Governance

Chair

Dr Maria Milosavljevic is the inaugural Chief Data Officer (CDO) for the Commonwealth agency, Services Australia. She is responsible for championing the agency’s data and analytics strategy including appropriate data management, governance, use and innovation, as well as creating the right environment and collaborative arrangements to support this across the agency, broader government, industry and academia. Dr Milosavljevic is leading the improvement of evidence-based decision-making using Services Australia data and promotes an ‘open by default’ approach to data across the agency including appropriate governance, risk and assurance practices. Dr Milosavljevic also chairs the whole of government Data Champions Executive and Network at the Department of Prime Minister and Cabinet, where she champions the innovative and appropriate use of data across the Commonwealth Government. She is also an Honorary Professor of Artificial Intelligence at the Australian National University (ANU) and Chair of the Australian Computer Society (ACS) Cyber Security Committee. Prior to moving to Services Australia, Dr Milosavljevic was the inaugural NSW Government Chief Information Security Officer (GCISO) where she was responsible for building improved prevention, detection and a streamlined response to cyber security across the State. She established the function from scratch and delivered and implemented a new whole-of-government Cyber Security Strategy, Policy including minimum standards, whole-of-government Incident Response Plan & Emergency Management Plan, whole-of-government cyber incident exercises, Cyber Security Advisory Council as well as several other initiatives. Prior to this, Dr Milosavljevic was the CIO of AUSTRAC where she designed and led the creation of leading-edge capabilities for the Fintel Alliance, a world-first public-private partnership between AUSTRAC and its public and private sector partners. She also chaired international capability improvement committees for the ASEAN region. Dr Milosavljevic completed a PhD in Artificial Intelligence on a prestigious scholarship from the Microsoft Research Institute, graduated from ANU with an Executive Master of Public Administration from the Australia and New Zealand School of Government (ANZSOG), and is a graduate of the Australian Institute of Company Directors (AICD). As a data scientist, Dr Milosavljevic has developed several world-first and award-winning solutions to difficult problems in the private and public sectors throughout her career. She has also published widely and has been a keynote speaker for a range of conferences globally.

Vice Chair

Louay is a Director with over 22 years' experience in Information security across number of industries. He has also acted as Chief Information Security Officer (CISO) across number of customer engagements including Non-for-Profit and Retails and FSI. Louay has been providing advisory services for number of industries sectors: Banking & Finance, Transport, Government, Oil & Gas, Manufacturing and Gaming sectors. He has solid experience in providing security advisory for senior managers and Board of Directors. Louay has completed and lead number of large and medium security transformation programs across industries including Finance, Emergency, Utilities sectors, Fast food, City Councils, e-commerce and others. Louay has a solid technical background in technology and security technical solutions and controls. Louay holds a Bachelor Degree in Electrical Engineering and a Master Degree in Networking Systems Engineering. He also holds the following industry certifications: CISA, CISM, CRISC, QSA and ISO27001LA

Member

Ajoy Ghosh has 20+ years experience in cyber security. After graduating as a Computer Engineer, he spent a number of years in various capacities in law enforcement, banking, consultancy and government.Ajoy is the author of Standard Australia’s Handbook 171 Guidelines on the Management of IT Evidence and co-author of Handbook 231 InformationSecurity Risk Management Guidelines (now ISO 27005). He advises a number of industry and government committees on cyber security and terrorism. He also lectures in cybercrime, computer evidence and cyber warfare to post-graduate law and international studies students.Ajoy is an accredited assessor, under the Australian Signals Directorate’s Infosec Registered Assessor Program (IRAP), a Certified Information Security Systems Practitioner (CISSP), a Certified Information Systems Auditor (CISA), an Australian Computer Society Certified Professional (ACS-CP) and a Graduate of the Australian Institute of Company Directors (GAICD).In 2016 Ajoy was appointed by the Governor of NSW to the Board of St John Ambulance, serving the homes, workplaces and public gatherings of NSW. He also serves as an Instructor of Cadets for the Australian Army Cadets.

