Dr. Philip Nesci

Dr. Philip Nesci

Dr. Philip Nesci is an IBRS advisor specialising in digital transformation, Cloud strategy and analytics, cyber resilience and risk management, and large scale program management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.

Read latest work...

Connect with Philip

Have a specific question for Philip Nesci?

Email

For many organisations, Cloud adoption has become an imperative to deliver on the ever-increasing business appetite for digital solutions. Yet despite the fact that Cloud services are now mainstream, some organisations are still stuck on the mantra of Cloud first as a strategy.


Read more


The COVID-19 pandemic has brought a much sharper focus on digital transformation efforts which have been underway in many organisations. This focus has also highlighted not only the opportunities and benefits of digital investments but also the need to accelerate the pace and delivery of outcomes.


Read more


Conclusion:

As cyber security breaches are now an almost daily occurrence for organisations, a serious breach is a question of when rather than if. Dealing with security breach not only impacts the organisation’s operations but more importantly, it poses a threat to its image and credibility.

Responses to breaches often focus on recovering business operations, systems, and data, while the response to impacted stakeholders takes a lower priority. However, it is this response that is at the core of protecting the organisation’s brand.


Read more


Conclusion:

Cyber security incidents are increasing in frequency and severity. Organisations, governments, executives, and boards are now actively monitoring and probing the progress of cyber security initiatives. At the same time, there are legislative and industry-wide pressures to achieve predetermined levels of compliance. Cyber security frameworks (CSF) provide a system of standards to achieve and demonstrate cyber security maturity. However, the task of selecting an appropriate CSF is now more complex due to the number of frameworks currently flooding the market.


Read more


Conclusion:

The rapid adoption of Cloud services and the increasing and well publicised cyber security compromises have added to the security concerns within many organisations. The Australian Cyber Security Centre (ACSC) has recently published a set of Cloud computing security considerations whereby organisations are able to undertake a high level self-assessment of their cyber risks as they transition to Cloud services. IBRS has recently hosted a roundtable with senior ICT and security professionals to highlight some hands-on lessons for managing cyber security in a Cloud environment.


Read more


Conclusion:

Delivering value faster and better with quality code has been the holy grail of software development and support for many years. Navigating a post-COVID-19 world, organisations will find themselves faced with new challenges and the expectation of delivering value and quality results in a shorter time frame.

DevOps is a set of practices that works to automate and integrate the processes between software development and support, so project teams can build, test, and release software faster and more reliably. As such, DevOps and Agile methodologies have become key tools in responding to an increasingly diversified and dynamic business landscape where most, if not all businesses are using technology to reshape their respective organisations.

Yet despite its potential to deliver, many organisations are struggling with DevOps implementations. Developing a clear roadmap based on best practices and a pragmatic approach will accelerate this journey and minimise the risk of failure.


Read more


Conclusion:

The disruption brought about by the COVID-19 pandemic has highlighted how essential agility is to business. Many organisations were able to quickly respond to the challenges of the restrictions and lockdowns by focusing on the needs of their customers while transitioning into remote work. This response shaped how the public now sees and perceives the organisation and the critical role of ICT. At the same time it has raised business expectations of ICT and organisational response that can only be addressed by utilising Agile approaches.


Read more


Conclusion

The deployment of machine learning (ML) solutions across a broad range of industries is rising rapidly. While most organisations will benefit from the adoption of ML solutions, ML’s capabilities come at a cost and many projects risk failure. Deployment of ML solutions needs to be carefully planned to ensure success, to minimise cost and time, but also to deliver tangible results and assist decision-making.


Read more


Conclusion

Even well-articulated and documented cyber incident response plans can go astray when a cyber incident actually happens. Experience shows the best plans can fail spectacularly. In this special report, IBRS interviews two Australian experts of startups in the field of cyber incident response, and uncovered the better practices for keeping your incident response plans real.


Read more


Conclusion

The decision to integrate machine learning (ML) into systems and operations is not one that is made lightly. Aside from the costs of acquiring the technology tools, there are added considerations such as staff training and the expertise required to improve ML operations (MLOps) capabilities.

An understanding of the ML cycle before deployment is key. Once requirements and vision are defined, the appropriate tools are acquired. ML specialists will then analyse and perform feature engineering, model design, training, and testing and deployment. This is also known as the dev loop. At the implementation stage, the ML model is deployed and the application is subsequently refined and enhanced. The next stage is the monitoring and improving stage where the organisation refines the model and evaluates the ROI for its data science efforts. This stage triggers the retraining of the model through data drift and monitoring.


Read more


Conclusion:

As-a-Service machine learning (ML) is increasingly affordable, easily accessible and with the introduction of self-learning capabilities that automatically build and test multiple models, able to be leveraged by non-specialists.

As more data moves into Cloud-based storage – either as part of migrating core systems to the Cloud or the use of Cloud data lakes/data warehouses – the use of ML as-a-Service (MLaaS) will grow sharply.

This paper summarises options from four leading Cloud MLaaS providers: IBM, Microsoft, Google and Amazon.


Read more


Conclusion:

The recent SolarWinds security compromise provides a timely reminder that a cyber security compromise from third parties is a clear and present threat. Virtually all organisations utilise third party vendors to provide services, software solutions and to store data. For these reasons, it is essential that all organisations have a third party risk assessment and compliance program as part of a broader cyber security strategy. Given that organisations utilise a multitude of vendors it is impractical to adopt a one-size-fits-all approach to third party risk management. This article provides a pragmatic approach to mitigating this risk.


Read more


Conclusion: Cyber attacks are a clear and present threat. Some organisations now have varying degrees of detection, monitoring and response capability in place, while other organisations still rely on their major incident response process to identify and manage cyber security incidents. In these organisations, cyber security operational responsibility is still embedded in traditional ICT operations. Such a siloed approach is suboptimal and presents risks in the effective management of cyber security risk. CIOs and other cyber security professionals should ensure that they have implemented a SOC capability that is appropriate to their organisation.


Read more


Conclusion: Security breaches by insiders, whether deliberate or accidental, are on the increase and their consequences can be just as catastrophic as other types of security incidents. Organisations are typically reluctant to disclose insider security breaches and as a result, these breaches receive relatively little media attention. The insider threat may therefore be perceived as being of secondary importance in an organisation’s cyber security program. However, given the consequences, organisations need to ensure that this risk is given sufficient executive attention and resourcing.


Read more