Full Report
As cyber threats become more advanced, the need for strong leadership in cybersecurity is clearer than ever. Across Australia and New Zealand, cybersecurity leaders are on the front lines, protecting everything from financial systems to critical infrastructure. They are facing growing challenges as cybercriminals and state actors target key sectors, making their role in securing networks, strengthening resilience, and defending vital industries essential to our safety and economy. Recognizing the importance of cybersecurity, the Australian government has pledged $15–$20 billion by 2033–34 to enhance the nation’s cyber capabilities, including strengthening offensive cyber operations through the REDSPICE program. This move highlights the growing recognition of cybersecurity’s critical role in safeguarding the country. In this article, we spotlight the top 100 cybersecurity leaders in the ANZ region, individuals who are leading the charge to keep systems secure, shape policy, and create innovative solutions in the ever-evolving world of cybersecurity. Their expertise and efforts are vital in defending against digital threats and ensuring the resilience of our infrastructure. The Role of Cybersecurity Leaders in ANZ Region Cybersecurity leaders in the ANZ region play a multifaceted role, from securing critical infrastructure to leading innovative security strategies for organizations. Their efforts are not confined to internal risk management – they are also working collaboratively with both governments and private sectors to build stronger defenses against the ever-evolving threat landscape. The cybersecurity leaders in the region spans various industries, from banking to healthcare, government, and beyond. These leaders are instrumental in creating frameworks, driving policy changes, and advancing the development of next-gen security technologies that can stay ahead of the curve when it comes to evolving threats. Top 100 Cybersecurity Leaders in the ANZ Region Here is a list of 100 cybersecurity leaders in the ANZ region who have made remarkable contributions to the field, helping secure organizations and drive policy change in the face of growing cyber threats: Name Designation Organization Name Aaron Bailey CISO The Missing Link Aaron McKeown CISO Vector Limited Ad Wolst Head of Cyber Security Engineering & Platform Services Bupa Adwin Singh Cyber Security Domain Lead - CISO Office Inland Revenue NZ Akash Mittal CISO Sumitomo Forestry Australia Alissa Maclean Cyber Security Engineer Manager Australian Red Cross Lifeblood Alistair Vickers CISO Horizon Energy Group Limited Dr. Amit Chaubey CEO NIAD Technologies Anand Patil Head of Cyber Security Teladoc Health Andy T. Head of Security humm group Andy Pace Network & Information Security Manager MediaWorks NZ Annie (Anne) Haggar Cyber Security Partner Norton Rose Fulbright Antonio (Tony) Lou Cyber Security Manager Bendigo Health Anya Avinash Head of Cybersecurity Bank First Arun Singh ANZ Chief Information Security Officer Zip Co Babu Srinivas Global Head - Cyber Competency & Digital Trust BHP Barney R. IT Operations Manager Nando's Australia & New Zealand Barry Anderson Information Security Architecture, Strategy and Engineering Manager HESTA Bethwyn B. Head of Cybersecurity, PMO & Governance Bluescope Australian Steel Products (ASP) at Bluescope Callum N. CISO EBOS Group Limited Charles Gonzalez CISO Metcash Christopher Lowe GM Cybersecurity Ainsworth Game Technology Cody Kieltyka CISO Australian Payments Plus Crispin Apsey Cyber Security and Operations Manager SecurePay Dan Maslin Global Chief Information Security Officer Monash University Dane Maslen CISO Kami Mohammad Arif Head of Information Security (CISO) Guild Group Darren Kane CISO nbn® Australia David Geber General Manager Information Security & Risk REST Dean Kastelic Security Advisor / vCISO Bapcor Limited Doug Hammond Chief Information Security Officer Uniting Care Edmond L. Group Manager - Cyber Security Workwear Group Eshan Dissanayake CISO Officeworks Fred Hadad Chief Information Security Officer Excite Cyber Fred Thiele CISO Interactive Garry Bentlin Group CISO Nine George Abraham