingly difficult to convince a business of their need for security, if their security works well, no one will see the threats, and if the security does not work well, the threats are so stealthy that the business will still not see the need. Other challenges right now from a security perspective are the increased take up of cloud computing operations and that of BYOD. With the changes in attack profile already mentioned businesses looking for cloud computing solutions need to be very careful to ensure that the solution they go with has the security that they need to protect the information assets that will be entrusted to the cloud. Transborder issues and cloud supply chain are also concerns in cloud computing that need to be understood before an organisation hands over their valuable data. There are plenty of safe options available but it will take some research and forethought to find them sometimes. BYOD is here to stay whether we like it or not, many organisations have seen it arrive
by stealth rather than strategy which increases the complexity of the challenge. The best way forward is going to be to embrace the technology and govern its use to ensure that you maintain the right level of control. Where do you see the industry heading? Through my role with AISA, I have seen a large increase in the number of information security professionals in Perth. Branch membership has doubled in the last three years which is great to see. I definitely see an increase both across the technical security roles and the strategic side of Governance, Risk and Compliance. Whilst global authorities have had some great wins against threat groups, the complexity and stealth of threats is only going to increase. Protective monitoring is going to become far more important in BAU situations to ensure that we have the best view of the activity within our enterprise environments.. What do you do when you’re not working? When I am not working or heading up the Perth AISA committee, I am a volunteer training manager with the State Emergency Services or am working with my wife building a holiday home. And when I have any time off from that lot I try to get a bit of quiet time fishing.