SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Aura Information Security explores Cybersecurity-as-a-Service
Tue, 28th Nov 2017
FYI, this story is more than a year old

In June, Michael Warnock became Country Manager for Aura Information Security, a subsidiary of mission-critical technology solutions provider, Kordia. Since then, he has been working to build awareness of the processes needed to change how Australian companies approach cybersecurity.

“Our focus is not necessarily led by technology. I think that the market has moved past ‘the latest and greatest widget or piece of software.' Aura's focus is on leading with an advisory and assurance framework. The technology piece has to be done right, but too many organisations look at technology as a silver bullet. If your people and processes aren't right, technology won't deliver the required outcome. We are striving to be the trusted advisory partner in the world of cybersecurity. That means providing outcomes.

In Australia, Aura is spearheading its cybersecurity offering through its partnership with RedShield — integrating RedShield's innovative “security at your service” driven approach.

Robin Block sat down with Michael to understand how this approach differentiates Aura Information Security in the Australian market, and gain insight into how changes in the industry are providing both challenges and opportunities.    

Do you think the demands for cybersecurity are changing — what are you offering the market and how are you expanding?

Michael: CFOs and CEOs are getting increasingly involved in security decisions — they don't want their organisation to be the next to feature on the front pages because of a breach. This is particularly relevant with the new mandatory reporting regulations that will come into effect at the end of February. We are building a specific ‘gap-plan' and ‘get-well-plan' to enable companies, and also government departments, to prepare for this change.

My role is to grow a team that can fulfil our expansion through direct and indirect channels. One focus will be government. However, there is a massive untapped opportunity in mid-market organisations that are looking for cyber assurance and cyber technology capabilities.

We see cybersecurity as a high growth area, and on the back of significant growth in New Zealand believed the time was right for Aura to enter what we see as an under-serviced market here in Australia.

We are specifically focusing on the mid-market because they need partners. Customers in this space tell us they simply don't have the ability or resource to attract and retain specialist staff. For this reason, we are offering security as a service — allowing mid-market organisations to build a robust security posture without the challenge of hiring and retaining cybersecurity talent. Our goal is to build a brand around providing a strong framework of advisory and assurance.

Do you think there is a talent shortage in cybersecurity — have you had difficulty building your team?

Michael: Recruitment is always a challenge because you are dealing with an unknown. Globally, there is a shortage of cybersecurity professionals – and that's certainly the case here in Australia too.

However, I believe that some of that reality is caused by inefficiencies in the allocation of existing resources. Companies tend to duplicate cyber capabilities, and most talent is drawn to high-end organisations. The mid-market often gets left out of that equation. Because of this, the mid-market has become easier prey for cyber-criminals who see it as a much softer target than banks or government.

We are providing a solution to both the mid-market's immediate problem, and a framework to address the entire market's supply problem by consolidating talented individuals in one place and providing solutions to a large number of organisations.

It is also important to look beyond technically trained professionals at a wider range of talent clustered around analytical thinking. I am a firm believer that people buy from people.

They buy an outcome, but they buy that outcome because they trust the person sitting across from them. My goal is to build a team of sales professionals, work closely with customers to identify problems, and build a framework for expansion. We can use people with technical cyber training to do that, but we are also looking to train tenacious and talented people from a range of backgrounds to assist in our expansion.  

What is in the future for Aura in Australia and cybersecurity?

Michael: In addition to what we're already offering in the areas of consulting services,  penetration testing and web-application shielding, we will soon unveil into market a particular offering focused on mandatory data breach notification.

We are also bringing to life a Virtual Security Officer (VSO) offering to which organisations can subscribe and bring experience and expertise into their business on an as-needed basis. We will anchor those products and services and be in market by the end of the year.

We want to be able to go work with the market to understand the specific problems afflicting different companies and build a framework that can deliver outcomes from an advisory, policy and procedural point of view. We aim to differentiate ourselves through a focus on the non-technical aspects of cyber, and the provision of that framework as a service.

In the longer term, it is important to increase the number of people in the industry – and to do this we need to foster up-and-coming cybersecurity talent. In New Zealand, we have recently signed a scholarship agreement with a large university and we are looking to set up something similar in Australia in due course.

We want to be the go-to partner for cyber advice — particularly in the Australian mid-market. We have a proud history of doing that in New Zealand already and have been a trusted partner to a wide range of organisations across many industries for more than 10 years.

I believe there is demand for this outcome. Companies have dealt with other providers and still not achieved what they want. They are looking for somebody new — we want to be that partner.