Member

Dilip Samji is the Director of Cyber Security, Cyber Intelligence and Digital Forensics for DRC Australia, a part of the DRC International Group. Dilip specializes in Cyber Security and Digital Forensics , currently leads a team of professionals at the Data Risk and Forensics Consulting in Sydney while overseeing digital forensics and IT security projects and operations across Australia, New Zealand and the Philippines. Since 2012 he has been part of the IT Security Team for DRC International Group drafting the company’s IT Cyber Security policies and procedures for DRC Portugal, Switzerland, Australia and Africa.Dilip’s vast knowledge has been developed over 35 years and his career has spanned Africa, Europe, North America, Asia, South America and Australia. Holding a variety of Senior roles, nationally and internationally, in the Government and Corporate business, focusing on software development, operations, management, audit, security, more recently Dilip has moved into the specialized field of Digital Forensics and Cyber Security.This specialization in Digital Forensics has led to many invitations to speak at international conferences and forums including the IT Security Conference 2015 in Copenhagen as a guest of the Danish Embassy. Dilip is also recognized as an industry specialist by many government bodies, and have worked in IT security projects with ex-Minister of Science and Technologyof Mozambique and assist the IT Security Advisory Board during the drafting of the Mozambique National Cyber Security Strategy (January -June 2017).Apart from being an active member of ACS (Australian Computer Society) for 25 years and serving as an ACS and UTS (University of Technology Sydney) mentor he is also a member of the Australian Information Security Association (AISA), Australian Security Information Society (ASIS),Digital Forensics Association (DFA-USA ) and is a Certified Digital Forensics Examiner with the International Association of Computer Investigation Specialists (IACIS-USA).Dilip holds a Masters of Information Systems Security and is currently undertaking a second Masters in Cyber Security. He has been supervising digital forensic investigations involving matters that range from bullying emails, IP theft, disgruntled employee, Cyber crime, assisting Lawyers and Barristers on both civil and criminal litigation as well testifying in Court as expert witness.

Member

Member

Joseph (Joe) Dalessandro, MS, has extensive experience and qualifications in information security, risk management, and audit and has worked around the world in roles in both audit and information security. Joe spent four years in Australia with Vanguard setting up their first Internal Audit department outside the USA, and he then served as Vanguard’s Global Head of Internal Audit for the Asia-Pacific region, covering Australia, Singapore, Hong Kong and Japan. He also worked in information security at Vanguard’s USA headquarters conducting third-party cybersecurity assessments and providing cyber security controls and regulatory guidance. Joe is currently Head of Security and Technology Audit and Audit Data Analytics for an Australian corporation. He also does private consulting and teaches cybersecurity concepts, including cyber risk, crisis response, and technical security audit in the Graduate programs at Tulane University and Brandeis University both in the USA. Joe is a member of a number of professional associations including the IEEE, ISACA, AISA, and is a Senior Member (MACS Snr) and Certified Cybersecurity Professional with the Australian Computer Society (ACS).

Member

John has been a member of the ACS for 32 years. He is a Fellow of the ACS, a CP, a life member of the Australian College of Educators (MACE), Hon. Secretary of ACS Victoria and Chair of the ACS Victoria Fellows and Recognition committee . He is a director of a consultancy active in applying current thinking in design of IT infrastructure, specification and procurement in IT as well as cyber security and governance of IT. He has a passionate interest in the development of the IT profession as well as promoting effective, efficient and visionary use of IT. John has contributed to international standards development as Chair of the ISO/IEC JTC1 Study Group on Governance of IT and was the Convener of the international working group JTC1 WG6 Corporate Governance of IT from 2008 to 2012. He is the Project Editor for ISO/IEC 38500:2015. John represents the ACS on Standards Australia IT-030. He has served as a Councillor of Standards Australia, and was for 10 years a member of the ATO Small Business Advisory Group. John was extremely active in the introduction of IT to the education world. He was the inaugural Director of Computing at Scotch College, followed Tony Montgomery as the Chair of the VCE Computer Science Subject Committee and was an Examiner in Computer Science at VCE level.

Member

Matthew Warren is a Professor of Cyber Security at Deakin University and Deputy Director of the Deakin University Centre for Cyber Security Research and Innovation. Professor Warren is a researcher in the areas of Cyber Security and he has authored and co-authored over 300 books, book chapters, journal papers and conference papers. He has received numerous grants and awards from national and international funding bodies, such as Australian Research Council (ARC); Engineering Physical Sciences Research Council (EPSRC) in the UK; National Research Foundation in South Africa and the European Union. He is a research theme leader in the CyberSecurity CRC (Cooperative Research Centres) a partnership between academia, industry and government. The CyberSecurity CRC is the biggest investment in Australian Cyber Security R&D at $140 million dollars over seven years. Professor Warren gained his PhD in Information Security Risk Analysis from the University Of Plymouth, United Kingdom and he has taught within Australia, Finland, Hong Kong and the United Kingdom. Professor Warren is a Fellow of the Australian Computer Society.

