I’m a cybersecurity leader and postgraduate law student based in Melbourne. By day, I manage information security and risk for a major infrastructure authority. By night (well, evenings and weekends), I’m working through a Juris Doctor at RMIT University.

This blog sits at the intersection of those two worlds — security leadership, legal thinking, and the messy reality of managing risk in complex organisations. I hold CISM, CISSP, CCSP, and AAISM certifications, and I’m interested in the gap between how we should manage change in security programmes and how we actually do it.