Advertisement

10 minutes with … Nathan Morelli

When Nathan Morelli started out as an accountant he had no idea his career would soon pivot into ICT. BDO’s Jason Foster caught up with the SA Power Networks head of cyber security over yum cha at Citi Zen to chat about how he came to work in the emerging field and the reality of cyber security in a post-COVID world.

Mar 01, 2021, updated Mar 01, 2021
Nathan Morelli is head of cyber security at SA Power Networks.

Nathan Morelli is head of cyber security at SA Power Networks.

So how did you get into the cyber industry?

I started as an accountant in a business during my first year of commerce. I discovered during that role that I found IT more interesting!

This came about initially as I had to deal with an ICT outage that supported a critical process. I found that I enjoyed solving the problems and enabling the organisation I was working in to perform better.

Following this discovery, I then changed directions within my study. Whilst at University, I found that I enjoyed educating people in cyber through class tutoring.

This may have contributed to me considering a career in consulting, which I went into on graduating. I found I enjoyed understanding critical business processes and how to improve them.

The consulting work I was doing at that time was more than just security. I think looking back, that the education roles I had throughout university helped with my consulting skills.

To be honest, cyber security, and leading that within an organisation, is much like consulting anyway. I have always leveraged the skills I learnt in consulting and advisory – as you’re needing to understand problems in the business and reduce their risks.

How do you find working in the utilities area?

Cyber in the utilities sector is “real”, there have been significant attacks overseas where we have seen significant impacts across entire cities and countries. I find that you don’t have to justify the spend on cyber, because our industry from the top down is focussed on protecting our critical infrastructure. We are also well supported in our efforts to increase resilience by the Federal Government’s focus on Critical Infrastructure Cyber Security.

What types of threats exist in this area?

Whilst there are different types of threats, the approaches for dealing with them are similar.

Nation states are more prevalent, but they’re generally still after the same outcomes. The management of the risks are the same. Similar tools and techniques are used by all threats, so we are best prepared to detect and respond when we focus on these.

Utilities is a mature industry.

It is up there with the banking sector, as utilities have a similar collaborative mentality to the financial sectors and pushing to learn and get stronger together.

This is due to being a regulated industry – having significant advantages in cyber isn’t an overall competitive advantage.

We can’t go and sell services differently based on our better cyber posture over a competitor, like SME’s and defence organisations may.

InDaily in your inbox. The best local news every workday at lunch time.
By signing up, you agree to our User Agreement andPrivacy Policy & Cookie Statement. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Those organisations invest a lot of money to make differences in their industry and this means an advantage to them. We’re a lot more collaborative in our industry, as we’re all requiring resilience against a common enemy.

What trends are you expecting to see in the cyber industry?

The current requirement to work from home means that you can’t rely on the traditional ring-fence model.

The information that users access in a remote model is far greater than usual. We need to enable a secure environment whilst not impacting the user experience. The way that we do this, is to understand the business and stakeholders better.

Cyber isn’t just an IT function. The cyber industry needs to understand the business and help it to secure a business outcome. We need to work side by side and understand what they are trying to do.

Where to from here?

It’s important that we foster the next generation. For instance, I’m running a project now whereby we’re enabling a junior to learn from the more experienced resources through shadowing across a critical engagement for us. This is especially important to provide juniors with the experience and confidence they need to be a success in the industry.

We’re also working on creating more entry-level roles within our capability to ensure we are contributing to building our industry. We need to build on existing programs and leverage the education sector in ensuring graduates of any program can pursue a career in cyber security.

The verdict

And for those wanting to know what Nathan’s pick of the best yum cha dish was, the barbecue steamed pork rice rolls came out trumps, however we agree the savoury fried dumplings are the best overall surprise packet!

 

Local News Matters
Advertisement
Copyright © 2024 InDaily.
All rights reserved.