John Kouroutzoglou has been involved in physical and cyber security for over 15 years. He has worked in government and in the private sector at large global firms such Alcatel-Lucent, HP and EY. He is currently the Information Security & Compliance Manager at Australia’s leading real estate technology firm – Domain Group. John’s areas of expertise include: Assurance, Security Awareness Training, 3rd Party Due-Diligence, Privacy and Personal Security.
What do you feel are the biggest challenges IT leaders are currently faced with within their business?
From a cyber security perspective I would say managing privacy obligations with GDPR and Australia’s Mandatory Data Breach Notification legislation. There is an incomplete understanding of what compliance actual entails, and furthermore confusion with what needs to be done when a breach occurs.
As an IT leader, what do you feel businesses continue to get wrong when it comes to their IT strategy?
I have had discussions with IT leaders where the common complaint with security being it’s under-funded or under-resourced – this is a recurring theme. We keep seeing in the media regular announcements of businesses being breached – I would say quite simply that security might not be the top priority at these firms.
What are the latest trends and behaviours you predict will be surfacing on the market over the coming 12 months?
Machine Learning (ML) and Artificial Intelligence (AI) are all the rage in security at the moment and this will continue for the next 2 to 3 years. There is an expectation that ML and AI will lead to cost reduction and operating efficiencies. Time will tell if these benefits are realised.
What is the best piece of advice you have received within your job over the years?
It’s not what you know, but who you know – learn to network.
What is one key takeaway you hope our IT audience leaves with after hearing your presentation on site?
Security threats have evolved and they are closer to organisations, and much more damaging. Threats such as insiders and 3rd parties have long been deemed to be low risk, simply because associated risks were not understood and incidents weren’t published. I hope our audience come out with a deeper understanding of how vulnerable they are, and a better understanding of how to address these evolving risks.