Chief Information Security Officer Frontier Software Grant Anthony CISO Orion Health Hari Jegatheeswaran Australian CISO & Head of APAC Cyber Operations Deloitte Australia Harsh Rasik Busa CISO Avant Mutual Ivan Dobay Senior Cybersecurity Risk and Governance Partner ANSTO James Ng General Manager - Cyber Security (CISO) Insignia Financial Jeff Whitton Founder Yirigga Jeremy K. CISO Transgrid Johann Blignaut Head of Group, IT Cyber & Data Protection Crown Resorts John Ooi CISO Australian Unity Kapil Yewale Head of Cybersecurity Clearview Kevin O' Sullivan Acting Chief Solutions Officer/ Head of Cyber & Information Security Kinetic IT Kirk Stephen Head of Cyber Security Baby Bunting Lee Barney GM Tech Security TPG Telecom Leron Zinatullin Chief Information Security Officer Linkly Liam Connolly CISO SEEK Louisa Vogelenzang Head of Cybersecurity Asia Pacific & Japan (APJ) | BISO | Senior Director Dayforce Lukasz Gogolkiewicz Head of Cyber Security Accent Group Limited Luke E Cyber Security Defense Lead Bunnings Mackenzie M. CISO Allianz Australia Manasseh Paradesi CISO Tyro Payments Mario Ellaz CISO AusNet Mark Leighton CISO Aurecon Mark Haldane Head of Cyber Defence Coles Group Mark Spadafora Chief Technology Officer National Cyber Security Centre Mazino Onibere Head of Cyber Security, Risk and Compliance Regis Aged Care Mohan Swamy Head of Cyber Security and Risk Management Pacific Blue Australia Neha Sharma CISO The Star Entertainment Group Nidhin Tamil Chief Information Security Officer Boral Nigel Hedges General Manager - IT Security Risk & Compliance (CISO) Chemist Warehouse Jean-Baptiste B. CISO/Director of Technology - Security, Risk & Compliance AMP Peeyush Khare Head of Cyber Security Practice - APAC Tech Mahindra Pieter van der Merwe Chief Security Officer Woolworths Group Pritam Rakshit CISO Cuscal Limited Richard Watson Global & Asia-Pacific Cybersecurity Consulting Leader EY Robert Turney CISO auDA - .au Domain Administration Ltd. Robert Veres CISO Colonial First State Roxanne (R) Pashaei CISO NSW Rural Fire Service Sam F. CISO David Jones Sam Conde Head of IT - Security Dyson Group of Companies Samrat Seal Group Manager, Cybersecurity Transformation Delivery and Adoption (Kmart Target and Anko) Kmart Australia Limited Sanja Marais Chief Technology and Security Office Aspen Medical Santanu Laudh Chief Information Security Officer OFX Sara Abak Chief Information Security Officer (CISO) and Chief Privacy Officer Intellihub Group Serkan T. Infrastructure & Information Security Team Leader Premiere Retail Shane M. Manager Cyber Security Architecture Asahi Shannon Remedio Technical Leader- Cyber Security Platform and Cloud Bupa Sourish Datta CISO Victorian Government Stefan S. Head of Information Security (CISO) Reece Group Stephen Bennett Global Chief Information Security Officer Domino's Pizza Enterprises Limited Steven Rebello CISO Endeavour Group Sunil Saale Chief Information Security Officer MinterEllison Tara Dharnikota Head of Information Security Management PEXA Terry Reidy Associate Director Cyber Operations and Capability University of Melbourne Tharaka Perera Head of Information Security Estia Health Tharusha Udugama Cyber Security Manager HPX Group Tim Litton CIO SafetyCulture Varun A. CISO Healthscope Venkat B. CISO TAL Australia Vijay Krishnan CISO UniSuper Vijay Narayanan CISO Mercy Health Australia Vishal Kumar Gupta Global IT Security Governance and Risk Lead Hansen Technologies Vishwanath Nair Head Cyber Risk & Compliance (CISO) BaptistCare Will Sharpe CISO Telstra Health
Analysis Summary
# Industry News: Diverse Cybersecurity Developments and Regional Leadership Recognition
## Summary
The daily intelligence digest highlights several critical security advisories, including CISA warnings for a Trimble Cityworks vulnerability and CERT-In alerts for Mozilla products, alongside emerging threat vectors like a new OG spoofing toolkit. Additionally, the digest features strategic recognition in the Asia-Pacific region with a list of top cybersecurity leaders in Australia and New Zealand (ANZ), underscoring the focus on regional talent and ongoing efforts against significant technical threats.
