“The newest generation of cyber security is being defined by tactical skill sets and advanced operational capabilities.”

Sam Mackay, is the Chief Information Security officer at the NSW Department of Customer Service. He’s responsible for the protection and defence of the information and data of NSW’s 8.3 million citizens that use the services the department provides. The NSW Department of Customer Service have a team of about 100 that are all working around the clock 24/7 to protect and defend Australia’s citizens and maintain the public trust in the services being delivered as a government and a department. 

Public Sector Network sat down with Sam to discuss the changing nature of information security and the impact this is having on strategic decisions, innovation and talent development. 

Jordan Mullins, Head of Editorial, PSN: Would you say the role of cyber security is changing within government organizations? 

Sam Mackay, Chief Information Security officer, NSW Department of Customer Service: In the department, cyber security is no longer just viewed as a defensive measure, but as a strategic asset that is critical to safeguarding our citizens and their information.

We're not merely fortifying our defences; we're now taking a proactive approach that ensures continuous security and resilience of the public services that we deliver. 

The role of cyber security within the Department of Customer Service is increasingly centered around proactive measures. As the digital landscape evolves and cyber threats become more sophisticated, the department is adopting a number of strategies to enhance and maintain our security posture. We are focused on tailoring our capabilities to directly counter the activities and actions of the threats and threat actors we face.

JM: How is this generation of cyber security different from the last? 

SM: Previously where we would have established static defenses and security controls, we're now needing to embrace dynamic, threat-focused and intelligence-driven approaches.  

The newest generation of cyber security is being defined by tactical skill sets and advanced operational capabilities. 

As our systems are now distributed by design, it’s crucial to ensure we implement a zero-trust approach, continually validating, authorising and authenticating. Emerging technologies, such as AI, are force multipliers that will help us respond rapidly and quickly to threats that are emerging quicker than ever before.  

JM: People often see innovation and cyber security in conflict. Is this necessarily the case? 

SM: Now I would say that this notion is definitely outdated and it's a ‘traditional’ way of thinking. In DCS, cyber security is viewed as a critical enabler for innovation that ensures it is done in a manner that consistent with our security requirements and is secure by design. 

As the government innovates the way key services are delivered, we are embedding security at every stage, from design, to build and then to run. This is what secure-by-design looks like in practice and this approach allows us to roll out new services and technologies with the confidence that they will be protected and meet the security requirements and expectations of the public.

Our adoption of the secure by design approach sustains public trust in the services that are delivered and enhanced by innovation and new technologies. We are embracing digital innovation in a secure and considered manner which ensures we don’t end up taking one step forward and many steps back.  

JM: How can cyber security as an organization, better attract and cultivate those innovative and creative talent skillsets? 

SM: Unsurprisingly, the public sector must compete with the private sector to attract and retain talent, and whilst it is difficult to compete in terms of a renumeration sense we are able to offer something different and that is meaningful work that protects and defends the state and society we live in. As such, we seek individuals who are not just skilled and experienced, but also possess a will and desire to protect the state they live in and defend the privacy and security of their fellow citizens.   

Our cyber security teams are treated as frontline staff responsible for serving the public and protecting and defending our systems and information from threats and threat actors as much as any other frontline team. This is important for cultivating the strong purpose in the team and makes sure that despite other factors we are able to keep and build talent.  

Without cyber and information security, trust in government would erode.  

JM: My final question, what conversation are you most excited about having at the upcoming Digi NSW event? 

SM: I am most excited about having conversations around securing technology while also integrating emerging technologies. Digital NSW has released their AI framework, so I’m keen to hear the conversations that form up around that, particularly from our industry colleagues and then how industry and government can work together to not only embrace emerging technologies, but do so in the secure and safe manner that sustains and maintains trust in the things that we're doing as a government. 

Catch Sam onsite at Digital NSW this Wednesday November 27, 2024.