From one of his first jobs maintaining telex machines to his new role overseeing cybersecurity for a major technology partner to organisations across New Zealand and Australia, Datacom Chief Information Security Officer (CISO) Collin Penman has always appreciated the power of tech to connect people and organisations, and the shared role that people and tech play in keeping organisations safe.
After starting out in ICT telecommunications he moved into cybersecurity and says while it often comes with challenges, cybersecurity can be a deeply rewarding field too.
Projects that marked Collin’s earliest entry into cybersecurity included Defence Secure Networks, QANTAS Customer Internet Transformation, co-authoring an Identity Management Book, Singapore’s National Government Identity Service and his involvement in Telstra’s Customer Internet Access project.
While working in Singapore he was shoulder tapped by the Singapore Government for a contract as the National Cyber Security Advisor for the Cyber Security Agency of Singapore (CSA). In 2021 he moved back to Australia as his daughters were starting high school.
Before joining Datacom, Collin was the Australia and New Zealand Chief Information Security Officer (CISO) for IBM spinoff Kyndryl ANZ. He came to Datacom as a cybersecurity practice consultant before taking on the role of CISO.
As a CISO, the use of AI both internally and externally, is one of the most significant changes to cybersecurity that Collin is currently seeing.
Internally for many organisations it is enhancing traditional development environments, prompting considerations for growth in areas like chatbots, customer service, service desks, contact centres, and extending to edge run application agents.
“Organisations must grasp how their internal AI tools impact data usage from a security point of view. They need to balance innovation with security, considering both data access, development environments and employee training for AI products.”
Conversely, AI is supercharging the cyber threat landscape, he says.
"Before we were really cognisant of phishing and social media engineering, and you could easily pick up grammar mistakes or weird wording. As a CISO I’m seeing those cyber threats becoming more sophisticated and harder to detect and react to because AI is being used to really focus on specific individuals with the messaging within those scripts. But AI as a tool can also boost the cyber security response.”
As AI ramps up the sophistication and sheer volume of cyber threats, the issue of burnout among cybersecurity professionals is not only a risk to professionals in the field but to the organisation, he says.
“Cyber burnout has been a major problem within the cybersecurity space for some time. The people behind it are very passionate and when an incident actually happens, we take it personally. People are working 24 by 7 on monitoring, restoration, learning and certification, and just embracing new technologies.
“I certainly see AI taking a lot of automation and maybe the level one tasks but I still think there's a fundamental need to look at mental health and how people are dealing with current incidents. We also need to look at skilling not only our internal teams from a security point of view but everyone, and that comes from the top. Security should be on the minds of everybody.”
Speaking at last year’s iSANZ awards event, Collin talked about the growing burden on people working within the field of cybersecurity and the need to recognise and support the teams on the frontline.
“In the face of relentless threats, a rebounding economy and a rapidly evolving digital landscape, we’ve all seen the demand on our teams and our customers grow exponentially. In the midst of it all, we must acknowledge the immense mental and emotional strength required to work in this environment. Cybersecurity is more than just a technical profession; it’s about ownership of safeguarding businesses, protecting people, and ultimately, ensuring a safer society. But this responsibility also brings pressures that can sometimes weigh heavily on us and our teams. So, I’d like to take a moment to recognise the importance of mental health in our profession.
"Our people are our greatest asset. Their resilience, innovation, and dedication drive the success we celebrate tonight. As leaders, it’s vital that we foster not only technical excellence but also create environments where our teams feel supported, valued, and understood. This means acknowledging when the pressure is high, finding ways to balance workloads, and encouraging open conversations about mental health.
"Let us remember that, beyond the firewalls, the data, and the technology, there are people working tirelessly to protect us all... Let’s continue to push forward, not only advancing our industry but doing so in a way that respects and cares for the incredible individuals behind it.”
Collin is committed to continuous improvement in cybersecurity practices across all employees. He believes in staying updated with the latest technologies and threats and continuously enhancing security measures to protect the organisation. He highlights research that has found that 80% of data breaches are due to human error and emphasises the importance of employee training, awareness, and a security-first mindset to prevent such breaches.
Collin’s main advice to organisations wanting to improve their security is to focus on basic security measures such as patching, vulnerability management, user education, and having proper policies in place.
Collin also emphasises the importance of cyber resilience, which involves not only regular backing up, testing and restoring data but also having robust incident management processes to respond to incidents. He believes that a strong incident management process is crucial in ensuring that an organisation can quickly recover from cyberattacks.
