The Future of Secure Digital Government Services

As government services become increasingly digital, balancing strong cybersecurity with seamless user experience is more critical than ever. Ahead of his appearance at Government Innovation Week Federal – Cyber Security Day, we spoke with Dimitar Dimitrovski, Chief Information Officer at the Fair Work Ombudsman, about the challenges and opportunities in securing citizen-facing digital platforms.

Dimitar shares his insights on embedding security into digital transformation, avoiding common pitfalls, protecting sensitive citizen data, and preparing for the next era of secure digital government services.

Balancing Security and Usability

Q1. How do you balance the need for strong cybersecurity controls with delivering simple, user-friendly digital services for citizens?
It’s a difficult balance as there is a funding component here as well – the way that works is to use a risk-based approach which prioritises architecture/design/UX decisions alongside Cyber considerations and not just security for its own sake. There’s no point designing services which the public can’t or does not want to use.

Q2. What common pitfalls do agencies face when trying to make digital services both secure and accessible, and how can these be avoided?
I think the biggest pitfall agencies fall into is applying security practices outside of the context of application development. This tends to put security first and make application development suffer, at the cost of the end user. In a perfect world, security and application design need to work together.

Don’t miss Dimitar live at Government Innovation Week Federal – Cyber Security Showcase, where he’ll share more on these challenges and solutions.

Embedding Security in Transformation

Q3. When leading digital transformation projects, how do you ensure that security is embedded from the start rather than treated as an afterthought?
We design and build our application with the user in mind by utilizing modern UX practices alongside “secure by design” principles. Our cyber capability sits at the same layer as our architecture and platform capabilities, and leverages the “zero touch, zero trust, zero friction” principles when managing our platforms which host our applications. This ensures that the security focus is prioritised at the right layer. This in turn ensures that we satisfy all relevant PSPF/ISM controls, but not at the expense of the end user.

Q4. What governance or cultural changes are needed inside agencies to make “secure by design” a reality in citizen-facing platforms?
Adopting a more collaborative and collegiate approach to working within a government context, federal or state/local – essentially, sharing. There are some legislative barriers which would require a lot of careful planning and decision making, but this would benefit our citizens more than a fragmented, disconnected system.

Protecting Sensitive Data

Q5. With government agencies holding increasingly sensitive personal and financial data, what do you see as the biggest threats to this information today?
Siloed, fragmented services from government, with most agencies storing their own customer data, and applying different approaches to cybersecurity. The different funding available to different agencies makes this even more risky, as threat actors have multiple avenues to test.

Q6. How can agencies better anticipate and respond to evolving cyber threats that target citizen services?
Collaboration, and connecting to a government ecosystem.

Innovation and Future Outlook

Q7. As new technologies such as AI and cloud-native systems reshape government IT, how do you view the opportunities and risks they bring to digital service security?
There are many benefits in AI and cloud native platforms, especially in a fiscally tight environment. Having fewer overheads is very beneficial, particularly for smaller agencies which can really focus on having a core IT team to focus on the user/citizen experience.

Q8. Where do you see the future of secure digital government services heading in the next five years, and what should CIOs be preparing for now?
I think building for a connected government ecosystem and contributing towards the initiative is a great start. The next part is taking advantage of AI technologies in an ethical, safe and responsible way, and modernising aging platforms/infrastructure.

Practical Guidance

Q9. If you could recommend one immediate step every CIO should take tomorrow to improve the security of citizen-facing platforms, what would it be?
Building for a service-centric, connected government ecosystem, and putting application design alongside security.

Q10. Can you share an example—either from your own experience or another agency—where a security initiative significantly improved citizen trust in digital services?
I think digital ID is a good example of a security initiative that shows how we can improve citizen experience and trust.

Hear Dimitar Live

Catch Dimitar Dimitrovski alongside Jamie Rossato, Chief Information Security Officer at CSIRO, during the Innovation Track Panel: The Future of Secure Digital Government Services at Government Innovation Week Federal – Cyber Security Showcase.

12 November 2025
12:00 PM – 12:30 PM

Don’t miss this conversation on embedding trust, security, and innovation into the future of government digital services.