....with Arno Brok AISA National Director It took AISA just over 12 years to grow from a handful of likeminded information security specialists to a 1,000 members. Then over the last three years that number has swelled beyond 2,500 and still expanding. Maintaining that same growth trajectory sets AISA to surpass the 3,000 mark before the end of this financial year. AISA is fulfilling a need for an organisation that cares about information security and is on track to reach the vision of being the recognised voice of Information Security in Australia. More importantly, AISA needs the active participation of its diverse group of members across the nation. Since 2005 Arno Brok, AISA’s National Director and Managing Consultant for BAE Systems Applied Intelligence has given his time in this endeavour and strongly believes the association is right on track to deliver on its vision. How did you get in the security industry? I worked for an International Shipping company, and in the mid 1990’s, I made the suggestion that we should have security policies and controls in place. Shortly after this, the CIO appointed me as Head of IT Security. In the past 15 years, I attended many information security courses and focussed my work effort all in that field. I have worked in Information Security for Accenture, Deloitte and currently BAE Systems Applied Intelligence as an Information Security Specialist. How did your current position come about? I have been an Australian Information Security Association (AISA) member since 2005 and became the Sydney Branch Executive in 2008. In 2010 I joined (which was at that time) The Executive Committee as Membership Director. I took on the role as National Director of the board in December 2013. What are some of the challenges you think the industry is faces with? I believe there are many, however I will focus on the two main challenges as I see them and they are interlinked: 1. Education: Information security talent shortage will become a big challenge. Even when budgets are generous, organisations struggle to hire people with up-to-date information security skills. It is estimated that this year, the industry will encounter a shortage in excess of one million information security professionals across the globe. Chief scientist Ian Chubb urged universities at the start of 2014 to highlight this importance and
4 | Australian Security Magazine
encourage students to take-up information technology degrees; as lack of interest in the subject fuels fears of a skills shortage in a crucial growth sector in Australia. Information Security will be impacted as only a very small percentage (various studies show statistics around the 5%) of students graduating with IT degrees will choose Information Security. 2. Professionalisation of Information Security: As an industry, we urgently need to give information security specialists tools at their disposal, as we do for accountants and auditors. If you are an accountant and you become aware of dishonest activity, doing something about it is a requirement. There is an ethical framework that gives clear guidance. So the challenge is how do we get this sort of professionalisation into information security? By ensuring that Information Security is treated as a profession, with an accreditation as we know for accountants, we could find the solution to that problem. But it is a very complex problem and whatever solutions we finally agree on, this is quite possibly the toughest challenge in information security today. If we get it right, we won’t just professionalise information security; we will provide a template for a modern, open and engaging profession that will sustain us in the future. Information security and privacy matters. Right now, the world is redefining itself around us. We are answering the question of an every changing threat environment: what does the networked world mean for us, for our lives and for our expectations of freedom and privacy? Information security is the solution to that problem. We need to work on this together. Where do you see the industry heading? AISA has grown from a small group of likeminded information security specialists to the peak body for the information security industry in Australia. AISA’s mission is to promote an independent and unbiased perspective of information security and provide a wide array of personal and professional benefits to our members, the industry and the public. We are a not for profit volunteer organisation with over 2,500 members across the nation who run an average of 50 content meetings and two very successful security conferences per year. We have two part time staff and about 20 volunteers who
run the organisation to the best of their ability and time permitting. As volunteers, we have a significant workload across the organisation, but with the dedication and passion of its members, AISA is able to deliver impressive value to its members. Of course, we have many more ideas for adding value than we can handle, and we’re always looking for more members and volunteers to help deliver on our vision. AISA has strong connections to local organisations such as CERT Australia, AusCERT, iappANZ, ACSP and many others. We also have ties with global organisations such as SANS, ISACA, ISC2, EC-Council, IISP, Interpol and an ever growing list proving that AISA is globally recognised. We are collaborating with organisations such as the Australian Cyber Security Networks to get the message about cybersecurity across to Boards and Directors of companies. What do you do when you’re not working? My other passion (beside AISA) is scuba diving, which I have been doing that for over 30 years. I find it relaxing to be under water and only hear your own bubbles and to swim with the fish. I also like to read, enjoy photography and sailing with my wife.