Why did you get into cybersecurity?
I was working in computer operations in the Australian Department of Social Security (now Australian Department of Human Services) and I had the chance to get into a security-related area. I quickly realized the challenges in the role and the enormity of the task to get it done properly. And I also enjoyed the challenge of improving it, there was so much scope for improvement in the early days.
Security really exploded with the internet, with the proliferation of new technology, and I could see that there were security implications for all that information sharing.
So I really got into security by luck, but stayed because I could see that it would be a growth industry.
What roles have you had in cybersecurity?
I started out at the Victorian Computer Centre for the Australian Department of Social Security and then I moved into a CISO (Chief Information Security Officer) role with an insurance company, where I managed all the security operations – physical and information. That was a really greenfields operation, I had the chance to start that from ground zero. I managed to build a very strong security infrastructure for the company and this helped me catch my first computer fraud case.
I was headhunted from the insurance company to work as a consultant for SMS Consulting. When I started with SMS I was employee number 66 and when I left, eight and a half years later, there were about 1200.
I started doing general IT consulting, then very quickly moved into setting up the security practice and I ran the national security practice for six years.
I established a security framework and mentored consultants to bring them up to speed so we could fill more security roles, with the intention of building a stand-alone security practice within SMS. Unfortunately that clashed with their general consulting model and I left to start Linus Information Security Solutions so I could do security the way I wanted to do it.
I co-founded Linus with another colleague from SMS, and we started out doing business continuity and information security consulting.
I started writing software to help in consulting engagements, to give us the ability to execute more efficiently on the work we were doing. Our clients were always asking for the software after a consulting gig, so I realized we had a great opportunity. I spent weekends and evenings developing the software and it became 60% of our revenue.
Our business continuity software won best software in Asia two years in a row, best software in Australasia three years in a row, best global software, and we were inducted into the Business Continuity Institute Hall of Fame in London.
In my career I have consulted to over 50 organisations in Finance, Telecommunications, Government, Entertainment, Mining and Education. And I’ve done everything from ethical hacking to educating Boards and advising the Privacy Commissioner.
After a while consulting engagements all look very similar and I was repeatedly solving the same
In 2016 we decided it was time to try something new so we sold the software side of the company. The business continuity consulting practice was sold in 2017 and our business partner moved to the new owners.
The sales gave us the foundation to move into a new venture. An opportunity for us to sit back and actually think about what we really wanted to do.
Which key experiences do you think have prepared you for your role as CTO and Head of Product at HackHunter?
It’s really been a case of doing what we wanted to do and playing to our strengths. In my case, one of my strengths is security and the other is my strong technology background, not just from a software development point of view, but I’m also actively interested in technology.
I was a technology advisor to the Privacy Commissioner in Victoria, technology advisor to the Law Reform Commission in Victoria and did some police investigation work. I’ve advised on subjects from biometric security through to satellite surveillance systems and I really enjoyed that work, the educational and research aspects. So whatever we did next needed to have a strong technology focus.
I also have a strong interest in home automation systems, microcontroller and system-on-a-chip technology used for the Internet of Things (IoT). I’ve been doing a lot of home automation systems for a number of years and I thought that there was an opportunity to combine IoT with security.
I started researching microcontroller capabilities and how they could be used for security, like would it be possible for a microcontroller to do basic network sniffing and scanning? Then I wanted to see if I could push it to do proper high-speed packet analysis. So that was really a challenge to myself. And that became the foundation of HackHunter.
What do you like most about your work?
I really like solving real-world problems.
When I was researching I came across some bulletin boards and one person in particular lived in an apartment block and their Wi Fi network was being attacked by somebody in the building. They didn’t know who and it was very frustrating because they couldn’t do any work, their network was down all the time. They knew it was malicious and thought someone was doing what’s called a de-authentication attack on their network.
That gave me the idea to see if I could build a device that could detect a de-authentication attack on a network, track it and find the source of the attack, and then this person could solve their problem. They could literally walk around the building, work out who was initiating the attack and tell them to stop, politely!
And that was the basis for HackHunter.
I like being able to do a lot of my own engineering. I have a real love for not just the technology, but also the electronics, the firmware, and especially the 3D printing.
I’m quite a creative person at heart and I find it really fun 3D printing an amazing tool. It lets me express my creativity. And of course, those skills also apply to IoT as well. I love that I can put together engineering, 3D printing and software, and explore my creativity, in my everyday work.