I’ve been in cybersecurity for almost 15 years now and only recently stepped into the role of General Manager of Cyber Defence & Intel. Before that, I spent many years as an analyst and moved through different leadership roles, so I’ve seen the operational side up close. I still like to get involved in incident response with the team when it makes sense – it keeps me grounded and connected to what our team members deal with every day.
As GM of Cyber Defence & Intel, my role goes beyond operational oversight. I’m responsible for setting the direction for our Security Operations Centre (SOC), ensuring our services continue to evolve in line with our customers’ needs.
A big part of my job involves making decisions around capability, resourcing, technology and how we prioritise improvements. It’s also about finding ways to make processes more efficient and using automation securely to add value. I see my role as ensuring our team members have the tools, support and clarity they need to do their jobs well – while keeping an eye on where we need to be next.
I got into this field because I like helping people and organisations stay safe from real threats. Even after all these years, I still find myself learning new things and discovering better ways to get the job done. Some days it’s about finding ways to add more value to the service; other days, it’s about fixing things to help us work faster and more efficiently. It’s that mix of purpose, pressure and constant change that keeps me motivated.
Our CDOC team plays a critical role by providing 24/7 monitoring, detection and response services. We continuously monitor our customers’ environments for any malicious or suspicious activity, focusing on early detection, timely escalation and effective response to potential security incidents before they can cause harm.
We only ingest the logs that are truly relevant to real-world threats. From there, we analyse data across different systems and use a combination of automation, threat intelligence and pattern matching to detect any signs of misuse or potential breaches.
Our dedicated Threat Intelligence team actively curates, validates and prioritises intelligence feeds to ensure only the most relevant and accurate data reaches our analysts. The most common threats we encounter include malware, attempted ransomware, privilege misuse, credential compromise and sophisticated phishing attacks.
Ransomware remains the most common threat worldwide. However, we’re now seeing an increase in attacks that rely on stolen identities and supply chain vulnerabilities. Our Threat Intelligence team has also reported the emergence of several new ransomware groups, making it an ongoing priority to track active threats.
In Australia and New Zealand, the threat landscape is particularly diverse. We’re seeing a combination of financially motivated cybercrime, state-backed espionage and politically driven hacking groups. This unique mix highlights how attractive and strategically important our region has become to a wide range of threat actors.
AI is transforming the cyber threat landscape on both sides of the fence. Attackers are using it to craft more convincing phishing campaigns, build smarter malware, automate reconnaissance and even mimic real user behaviour. We’re already seeing ransomware, malware and other malicious tools that clearly have AI behind them.
On the defensive side, AI is proving to be valuable in a very different way. It helps us correlate information faster, speed up investigations, reduce false positives and cut down on alert fatigue. At CDOC, we’ve already begun using AI to strengthen how we detect and respond to threats – with the goal of making our analysts more effective. We see AI, when paired with human oversight, as the right path forward and a key part of building a stronger, more resilient SOC.
It’s definitely one of the biggest challenges facing the industry right now. Security teams work under constant pressure and while every organisation tackles burnout differently, at CDOC we’ve made supporting our people a real priority.
We use automation wherever possible to cut down on repetitive tasks, make sure workloads are balanced and create clear development pathways so our team members can keep learning and progressing. Our 24/7 roster is also designed to give everyone enough rest and at least one weekend day off, which we’re proud of.
We know that life doesn’t stop outside of work. Whether it’s a doctor’s appointment or a last-minute school run, we try to give our people the flexibility they need and trust them to manage their time responsibly. They always deliver, often going above and beyond.
Of course cybersecurity can be a high-pressure space, so we make sure there’s time for fun too. From team rituals and celebrating shared wins to everyday banter, we want CDOC to be a place where people feel supported, valued and genuinely enjoy coming to work.
The shift to cloud has changed the security model completely. Traditional perimeter-based security models, where everything inside the network was trusted, no longer apply in a world where users, applications and data are everywhere. As a result, organisations have moved towards identity-centric and zero-trust models.
While the cloud brings flexibility and scalability, it also introduces new risks such as misconfiguration, exposed data and complex dependencies. Misconfigurations and API exposures are common entry points (essentially open invitations for attackers) and they’re often exploited very quickly. On the positive side, cloud adoption has accelerated innovation. Detection and response capabilities are now more scalable and supported by richer telemetry.
What our customers really want from us is clarity and confidence. They want to understand where they stand, which risks matter most and what actions will make the biggest difference in reducing those risks. That means taking the time to truly understand their business, their challenges and their threat landscape – so we’re not just monitoring alerts but delivering meaningful outcomes and recommendations.
Nobody wants a stream of alerts with no context – they want insights that drive action. We tailor our detections to each customer’s environment to reduce noise and increase relevance, provide insights that connect to business context rather than technical isolation and continually refine our approach based on feedback and evolving needs.
We see our customers as partners. We adapt our services to align with their business objectives, not the other way round. At the end of the day, we’re working together towards a shared goal: improving their security posture and protecting them more effectively.
I like the direction the industry is heading. Security is now a board-level issue rather than just a technical concern. The future will bring greater use of AI and smarter automation, freeing analysts to focus on high-value work and improving how we combine data from different telemetry sources – it’s about enabling smarter, more scalable defence.
We’ll also see stronger industry collaboration on threat intelligence and standards, with a growing emphasis on resilience rather than just prevention. Most of all, I’m excited and grateful to be in a position where I can actively contribute to that evolution through our work at Datacom’s CDOC, protecting communities and businesses from harm.
Datacom’s Cyber Defence and Intel team provides 24/7 local monitoring, detection and response, using AI and automation to strengthen threat visibility and support analysts. Operating across three sites with true “eyes on glass” coverage, the team acts fast on suspicious activity – activating incident plans, applying fixes, and escalating threats when needed. With a strong focus on people, wellbeing and capability-building, Datacom is developing a resilient cyber workforce that helps organisations stay secure, compliant and prepared for evolving risks.
