Who am I?
I am an Associate Professor at the University of Melbourne's School of Computing & Information Systems where I serve as Deputy Director of the Academic Centre of Cyber Security Excellence. I am a visiting professor at the Cyber Security Centre at the National University of Malaysia (UKM)
What is my research about?
My research and consulting expertise is in cybersecurity strategy and incident response. I lead a unique team of Cybersecurity Management researchers drawn from Information Systems, Business Administration, Security Intelligence, and Information Warfare. I have authored over a hundred scholarly articles in cybersecurity and received over $5M in grant funding. I am a member of the prestigious editorial board for the journal Computers & Security.
Who do I collaborate with?
I work with Prof Richard Baskerville, Prof Lars Mathiassen, Prof Rens Scheepers and Prof Kevin Desouza. I have previously served as a cybersecurity consultant for WorleyParsons, Pinkerton and SinclairKnightMerz. I am a Certified Protection Professional with the American Society for Industrial Security.
Our research team has been studying management practice in cybersecurity for many years. Recently we focused our capability on the challenge of cybersecurity incident response and resilience. Our research is motivated by the following research question:
How can organizations defend their information resources against organized and sophisticated cyber-threat actors?
I explore this question in a team of Cybersecurity Management researchers with my colleagues Sean Maynard, Humza Naseer and Moneer AlShaikh and eight PhD students. We are situated in the ultra-modern Melbourne Connect building at the picturesque Parkville campus of the University of Melbourne.
We believe that the organisational capability to secure information resources spans people, process as well as technology. However, good cybersecurity starts at the top of an organisation and is embedded in quality management processes and practices.
Key Research Projects: Organizational Response to Cyber Attacks, Enterprise Security Strategy, IP & Trade Secret Leakage, Risk Assessment, Information Warfare.