The Public Sector Podcast: Securing Innovation Without Stalling It

Heather Dailey 25 May 2026 · 3 min read

The Public Sector Podcast: Securing Innovation Without Stalling It

Episode Overview

In this episode, Ian Pham, Chief Information Security Officer, Victorian Managed Insurance Authority explores how the meaning of being “risk averse” changes over the course of a cyber security career — from focusing purely on threats and vulnerabilities to developing a broader understanding of risk, opportunity and organisational purpose. He shares how cyber professionals often start out trying to lock everything down, but over time learn that the goal isn’t to stop everything — it’s to enable the organisation to move forward safely.

Through stories, practical examples and a personal analogy about raising his kids, Ian explains the difference between being risk averse and being risk aware. He also discusses how cyber, risk and compliance teams can support innovation — particularly in areas like AI and emerging technology — by embedding security early, reframing business cases, and aligning security work to the bigger mission of the organisation.

Key Themes

Risk aversion vs risk awareness - The goal isn’t to avoid all risk, but to understand and manage risk so the organisation can move forward safely.
Cyber security as a business enabler, not a blocker - When security is involved early and aligned to business goals, it helps projects move faster and more safely rather than slowing them down.
Innovation, AI and emerging technology risk - Emerging technologies create both opportunities and risks, and cyber teams must manage the risks without stopping innovation.
Governance and assurance that supports speed and innovation - Good governance should enable faster delivery through clear controls and early involvement, not slow projects down with late-stage approvals.
Reframing cyber conversations in business terms - Security initiatives are more successful when they are explained in terms of business value, outcomes and opportunity, not just technical risk.
Understanding enterprise risk, not just cyber risk - Cyber risk is only one part of the bigger risk picture, so decisions should consider all business risks and priorities.
Aligning security with organisational purpose - Security should support the organisation’s mission and outcomes, not operate as a separate function focused only on threats.
Building shared understanding across teams - Innovation happens more effectively when delivery, risk and security teams share the same language, goals and understanding of risk.

What You’ll Learn

How cyber professionals’ relationship with risk changes as they move into leadership
Why focusing only on cyber risk can limit innovation
How to reframe security investments in terms of business value and opportunity
Ways to embed security earlier to speed up delivery and approvals
How governance and compliance can be used to enable, not stop, innovation
Why understanding enterprise risk helps cyber teams make better decisions
How to get executive buy-in for security initiatives

Key Takeaways

Preventing breaches is a responsibility, not the ultimate goal.
The real goal is helping the organisation achieve its mission safely.
Security teams should focus on enabling innovation, not just stopping risk.
Understanding risk appetite and risk tolerance is critical for innovation.
Speaking the language of the business is key to getting support and funding.
Embedding security early makes delivery faster, not slower.
Cyber risk is only one part of the overall business risk picture.

Why You Should Listen

If you work in cyber security, risk, compliance, technology or the public sector, this episode will challenge the way you think about risk and innovation. It offers a practical and honest perspective on how security teams can move from being seen as the blocker to becoming a trusted partner that helps organisations innovate, grow and deliver on their mission.