Benji Crooks, Marketing Director at Public Sector Network, spoke with Mark Karasounou, Chief Information Security Officer at the New South Wales Rural Fire Service (NSW RFS), about what trust looks like in practice for digital government, how agencies should respond when incidents occur, and the growing expectation for “always on” services. Mark will appear at Government Cyber Security Showcase New South Wales as part of Government Innovation Week New South Wales on Thursday, 30 July 2026 in a session titled "Digital Government Runs on Trust and Cyber Now Decides It".
Benji Crooks: So if you could just introduce yourself — your name, the department, and your job role.
Mark Karasounou: Yeah. So my name is Mark Karasounou. I work for the New South Wales Rural Fire Service as emergency services. My role there is Chief Information Security Officer. That’s basically me, very high level.
Benji Crooks: Looking at your panel, it frames cyber as central to public trust within digital government in New South Wales. What does trust mean in practice?
Mark Karasounou: It’s a really good question. The way I think about trust in digital government is that citizens can rely on government services to be secure, available, transparent, and resilient.
From a NSW RFS perspective, trust is built when emergency services continue to operate during crisis, personal information is protected, and the community has confidence in the systems supporting frontline operations — with resilience and accountability as key parts of that.
Benji Crooks: When disruption happens, what matters most to rebuild confidence — recovery speed, transparency, accountability, or something else?
Mark Karasounou: Potentially all of the above. But if I dig down into it, speedy recovery is critical. At the same time, transparency and accountability also rebuild confidence longer term.
From the NSW RFS world, people understand incidents can happen — it’s expected. But they expect agencies to respond quickly, communicate honestly, demonstrate lessons learned, and keep improving.
Benji Crooks: When you look at the biggest gap between cyber capability and the expectations of citizens right now, what do you foresee that is in government services?
Mark Karasounou: The biggest gap is between citizens’ expectations for always-on digital services and the complexity of securing legacy and interconnected government environments.
The public expects seamless, secure services 24/7, while agencies are balancing cyber uplifts, operational resilience, budget pressures, and an evolving threat landscape — all at the same time.
Benji Crooks: As we’ve moved forward into more of a digital age, have expectations from the public increased?
Mark Karasounou: Yeah, definitely. New technologies evolve — like AI — and expectations rise around how these technologies benefit frontline workers, including emergency service volunteers, while also being secure and protecting the community.
AI is evolving, and security needs to catch up. We need to think about controls and how we measure and manage that.
Benji Crooks: With the introduction of tools like AI and broader digital change, cyber attacks and threats must be increasing across the board.
Mark Karasounou: Definitely — 100%. If I give an example: from a red team and blue team perspective, you can have AI continually attacking organisations as part of the threat landscape, while defenders are also using tools and controls to protect the organisation at the same time.
Benji Crooks: Have you experienced anything like a cyber attack involving AI so far?
Mark Karasounou: Short answer, no — I haven’t experienced any AI threats directly. But looking at other agencies’ experiences, there probably has been AI used in the background — for example, using content to draft emails or methods to compromise the “front door” of the digital space.
That could be through service desks or identity-based approaches — trying to gain access, or access confidential information — using AI to improve the quality of those attempts. So yeah, it would definitely be out there.
Benji Crooks: You’re speaking at our cybersecurity showcase in New South Wales. What’s one thing you hope attendees will take away after your panel?
Mark Karasounou: Cyber and cyber resilience are everybody’s responsibility — not just the cybersecurity team.
One action I encourage is strengthening visibility and assurance over third-party vendors, critical systems, supply chains, and operational resilience — because they’re major security risk areas. A lot of this is also an education piece: continuous educating, training, and ongoing governance so everybody understands their role in security.
Benji Crooks: It’s almost an uplift of education across the public sector, so people know cybersecurity is their responsibility as well as the organisation’s.
Mark Karasounou: Yeah — 100%. And examples include Cyber Month awareness activities: sending communications like “rotate your password,” “don’t click phishing emails,” “don’t share credit card information,” and so on.
It should be pushed continuously. There are different methods — table-top exercises, ongoing phishing campaigns, and targeting sensitive departments like finance, legal, health — making sure people are aware of what’s happening and that knowledge is transferred.
Benji Crooks: I’m honestly a prime candidate for someone who clicks those emails all the time.
Mark Karasounou: Yeah — it’s an ongoing thing that needs to happen and needs to be addressed, definitely.
Hear Mark Karasounou at Government Cyber Security Showcase New South Wales as part of Government Innovation Week New South Wales on Thursday, 30 July 2026. Mark will explore how cyber resilience underpins citizen confidence in NSW digital services — and what transparency, accountability and rapid recovery look like when disruption occurs.
Help your peers
Share what you've learned with fellow public servants