Member

Associate Professor Paul Haskell-Dowland is the Associate Dean for Computing and Security in the School of Science at Edith Cowan University and is an associate member of the Centre for Security, Communications & Network Research at Plymouth University (UK). Paul has delivered keynotes, invited presentations, workshops, professional development/training and seminars across the world for audiences including Sri Lanka CERT, ITU and IEEE. He has more than 20 years of experience in cyber security research and education in both the UK and Australia. Paul is the Working Group Coordinator and the ACS/Australian Country Member Representative to the International Federation for Information Processing (IFIP) Technical Committee 11 (TC11 - Security and Privacy Protection in Information Processing Systems), the secretary to IFIP Working Group 11.1 (Information Security Management), the ACS representative to Standards Australia for Risk Management (OB 007) and a member of the ACS Cyber Security Committee, a Fellow of the Higher Education Authority, a Senior Member of the IEEE, an Honorary Fellow of the Sir Alister Hardy Foundation for Ocean Science, a Fellow of the BCS and a Senior Member of the ACS/Certified Professional. He is the author of over 70 papers in refereed international journals and conference proceedings and edited 29 proceedings.

Member

Sudheera has been working in cyber security industry for more than 15 years and have extensive experience in all aspects of cyber and information security including strategy development, team building, technology introductions, stakeholder and vendor management and operations. He is responsible for defining practical, resilient and robust cyber security measures to secure the Optus network and its customer base.Sudheera led a team of internal and external consultants to develop group wide cyber security policies and standards in line with the ISO 27001 standard. Last a few years, I have been leading the rollout of organisation wide security awareness programs. I spend considerable amount of time researching risks associated with emerging technologies such as software defined networking (SDN), IoT, Cloud, Machine Learning etc. Role requires building strong relationships and frequent interaction with external suppliers and consultants to understand their product roadmap, strategies to effectively use security as an enabler against emerging technologies.As the Network Security Manager, built and managed a team of highly skilled professionals to deliver security solutions to secure the Optus network. Managed a budget of approximately AUD$ 10M year on year and delivered nearly 300 projects per year. I was accountable for installation, design and maintenance of all security infrastructures comprising of Firewalls, Intrusion detection & Prevention Systems and Denial of Service Mitigation systems in the network.Previously, acted as the Business Engagement Manager for the Networks and responsible for defining product & services strategy related to security. Prior to that, worked as a network and security architect for many years building and securing large scale networks in Australian and overseas markets. Sudheera has achieved CISSP, SABSA and Business Continuity certifications to complement my postgraduate and bachelor degrees.

Member

Emeritus Professor William J (Bill) Caelli, AO - Retired Director of cybersecurity consultancy company IISEC Pty Ltd, Emeritus Professor of the Queensland University of Technology (QUT), Adjunct Professor at Griffith University and Advisor to the School of Business and Tourism at Southern Cross University. Chairs the Safety and Stability Advisory Committee of Australia’s Domain Name Authority (auDa). Former member of the board of the "Colloquium for Information Systems Security Education (CISSE)", USA (URL http://www.cisse.info) from 2004 to 2013. Founder of Electronics Research Australia Pty Ltd, then ERACOM Pty Ltd, in 1979 which developed/manufactured a range of computers based on Stanford University Network (SUN) architecture with added cryptographic hardware/software. Cryptographic subsystems / security modules for IBM/clone PC, mainframes and data networks/computer security productswith a first hardware encryption system for the IBM PC (1984) with full hard disk encryption/trusted key management. Founding Director of the Information Security Research Centre (ISRC) at QUT in 1988, then Head of the School of Data Communications/School of Software Engineering and Data Communications. He was made an Officer in the Order of Australia in 2003. He has over 52 years experience in ICT with over 42 years in all aspects of cybersecurity, commercial cryptography and public policy concerns in the area. Worked for Hewlett-Packard Company and Control Data Corporation. PhD in nuclear physics / high speed data acquisition via IBM 1800/System 360/50 DACS combination. Fellow of the Australian Computer Society (ACS), Life Senior Member of the IEEE, Fellow of ISC2, Hon CISM (ISACA), Member IFIP TC-11 Specialties: cybersecurity, network / information security & assurance, policy in cybersecurity & ICT industry, cyberwarfare/conflict/defence, cybersecurity education, SCADA/DACS security, trusted systems, SELinux, Trusted/CMW Solaris, Trusted XENIX, Trusted UNIX, SEVMS.