Dr. Philip Nesci

Dr. Philip Nesci

Dr. Philip Nesci is an IBRS advisor specialising in digital transformation, Cloud strategy and analytics, cyber resilience and risk management, and large scale program management. Philip has an extensive track record as a CIO and an Executive in global commercial organisations such as Shell, Orica and China Light and Power, where he has orchestrated and delivered major organisational transformations enabled by technology. More recently as CIO of Monash Health and the Australian Red Cross Blood Service, Philip has focused on the Health sector and in Government leading a number of programs which have significantly reshaped the customer experience and engagement, underpinned by cyber resilience. Philip’s approach to strategy development and implementation is achieved through strong leadership and extensive engagement with Boards and Executives. Philip’s blend of business and technology experience across a wide range of industries and enhanced by working extensively in Australia, Europe, Asia and the USA, provides him with unique understanding in successfully planning and executing digital strategies to reshape business.

Read latest work...

Connect with Philip

Have a specific question for Philip Nesci?

Email

Conclusion

Even well-articulated and documented cyber incident response plans can go astray when a cyber incident actually happens. Experience shows the best plans can fail spectacularly. In this special report, IBRS interviews two Australian experts of startups in the field of cyber incident response, and uncovered the better practices for keeping your incident response plans real.


Read more...


Conclusion

The decision to integrate machine learning (ML) into systems and operations is not one that is made lightly. Aside from the costs of acquiring the technology tools, there are added considerations such as staff training and the expertise required to improve ML operations (MLOps) capabilities.

An understanding of the ML cycle before deployment is key. Once requirements and vision are defined, the appropriate tools are acquired. ML specialists will then analyse and perform feature engineering, model design, training, and testing and deployment. This is also known as the dev loop. At the implementation stage, the ML model is deployed and the application is subsequently refined and enhanced. The next stage is the monitoring and improving stage where the organisation refines the model and evaluates the ROI for its data science efforts. This stage triggers the retraining of the model through data drift and monitoring.


Read more


Conclusion:

As-a-Service machine learning (ML) is increasingly affordable, easily accessible and with the introduction of self-learning capabilities that automatically build and test multiple models, able to be leveraged by non-specialists.

As more data moves into Cloud-based storage – either as part of migrating core systems to the Cloud or the use of Cloud data lakes/data warehouses – the use of ML as-a-Service (MLaaS) will grow sharply.

This paper summarises options from four leading Cloud MLaaS providers: IBM, Microsoft, Google and Amazon.


Read more


Conclusion:

The recent SolarWinds security compromise provides a timely reminder that a cyber security compromise from third parties is a clear and present threat. Virtually all organisations utilise third party vendors to provide services, software solutions and to store data. For these reasons, it is essential that all organisations have a third party risk assessment and compliance program as part of a broader cyber security strategy. Given that organisations utilise a multitude of vendors it is impractical to adopt a one-size-fits-all approach to third party risk management. This article provides a pragmatic approach to mitigating this risk.


Read more


Conclusion: Cyber attacks are a clear and present threat. Some organisations now have varying degrees of detection, monitoring and response capability in place, while other organisations still rely on their major incident response process to identify and manage cyber security incidents. In these organisations, cyber security operational responsibility is still embedded in traditional ICT operations. Such a siloed approach is suboptimal and presents risks in the effective management of cyber security risk. CIOs and other cyber security professionals should ensure that they have implemented a SOC capability that is appropriate to their organisation.


Read more


Conclusion: Security breaches by insiders, whether deliberate or accidental, are on the increase and their consequences can be just as catastrophic as other types of security incidents. Organisations are typically reluctant to disclose insider security breaches and as a result, these breaches receive relatively little media attention. The insider threat may therefore be perceived as being of secondary importance in an organisation’s cyber security program. However, given the consequences, organisations need to ensure that this risk is given sufficient executive attention and resourcing.


Read more


Conclusion: Cyber incidents and the protection of information have now taken enterprise and national significance. 

Organisations will need to learn to operate securely in a zero trust world. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. The risk of a compromise for most organisations is increasing with the acceleration of digital transformation, adoption of technologies such as Cloud services, analytics and IoT. The threat landscape is further compounded by increased regulatory and compliance requirements.

A cyber compromise is almost inevitable and organisations are now focusing on improving the resilience of their organisation to a cyber incident. Many organisations now have cyber resilience programs in place which not only protect and defend their key information assets but are also well placed to respond should a cyber incident occur. Our cyber strategy, roadmap and implementation advisory are designed to assist on your cyber resilience journey.


Read more


Conclusion: The massive shift to working from home since the start of the COVID-19 pandemic has led to upsides for employees: more flexibility, no commute and greater productivity. Many executives have been publicly extolling the virtues of remote working. However, a number of management, cultural and work design issues are now starting to emerge. Organisations need to review their current workplace design and practices and prepare for a hybrid home-office workplace post-pandemic.


Read more


Background: The federal government has finally unveiled its cyber security strategy. The Australia’s Cyber Security Strategy 2020, released on 6th August will see $1.67 billion invested in a number of already-known initiatives aimed at enhancing Australia's cyber security over the next decade. IBRS provides their key takeaways from the strategy.


Most of the funding for the Strategy 2020 is from July’s announced $1.35 billion cyber enhanced situational awareness and response (CESAR) package much of the Strategy details will be contained in legislation to be put before parliament.


Read more...


Conclusion: Ransomware attacks are becoming increasingly common and Australian organisations have experienced several high-profile incidents in 2020. While the preferred option is to recover from backups, organisations may find that this is not feasible either because of the scale of the compromise or that backups themselves are compromised. While the decision to pay a ransom is complex and poses significant risks, it should be explored in parallel with the recovery from backup.


Read more


Philip Nesci, IBRS adviser and former CIO, has warned that agencies will need to get their information management sorted out to capitalise on the new rules.

‘‘Agencies need to identify their high-value data sets and where they are located.’’ 

Full Story.

Conclusion: Many organisations have implemented collaboration and in particular video-conferencing facilities to support critical business operations in response to managing the COVID-19 pandemic. While remote workers have embraced these platforms with enthusiasm, organisations have had little opportunity to govern the use of these platforms due to the need to roll them out quickly. As end-users push forward with sharing confidential data and video across many teams, issues of data access rights, data confidentiality and employee confusion will emerge. Unless organisations put in place appropriate governance on their collaboration platform, the full benefits of the platform will not be realised.


Read more


Conclusion: Many organisations have now contained the COVID-19 crisis and stabilised their operations. The focus is now rapidly shifting towards the recovery phase. While the full implications of the 'new normal' are yet to be fully understood, it clear that industry sectors will be impacted very differently. What are the three mega trends emerging in the post COVID-19 world.


Read more


Conclusion: The COVID-19 pandemic crisis is sweeping across the globe and is being felt by every individual and every organisation. By its very nature, the COVID-19 crisis is global in scope, indefinite in its duration and unknown in its long-term impact. Given the reliance of organisations on their ICT services, particularly at this point in time, CIOs have a unique opportunity to make a significant contribution, showcase their leadership capability and enhance the long-term brand of their ICT teams. All too often under the pressure of a crisis, CIOs will focus on tasks as opposed to the softer elements of leadership. The opportunities this crisis presents should not be wasted. Your leadership is on show.


Read more