<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=306561&amp;fmt=gif">
Skip to content

Collaboration and Robust Programs Tackle Critical Infrastructure Security Issues: Aaron McKeown

Vector Limited’s CISO, Aaron McKeown, discusses strategies to overcome cyber risks in the critical infrastructure sector through collaboration and by building strong security programs

 

Aaron McKeown is originally from Australia, where he spent eight years in the energy sector. Ten years ago, he moved to New Zealand and into the SaaS space.

 

“I’ve always had security as part of my role, which was originally in systems engineering then moving into architecture and operations.”

 

“It was after I moved to New Zealand and joined a global SaaS provider that security become my full-time responsibility,” says Aaron.

 

That opportunity involved working in a fast-paced, dynamic organisation that was transforming the infrastructure used to serve 1.5 million customers. It allowed him to use his architecture and security knowledge to achieve that transformation.

 

“After that, I moved back to into the energy sector, where I could combine my experience in cloud-based systems and in utilities, to help Vector on its digital transformation journey,” he says.

 

The critical infrastructure sector is facing a lot of cybersecurity challenges now, and we were interested to know Aaron’s views on the most pressing issues he’s currently seeing. He identified four main risks and issues:

 

  1. Insider threats posed by the users, whether maliciously or accidentally. It's about identity-based risk.
  2. Working with partners, either third-party services or software providers also entails a high security risk.
  3. Threats to cloud-based systems and IoT platforms.
  4. Maintaining visibility across IT and OT. Having unified visibility across all platforms is key.
     

Aaron believes collaboration is key for CISOs working for critical infrastructure operators when trying to overcome these challenges.

 

“I’m a firm believer in the group stronger than the individual and collaboration is key for our sector when it comes to cyber security. We don’t compete with each other in this sector.”

 

“I am seeing collaboration happening more and more across the critical infrastructure sector. That is really pleasing,” Aaron says.

 

Laying the Foundation for a Sound Security Program

 

We asked Aaron what he would suggest to an incoming CISO on how to build a strong base for security programs, and he thinks the number one thing to do is identify and educate the stakeholders.

 

“That will make things much easier.”

 

“If your stakeholders are well-educated about cyber security risks, that’s a huge step forward. I also think it’s key to build good network, internally and externally, of your peers and colleagues in the sector to leverage.”

 

“Focus on the basics. Choose the key five or six services, adopt a service–based approach and deliver that well,” he says.

 

Most organisations globally are operating in a land of budget constraints - no matter who they are or how big they are. So, we asked Aaron what he would do if he had unlimited cybersecurity budget for a year, and he thinks it’s important to deploy the security process that’s appropriate for your organisation.

 

“I suppose I would focus on my top issues – I'd choose identity management, third-party risk and security of OT and IoT-based systems, and then I’d take a risk-based approach to those top priorities.”

 

“And with that unlimited budget I’d also make sure our next cyber security forum was held in the Bahamas,” he says.

 


Aaron McKeown will be speaking at CISO New Zealand 2024 and sharing his experiences on cyber risks for critical infrastructure operations. To find out more about his session, check out the agenda and register to attend, simply click this link