We sat down with Deb Maher from the Australian Government about supporting government with secure systems and advice
The Department of Education, Skills and Employment (DESE) is a large Australian Government department headquartered in Canberra. Over 3,700 staff who work there ensure Australians can experience the wellbeing and economic benefits of quality education, skills and employment.
The department is responsible for a wealth of data and knowledge in these areas, which need continuous, solid protection from a busy security team. People working at DESE and its client organisations rely on its systems for daily work needs, so the security team must also support workers to operate safely and seamlessly.
Deb Maher is a leader in DESE’s security team and helps this to happen every day.
On the security frontlines
Deb is Director of Security Services in DESE. She manages the team behind the scenes of the department’s systems and infrastructure, making sure they operate well, and staff can work without interruption.
‘I protect the department from things getting stolen or damaged, like our reputation and all the services,’ Deb explains.
‘To do that, I lead a team that delivers and maintains security solutions. These capabilities block viruses from executing, block malicious actions from getting into our networks and manage the keys that encrypt communication.
‘We also manage who can get access to what and provide a help desk for anyone that has any security-related issue.
Starting out designing circuit boards 30 years ago, Deb moved through to coding and into delivering systems at the Australian Signals Directorate (ASD). It was there where she got her first cyber security mission – something that had real-world applications for many more people and the opportunity to help others.
‘When I started, security was done by security people. Nowadays, it's totally different. Everyone needs to know security: anyone building capability, buying capability, asking someone to do something for them, needs to think about security. Which I really like,’ Deb says.
Opening up the blockers for better results
While we all need to follow security rules in our jobs, having someone to support us to do it has become more and more valued. Part of Deb’s work is managing the team on the security helpdesk, and she says the way they do that has even changed over the years – for the better.
Deb finds it refreshing that the job is now about finding solutions that support people in their jobs instead of blocking them.
‘Security can be scary. Security can be confusing and often security actually gets in the way. So we have to provide a service to make sure that people can get their job done,’ she says.
‘In the past the security people were always the blockers. They were always the fun police. Now, people want their systems to be secure and they want to engage with security people that understand their business and that have a can-do attitude. Whereas 10 to 15 years ago, the security people were pretty much always saying “no, you can't do this”.
‘The conversations have changed to “if you do it this way, you can get your outcome”. We’re thinking about what the end user’s trying to achieve.
‘I really like that, because it aligns with my passion to help others.’
Room for creativity
This change in approach has made Deb’s job more enjoyable, as she gets to work alongside people who are creative and innovative. With diverse thinkers and new ways to enter the industry, Deb’s found herself surrounded by a team of motivated problem solvers.
‘I really like the fact that there are a lot of pathways into security now,’ she says.
‘So there are a lot more younger people in security and they're great fun to work with. When I've got a challenge they run to it with passion. And I absolutely love that.’
Deb hopes that more people join development and infrastructure careers, despite their previous career background. Being a broad field, her advice is to jump in and make the most of opportunities to grow.
‘We look for new people fairly regularly, and what I look for is people who are doing study outside to improve themselves; people who are proactive,’ she says.
‘I also look for people who take initiative, people who can communicate and people who are keen as mustard. I'm not necessarily looking for somebody at the entry level actually being able to say “I've worked as a cyber analyst”, because they don't exist.
Deb believes it’s about absorbing and taking on as much as you can. Then the opportunities present themselves. Being such a broad field, there are possibilities for everyone in cyber.
‘Compare it with something like a database administrator,’ Deb says.
‘There are databases everywhere, but once you're a database administrator, there's a certain point of knowledge you get, and that’s it. There's significantly more variety if you get into cyber security.
‘You can start off in my team working on tickets to assign permissions to a particular user as an entry point, but then you can actually train yourself up to be a cloud engineer.
‘After that, you could probably move on to something like cyber architecture or cyber assurance, doing risk assessments and things like that. The variety is enormous.
‘It's very broad and the demand's high. And you can get paid a lot of money if you're really good at it.’