Dr. Philip Nesci

Dr. Philip Nesci

Dr. Philip Nesci is an IBRS advisor specialising in digital transformation, Cloud strategy and analytics, cyber resilience and risk management, and large scale program management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.

Read latest work...

Connect with Philip

Have a specific question for Philip Nesci?

Email

Cyber security is now front and centre for executives and boards. Yet despite its priority, both boards and ICT often struggle to achieve a unified approach to managing cyber risks. While technology leaders often see cyber security through a technology lens, boards perceive cyber security as a critical business risk and are increasingly concerned about cyber resilience.


Read more


Conclusion:

Most organisations are actively developing and implementing substantial cyber security programs. Many of these programs are externally focused and aimed at identifying, defending, and responding to cyber attacks. The internal threats posed by an organisation’s employees, malicious or inadvertent, are often given relatively minor emphasis in programs that are reviewed by IBRS.

Part of an effective cyber security response is creating a culture where security is the responsibility of everyone in the organisation. A cyber security policy is a cornerstone of this promoting an employee cyber-aware culture. If organisations do not enact a cyber security policy, they will likely be leaving themselves open to be cyber compromised. This paper sets out to assist organisations in creating a cyber security policy to protect and respond in case of an incident and is based on recommendations by the Australian Cyber Security Centre.


Read more


Conclusion:

As organisations strive to digitise more of their processes and services, several new roles are emerging alongside the traditional CIO role. A number of organisations are now considering implementing new CXO roles such as Chief Digital Officer, Chief Innovation Officer or Chief Technology Officer in order to accelerate the move to digital. Implementation of a CXO role alongside a CIO role presents multiple challenges, including role clarity and scope as the roles require strong collaboration, and can often overlap in a number of areas of responsibility. The CXO roles depend in many ways on the size and type of organisation as well as the strategic intent of the organisation with respect to digital. Careful consideration and design of the CXO roles are required to avoid confusion and conflict and to ensure that organisations deliver on their digital programs. This presentation will focus on the role of the Chief Technology Officer (CTO). It is intended to prepare CIOs to lead the discussion which may take place in their organisation.


Read more


Conclusion: Organisations are increasingly adopting digital customer strategies and on-line channels. Customer identity management is now a foundation of most customer on-line services. This is both to secure customer identities and provide a single point of access and experience when customers transact across multiple, on-line channels. Many digital identity solutions are less than effective when it comes to striking a balance between adding a layer of safety and ensuring a frictionless customer journey. Adopting a customer focused approach at each stage of the customer journey, customer identity and management systems (CIAMS), user pain-points around identity controls can be prevented through a more user-sensitive, yet risk-aware, approach.


Read more


IBRSiQ is a database of client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.


Read more


Conclusion:

Over the last 12 months, cyber security breaches arising from compromising third parties have featured in the headlines. Previously, most organisations had given little thought to their reliance on third parties for critical services, software, and the protection of sensitive information. As such, in many cases the issue has flown largely under the radar.

A compromise via a third party is now an increasingly common attack vector. This is due to the fact that the smaller third parties often hold critical data and an attack on one third party can quickly be leveraged as an attack on all its customers. Additionally, some smaller third parties do not have best-practice cyber security capabilities in place.

Security Frameworks such as NIST and ISO 27001 have long identified risks arising from third parties. CIOs need to move quickly to identify, assess, and mitigate risks from their third parties. This article provides some recommendations that will assist in managing these risks.


Read more


For many organisations, Cloud adoption has become an imperative to deliver on the ever-increasing business appetite for digital solutions. Yet despite the fact that Cloud services are now mainstream, some organisations are still stuck on the mantra of Cloud first as a strategy.


Read more


The COVID-19 pandemic has brought a much sharper focus on digital transformation efforts which have been underway in many organisations. This focus has also highlighted not only the opportunities and benefits of digital investments but also the need to accelerate the pace and delivery of outcomes.


Read more


Conclusion:

As cyber security breaches are now an almost daily occurrence for organisations, a serious breach is a question of when rather than if. Dealing with security breach not only impacts the organisation’s operations but more importantly, it poses a threat to its image and credibility.

Responses to breaches often focus on recovering business operations, systems, and data, while the response to impacted stakeholders takes a lower priority. However, it is this response that is at the core of protecting the organisation’s brand.


Read more


Conclusion:

Cyber security incidents are increasing in frequency and severity. Organisations, governments, executives, and boards are now actively monitoring and probing the progress of cyber security initiatives. At the same time, there are legislative and industry-wide pressures to achieve predetermined levels of compliance. Cyber security frameworks (CSF) provide a system of standards to achieve and demonstrate cyber security maturity. However, the task of selecting an appropriate CSF is now more complex due to the number of frameworks currently flooding the market.


Read more


Conclusion:

The rapid adoption of Cloud services and the increasing and well publicised cyber security compromises have added to the security concerns within many organisations. The Australian Cyber Security Centre (ACSC) has recently published a set of Cloud computing security considerations whereby organisations are able to undertake a high level self-assessment of their cyber risks as they transition to Cloud services. IBRS has recently hosted a roundtable with senior ICT and security professionals to highlight some hands-on lessons for managing cyber security in a Cloud environment.


Read more


Conclusion:

Delivering value faster and better with quality code has been the holy grail of software development and support for many years. Navigating a post-COVID-19 world, organisations will find themselves faced with new challenges and the expectation of delivering value and quality results in a shorter time frame.

DevOps is a set of practices that works to automate and integrate the processes between software development and support, so project teams can build, test, and release software faster and more reliably. As such, DevOps and Agile methodologies have become key tools in responding to an increasingly diversified and dynamic business landscape where most, if not all businesses are using technology to reshape their respective organisations.

Yet despite its potential to deliver, many organisations are struggling with DevOps implementations. Developing a clear roadmap based on best practices and a pragmatic approach will accelerate this journey and minimise the risk of failure.


Read more


Conclusion:

The disruption brought about by the COVID-19 pandemic has highlighted how essential agility is to business. Many organisations were able to quickly respond to the challenges of the restrictions and lockdowns by focusing on the needs of their customers while transitioning into remote work. This response shaped how the public now sees and perceives the organisation and the critical role of ICT. At the same time it has raised business expectations of ICT and organisational response that can only be addressed by utilising Agile approaches.


Read more


Conclusion

The deployment of machine learning (ML) solutions across a broad range of industries is rising rapidly. While most organisations will benefit from the adoption of ML solutions, ML’s capabilities come at a cost and many projects risk failure. Deployment of ML solutions needs to be carefully planned to ensure success, to minimise cost and time, but also to deliver tangible results and assist decision-making.


Read more