## Key Details
- Date: Tuesday, February 11, 2025 (Publication Date)
- Companies Involved: CISA, Trimble, Mozilla, IMI plc, Various ANZ Cybersecurity Leaders
- Category: Vulnerability Reporting, Industry Recognition, Incident Confirmation
## The Story
The news aggregation covers several operational security events: CISA has added a critical vulnerability (CVE-2025-0994) in Trimble Cityworks to its Known Exploited Vulnerabilities (KEV) catalog, demanding immediate patching. Concurrently, CERT-In issued warnings regarding high-severity flaws in Mozilla Firefox and Thunderbird. On the incident front, IMI plc confirmed a cyberattack, leading to a measurable stock drop. Furthermore, the report prominently features a list recognizing the "Top 100 Cybersecurity Leaders in Australia & New Zealand" (ANZ), highlighting key personnel driving security strategy in that region across sectors like finance, retail, and government. Emerging cybercrime techniques were also noted, specifically a new Open Graph (OG) spoofing toolkit used to manipulate social media links for phishing.
## Business Impact
### For the Companies Involved
- **Trimble/Cityworks & Mozilla:** Immediate pressure to issue and deploy patches for critical vulnerabilities, impacting product support costs and potentially customer trust if remediation is slow.
- **IMI plc:** Direct financial impact from potential disruption, remediation overhead, and market perception volatility (evidenced by the 2.4% stock drop). The incident necessitates transparent shareholder communication.
- **Listed ANZ Leaders:** Recognition enhances professional visibility but also increases public scrutiny regarding their organization's security posture.
### For Competitors
- Companies whose software is *not* flagged by CISA or CERT-In gain a temporary reputational advantage regarding platform stability and security compliance.
- Competitors to IMI plc face potential investor uncertainty regarding the resilience of their sector amidst confirmed attacks.
### For Customers
- Customers utilizing Trimble Cityworks or the affected Mozilla products must prioritize immediate patching to mitigate risk from actively exploited or high-severity flaws.
- Organizations should review their social media link verification processes following the emergence of the OG spoofing toolkit.
### For the Market
- The aggregation of critical CISA/CERT-In warnings reinforces the persistent risk associated with legacy or widely deployed software, driving demand for proactive Vulnerability Management solutions.
- The celebration of ANZ leaders signals strong localized investment and maturation in cybersecurity governance within that specific APAC market.
## Technical Implications
- The **Trimble Cityworks KEV listing** indicates that actors are likely exploiting this specific vulnerability, pushing asset owners to address potential supply chain risks, especially given Cityworks is often used in critical infrastructure or government settings.
- The **OG Spoofing Toolkit** suggests an evolution in social engineering, leveraging platform trust mechanisms (Open Graph protocol) to craft highly convincing phishing or disinformation campaigns.
- **Malware bypassing Chrome App-Bound Encryption** points to ongoing weaknesses in browser security architectures, requiring defense teams to rely more heavily on endpoint detection and response (EDR) capabilities rather than solely trusting perimeter security.
## Strategic Analysis
- Market Positioning: The simultaneous publication of KEV alerts and regional leadership recognition shows an industry prioritizing both **reactive defense (patching known flaws)** and **proactive governance (developing talent)**.
- Competitive Advantage: Vendors offering robust asset inventory, vulnerability intelligence feeds, and rapid security advisories are better positioned to support clients dealing with these urgent alerts.
- Challenges: The constant pressure from zero-day-like behaviors (reflected in KEV additions) means that large enterprises face overwhelming patch fatigue, potentially leading to strategic prioritization failures.
## Industry Reactions
- **Analyst Opinions:** Analysts likely stress the importance of prioritizing KEV-listed vulnerabilities above all else, using CISA advisories as the tactical guide for immediate defensive action against current threats.
- **Expert Commentary:** Experts are likely pointing to the need for enhanced threat intelligence sharing between government bodies (CISA, CERT-In) and private industry to contain the speed of exploit adoption.
- **Market Response:** We might expect slight upticks in business for vulnerability management platforms and security awareness training providers focused on social engineering resilience.
## Future Outlook
- We can expect continued prioritization of software supply chain integrity, especially concerning widely deployed operational technology (OT) tools like Trimble Cityworks.
- Further regulatory scrutiny regarding the timely patching of KEV-listed vulnerabilities is probable across OECD nations.
- The ANZ market will likely see increased cross-border partnerships as regional CISOs leverage shared knowledge to combat bespoke threats.
## For Security Professionals
Security teams must immediately verify their patch status for Trimble Cityworks and the flagged Mozilla products, escalating remediation efforts for anything in the KEV catalog. Furthermore, training modules for end-users should be updated to reflect the sophistication of the new OG spoofing phishing techniques, focusing on URL scrutiny beyond simple domain names.