Investing in a local Cyber security capability for Victoria’s Government

November 30 2021, by James Rabey | Category: Government

According to the Australian Cyber Security Centre’s latest Annual Cyber Threat Report, State governments reported the second-highest number of cyber security incidents; our police force, hospitals, schools and all agencies delivering critical services and protecting our personal information face a unique threat landscape, unlike businesses attacks on these public resources have severe impact on all of us.

Victoria, as the first state in Australia to develop a dedicated whole of government cyber strategy, recently reaffirmed the state’s commitment to invest in developing local cybersecurity capabilities to build a cyber safe Victoria.

The latest Victorian Government Cyber Strategy points out this elevated risk “From people’s medical records, to sensitive police data, sensitive and personal information held by government needs to be protected against misuse and inappropriate access. Services delivered either online or in the physical world, from water monitoring to traffic lights, need to be resilient to cyber-attacks. And digital communications such as official websites and emails from government must be trustworthy and free from manipulation.”

It’s people at the core of cybersecurity.

To effectively protect against the threats patterns facing the Victorian government, this cybersecurity capability requires developing a combination of people, process and technology that respect the specific context of all Victorian departments and agencies. Often an excessive focus is concentrated on technologies to protect and monitor against threats, but it is crucial than trained teams with expertise specific to government policies respond to what the technology is reporting and resolve through effective process.

At Macquarie, we’ve learnt from protecting 59 Australian Government agencies for almost 20 years, is the importance having a critical mass of in-country, government expertise. Australian Citizen data needs to be protected by Australian citizens, this responsibility is too critical to be offshored.

This has meant that we have had to effectively “bootstrap” our sovereign cybersecurity workforce. In a competitive employment environment, we realised we needed to recruit cyber warriors while they were still at uni. We created a program that develops security engineer graduates working in our Security Operations Centre (SOC) through mentorship by our most senior Government Security Experts while simultaneously training them on the skills and technologies required for advanced cyber threat hunting. Our SOC graduates like Hayden study and get practical experience with tools like Splunk and Sentinel, while also learning frameworks such as Mitre Att&ck and NIST.

Portrait of a cyber warrior.

Hayden joined Macquarie Government SOC as a graduate straight out of uni almost 2 years ago. Hayden spent his first year monitoring threat feeds, aggregating logs and checking for real-time threats, as well as responding to requests from our customers.

This year, Hayden was promoted to SOC architect, using the experience he gained to develop better tools and use cases. Hayden was part of the Macquarie Government SOC team that came 4th out of more than 500 in the 2021 Splunk Boss Of the SOC competition.

Developing government-specific cybersecurity IP.

In proactively monitoring and conducting hunts for threats across 42% of Australian government traffic, our graduates get the opportunity to apply and hone these skills; and the diversity and depth of this work means that the Macquarie Government’s SOC team has a retention rate well above industry standard.

This long tenure has permitted our great team of government cyber security experts to develop specific IP over the years. Today, we contribute to protecting some of Australia’s most critical public resources and Australians’ personal information through more than 4,000 dedicated government use cases augmented by threat intelligence shared with state and federal government entities and leading vendors.

As a proudly sovereign Australian company with more than 20 years presence in Victoria, we look forward in supporting the state of Victoria’s cyber strategy and continuing to build a local capability of state government experts.