Insights for prospective cyber students and practitioners
By Theo Nassiokas, Founder and Principal Consultant at Lets Go Cyber
How would you describe your professional profile?
I am a cyber & information security and technology risk leader with a 2-decade pedigree in global financial services organisations, with a passion for explaining the business impact of cyber and technology risk. Since commencing Lets Go Cyber in July 2022, I have also consulted to Government and the Energy and Fuels sectors, further diversifying my already extensive experience in global financial services, security education and awareness, law enforcement and criminal intelligence. I hold an MBA (Tech Mgt) from La Trobe University, and one of only 18 inaugural Fellows of the Australian Information Security Association (FAISA), first awarded in 2019 in recognition for leadership in information and cyber security.
Please tell us about your current role
I’m the Founder and Principal Consultant of Lets Go Cyber. Lets Go Cyber specialises in intelligent security strategy, governance, risk, compliance, and policy. We do this by providing cyber security consulting and advisory, services, education and awareness, risk assessments and reporting, executive briefings and thought leadership. We deliver this capability through strategic partnerships with highly reputable cyber security and privacy firms to provide services, including cyber incident response plans and exercises, cyber security capability maturity model (C2M2) assessments, penetration testing and red teaming, and assessments against the International Information Security Standard ISO/IEC 27001, US National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and the Australian Cyber Security Centre – Essential Eight.
What does a typical workday look like for you?
Currently, I am working with clients in Government and the Energy & Fuels sectors, preparing cyber incident response plans, supporting cyber security programs by managing cyber security governance and supplier cyber assurance uplift requirements. A day typically involves consulting to and advising clients, writing and proof-reading technical documents, such as cyber incident response plans, cyber and information security frameworks, policies, standards and processes, reviewing cyber security clauses within Master Services Agreements (MSA) and Information Security Schedules, performing supplier cyber assurance assessments, quantifying the business operational risk of cyber and information security controls gaps, and attending key stakeholder meetings with the CISO, IT Director, the IT Leadership team, and key agency and business stakeholders. Some days I do business planning, networking, and researching the latest in cyber and information security tools, techniques, procedures, and threats, and spend time with clients to understand challenges.
What education or training did you complete?
I completed year 11 at Marcellin College Bulleen and then a Certificate of Business Studies (Accounting) at Swinburne University of Technology, TAFE Division. I then trained and graduated from the Constables Course as a sworn member of Victoria Police Force and performed community policing prior to working as a detective in the Drug Squad, Special Projects Unit, and the Bureau of Criminal Intelligence (BCI). I then completed a Certificate IV in Workplace Training and Assessment at the University of Melbourne, and a Diploma in Security Management at Kangan Batman TAFE. I then got into financial services and became Board Certified in Security Management, achieving the coveted Certified Protection Professional (CPP) certification from ASIS International, followed by the Certified Information Security Manager (CISM) certification from the Information Systems, Audit and Control Association (ISACA). Later, I completed a Master of Business Administration (Technology Management) at La Trobe University and more recently became an inaugural Fellow of the Australian Information Security Association (FAISA).
What do you love about working in Cyber Security?
What I love about working in cyber security is that you never know what you’ll be facing each day at work, nor how well you’ll cope with it. It makes you get to know yourself better than you thought possible. I also love that you meet people from all walks of life, countries, cultures, and training. One of the wonderful things about cyber and information security is “unknown aetiology, common pathology”, meaning that we could come from anywhere and have virtually any training or academic background, yet find ourselves in cyber and information security. This made me realise that to be great at cyber and information security, it takes the same characteristics that make a great intelligence officer; that is, not knowing it all but knowing how to approach a problem to arrive at an optimal solution. It’s about how you think and not so much what you know. It’s about the ability to exercise dynamic lateral thinking. So, what I love about cyber and information security the most, is meeting and working with a diverse range of like-minded people that don’t mind being challenged.
What advice would you give to new students and practitioners just starting out?
Follow your heart, your passion, and your interests. This will lead you to a sustainable and long career doing something you love and adding real value. Don’t follow the money; this is not sustainable; it is short-sighted and will eventually lead you down a path of mental anguish and resentment. Don’t be afraid to make mistakes and admit to them; this is how we learn to get better at what we do and how we do it. Never think you’re the smartest person in the room; if you do, you most certainly aren’t. Everyone around you has something valuable to offer. You never really know who you’re talking to, until you get to talk to them and get to know them. Let me rephrase all the above by quoting Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Know yourself; follow your heart. Good luck!
