In Conversation with Sandeep Taileng

In Conversation with Sandeep Taileng

 - Describe your work in a single sentence.

Our team safeguards the financial and personal data of Victorians from all walks of life by embedding security and resilience into our business processes, ensuring we retain public trust.

 - When you step onto that stage, what’s one thing you want people to know about you?

That security is a fundamental enabler of trust and a core capability for delivering critical public services, not a bottleneck or a compliance cost centre.

It is the foundation that allows us to not only defend against known threats but also safely innovate and adopt future emerging technologies—anticipating and mitigating the unknown unknowns—to ensure resilience and public confidence.

 - What are the top three skills you use daily?

• Stakeholder Empathy—understanding the user journey for both staff and clients to design security measures that are effective without being obstructive. 
• Suppliers Enablement – collaborating with our supplier base to uplift cyber controls maturity in a cost-effective manner, using their scale and in-depth technical knowhow.
• Regulatory Foresight—anticipating and preparing for the next wave of compliance and privacy requirements before they become mandatory crises.

 - How can AI and automation enable stronger cyber defence?

AI fundamentally changes the economics of defence by handling the "signal overload." It allows our small team to focus on the truly novel, high-impact threats (the 'unknown unknowns') while automation handles the vast volume of 'known knowns' like triage, log analysis, and automated patching cycles. It operationalises threat intelligence at scale, making our existing human expertise exponentially more effective.

 - Beyond today's threats, what emerging technological security challenge should public sector CISOs be road-mapping for right now?

This is a critical point that directly impacts our long-term fiduciary duty: the quantum decryption threat. State Trustees manages data—like wills, financial records, and administration details—that must remain confidential for decades, potentially long enough for fault-tolerant quantum computers to materialise. We are researching for the moment that current public-key cryptography (like RSA) becomes instantly breakable. Our quantum research, which is a major focus for the next 5-7 years, involves three phases: Inventory (identifying all cryptographic assets and dependencies), Prioritisation (focusing on long-lived, high-risk data that requires 'quantum-safe' protection first), and Hybrid Transition (moving to crypto-agility where systems can use both current and new Post-Quantum Cryptography (PQC) standards simultaneously). This is not a future problem; it's a present-day risk management exercise driven by our non-negotiable mission to protect our clients' future.

 - What problem will you be sharing a solution to onstage?

I will be sharing an approach to the Existential Fiduciary Risk posed by quantum computing. This is the problem of protecting sensitive data that has an inherent 30 to 100-year confidentiality requirement from future, guaranteed cryptographic failure.

 - How will the public benefit from your project?

The public benefits through the guaranteed longevity of their digital trust. For our clients, whose sensitive financial and guardianship details must be secured for their entire lives and beyond, this research provide assurance that our organisation is actively assessing emerging risks and preparing for technological advancement that may compromise the integrity or confidentiality of the information they have entrusted to us.

 - What new techniques/partnerships/systems went into making your project possible?

It was primarily enabled by partnership with both the Australian Signals Directorate (ASD) and major cloud providers to ensure early alignment with future government and industry cryptographic standards.

 - Describe your session in three words.

Quantum. Fiduciary. Longevity.

Join Sandeep for this interactive session at the Government Cyber Security Showcase Victoria taking place on Wednesday 25 March. Register here.