As Naval Group Australia’s Cyber Security Specialist, Nathan takes on one of the more newsworthy portfolios of the digital age and explains how to remove the handbrake to happiness.
A collaborator by nature, Nathan enjoys exploring South Australia with friends and family and shares a special interest in the evolving food, gin and wine scene that South Australia has to offer.
Can you please briefly explain your role and responsibilities at Naval Group Australia?
I form part of the engineering team at Naval Group Australia where I am responsible for ensuring that the Future Submarine meets the cyber worthiness criteria of the Royal Australian Navy. Our role is to protect mission critical information that will be housed on the boats and ensure the right level of protections are in place.
What do you enjoy most about your role?
I enjoy the challenge of understanding a large and complex program of work. We have a very clear goal and end deliverable, but we are talking 50+ years of developing a pathway and seeing it through to execution – it is exciting stuff.
How did you get into a career in Cyber Security?
After finishing school, I started accounting at university and while studying I worked as an accountant at a mushroom farm. After a while I figured out that I didn’t really like accounting all that much and whilst working at the farm, I helped them with some technology work in the background. I helped them recover from a couple of IT incidents where data was deleted by accident and fixed backups that were not secured properly.
This led me down the data security path to which I specifically enjoyed the information security work. Information systems at university offered some information security courses, so naturally I changed degrees which cemented my career path.
From there my career in cyber career really began when I obtained a graduate role within an information risk management team, and then moved into that organisation’s security consulting team. When I say security, I do not mean the physical security, but the logical, network information security. All of the information you cannot see and how we keep that secure.
What has been the most surprising thing you have found about your role and/or working at Naval Group Australia?
How well integrated and connected we are with our French teammates. We speak to each other frequently, share information in an open and honest way and are generally interested in getting to know each other not only on a professional level, but on a personal one.
How has Naval Group Australia supported your professional development?
I am currently the Branch Chair for the Adelaide Branch of the Australian Information Security Association and it requires me to present in and out of business hours. My Manager at Naval Group Australia is really supportive and flexible about me doing this work and being in this position.
What has been your top career highlight to date?
I have always been passionate about bringing cyber security professionals together to collaborate on common issues to work out common solutions. I was able to do this on a national level by facilitating the launch the Adelaide Joint Cyber Security Centre in November 2018. I led the implementation strategy for the Centre and had Minister Christopher Pyne, Premier Steven Marshall and the Prime Minister’s Cyber Security Advisor at the opening. It was great having the opportunity to tour them around and introduce them to the team who worked so hard on opening the Centre. The media covered the event as well which was really cool. It emphasised a lot of hard work and was good to get that reward.
What has been a major challenge in your career and how did you overcome it?
A major challenge that cyber security professional’s face is shifting the narrative away from fearing cyber, to, it is a good thing if we embrace it because then we can manage risks better and improve processes. I call this removing the handbrake to happiness.
An interesting example that comes to mind was an outbreak which occurred by people clicking on a bad link in their email. The organisation did not have any processes in place to communicate a simple message to all staff. We ended up having the Fire Warden of the building communicating the message over the building PA; “There is a bad email in your inbox, stop clicking on it, do not click on it, delete it” every 15 minutes for an hour. It slowed the outbreak considerably, but in the end 350 laptops were contaminated which took three months to clean up. Three years on from that incident, and a significant amount of work by the team later, we responded to incidents with less than three days to clean up – a credit to the team and the organisation for embracing the need for change.