Dr. Philip Nesci

Dr. Philip Nesci

Dr. Philip Nesci is an IBRS advisor specialising in digital transformation, Cloud strategy and analytics, cyber resilience and risk management, and large scale program management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.

Read latest work...

Connect with Philip

Have a specific question for Philip Nesci?

Email

Conclusion:

Cyber security incidents are increasing in frequency and severity. Organisations, governments, executives, and boards are now actively monitoring and probing the progress of cyber security initiatives. At the same time, there are legislative and industry-wide pressures to achieve predetermined levels of compliance. Cyber security frameworks (CSF) provide a system of standards to achieve and demonstrate cyber security maturity. However, the task of selecting an appropriate CSF is now more complex due to the number of frameworks currently flooding the market.


Read more


Conclusion:

The rapid adoption of Cloud services and the increasing and well publicised cyber security compromises have added to the security concerns within many organisations. The Australian Cyber Security Centre (ACSC) has recently published a set of Cloud computing security considerations whereby organisations are able to undertake a high level self-assessment of their cyber risks as they transition to Cloud services. IBRS has recently hosted a roundtable with senior ICT and security professionals to highlight some hands-on lessons for managing cyber security in a Cloud environment.


Read more


Conclusion:

Delivering value faster and better with quality code has been the holy grail of software development and support for many years. Navigating a post-COVID-19 world, organisations will find themselves faced with new challenges and the expectation of delivering value and quality results in a shorter time frame.

DevOps is a set of practices that works to automate and integrate the processes between software development and support, so project teams can build, test, and release software faster and more reliably. As such, DevOps and Agile methodologies have become key tools in responding to an increasingly diversified and dynamic business landscape where most, if not all businesses are using technology to reshape their respective organisations.

Yet despite its potential to deliver, many organisations are struggling with DevOps implementations. Developing a clear roadmap based on best practices and a pragmatic approach will accelerate this journey and minimise the risk of failure.


Read more


Conclusion:

The disruption brought about by the COVID-19 pandemic has highlighted how essential agility is to business. Many organisations were able to quickly respond to the challenges of the restrictions and lockdowns by focusing on the needs of their customers while transitioning into remote work. This response shaped how the public now sees and perceives the organisation and the critical role of ICT. At the same time it has raised business expectations of ICT and organisational response that can only be addressed by utilising Agile approaches.


Read more


Conclusion

The deployment of machine learning (ML) solutions across a broad range of industries is rising rapidly. While most organisations will benefit from the adoption of ML solutions, ML’s capabilities come at a cost and many projects risk failure. Deployment of ML solutions needs to be carefully planned to ensure success, to minimise cost and time, but also to deliver tangible results and assist decision-making.


Read more


Conclusion

Even well-articulated and documented cyber incident response plans can go astray when a cyber incident actually happens. Experience shows the best plans can fail spectacularly. In this special report, IBRS interviews two Australian experts of startups in the field of cyber incident response, and uncovered the better practices for keeping your incident response plans real.


Read more


Conclusion

The decision to integrate machine learning (ML) into systems and operations is not one that is made lightly. Aside from the costs of acquiring the technology tools, there are added considerations such as staff training and the expertise required to improve ML operations (MLOps) capabilities.

An understanding of the ML cycle before deployment is key. Once requirements and vision are defined, the appropriate tools are acquired. ML specialists will then analyse and perform feature engineering, model design, training, and testing and deployment. This is also known as the dev loop. At the implementation stage, the ML model is deployed and the application is subsequently refined and enhanced. The next stage is the monitoring and improving stage where the organisation refines the model and evaluates the ROI for its data science efforts. This stage triggers the retraining of the model through data drift and monitoring.


Read more


Conclusion:

As-a-Service machine learning (ML) is increasingly affordable, easily accessible and with the introduction of self-learning capabilities that automatically build and test multiple models, able to be leveraged by non-specialists.

As more data moves into Cloud-based storage – either as part of migrating core systems to the Cloud or the use of Cloud data lakes/data warehouses – the use of ML as-a-Service (MLaaS) will grow sharply.

This paper summarises options from four leading Cloud MLaaS providers: IBM, Microsoft, Google and Amazon.


Read more


Conclusion:

The recent SolarWinds security compromise provides a timely reminder that a cyber security compromise from third parties is a clear and present threat. Virtually all organisations utilise third party vendors to provide services, software solutions and to store data. For these reasons, it is essential that all organisations have a third party risk assessment and compliance program as part of a broader cyber security strategy. Given that organisations utilise a multitude of vendors it is impractical to adopt a one-size-fits-all approach to third party risk management. This article provides a pragmatic approach to mitigating this risk.


Read more


Conclusion: Cyber attacks are a clear and present threat. Some organisations now have varying degrees of detection, monitoring and response capability in place, while other organisations still rely on their major incident response process to identify and manage cyber security incidents. In these organisations, cyber security operational responsibility is still embedded in traditional ICT operations. Such a siloed approach is suboptimal and presents risks in the effective management of cyber security risk. CIOs and other cyber security professionals should ensure that they have implemented a SOC capability that is appropriate to their organisation.


Read more


Conclusion: Security breaches by insiders, whether deliberate or accidental, are on the increase and their consequences can be just as catastrophic as other types of security incidents. Organisations are typically reluctant to disclose insider security breaches and as a result, these breaches receive relatively little media attention. The insider threat may therefore be perceived as being of secondary importance in an organisation’s cyber security program. However, given the consequences, organisations need to ensure that this risk is given sufficient executive attention and resourcing.


Read more


Conclusion: Cyber incidents and the protection of information have now taken enterprise and national significance. 

Organisations will need to learn to operate securely in a zero trust world. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. The risk of a compromise for most organisations is increasing with the acceleration of digital transformation, adoption of technologies such as Cloud services, analytics and IoT. The threat landscape is further compounded by increased regulatory and compliance requirements.

A cyber compromise is almost inevitable and organisations are now focusing on improving the resilience of their organisation to a cyber incident. Many organisations now have cyber resilience programs in place which not only protect and defend their key information assets but are also well placed to respond should a cyber incident occur. Our cyber strategy, roadmap and implementation advisory are designed to assist on your cyber resilience journey.


Read more


Conclusion: The massive shift to working from home since the start of the COVID-19 pandemic has led to upsides for employees: more flexibility, no commute and greater productivity. Many executives have been publicly extolling the virtues of remote working. However, a number of management, cultural and work design issues are now starting to emerge. Organisations need to review their current workplace design and practices and prepare for a hybrid home-office workplace post-pandemic.


Read more


Background: The federal government has finally unveiled its cyber security strategy. The Australia’s Cyber Security Strategy 2020, released on 6th August will see $1.67 billion invested in a number of already-known initiatives aimed at enhancing Australia's cyber security over the next decade. IBRS provides their key takeaways from the strategy.


Most of the funding for the Strategy 2020 is from July’s announced $1.35 billion cyber enhanced situational awareness and response (CESAR) package much of the Strategy details will be contained in legislation to be put before parliament.


Read more...