The Council of Australasian University Directors of Information Technology (CAUDIT)’s Cybersecurity Program Director, Nikki Peever, shares insights on the pressing issues in cybersecurity for higher education in the region
Ahead of CISO Brisbane 2022, taking place on the 6th of September at Hilton Brisbane, we caught up with Nikki Peever. She is responsible for the development and delivery of CAUDITs cybersecurity initiative for the sector, which includes the Australasian Higher Education Cybersecurity Service (AHECS).
In this interview, Peever discusses her career background, the most critical issues facing her sector, and how a joint approach by higher education institutes and key supply chain partners is proving immense value to the higher education sector in Australasia.
An Unplanned Success
Cybersecurity wasn’t a linear path or specific direction Peever had planned, in fact, her IT journey started in grade 12 when she worked part time with the school’s internal IT team.
“This was a fantastic, eye-opening experience as prior to this I’d only really used a computer to download music, chat on ICQ or MSN, or design terrible business cards in PowerPoint! I went on to do IT bachelor and honours degrees while working in different tech jobs,” she says.
“The experience that has been most influential on my career path was working with the Australian Government Solicitor/Attorney Generals Department, where I progressed from the Service Desk team to Team Leader, to Director of the Operations team. Although my worked spanned many elements from leadership to technical, due to the nature of the organisation, risk and information security underpinned all aspects of our operations.
“I took some time off to work on a PhD with an entirely different focus, on psychology, mobile health apps, wellbeing, and sport, while teaching an entry level IT unit at QUT. I then had a baby, and found my way back into information security as an Information Security Management System Auditor. This year I started working at CAUDIT overseeing the cybersecurity program.
“I absolutely love the position and the broad portfolio of work which ties together my previous education, training and experience. Aspects like project management, information security, psychology, governance, legislation, academia, and leadership all come into play.
Peever says she considers herself ‘a jack of most trades and a master of some’, preferring a variety of disciplines over one single domain.
“Although unplanned, it feels like everything was leading me straight to my current role and I’m grateful to be able to work in an area that encompasses my strength and passions while giving me different challenges every day,” she says.
Tackling the Most Critical Cybersecurity Issues in Higher Education
The higher education sector is facing a variety of cybersecurity challenges. From skills shortages and competing with the private sector to for talent, to increasing governance and compliance requirements, which add resource and financial costs to the sector.
In addition to that, balancing usability and security, managing appropriate cybersecurity budgets for the level of controls required, and coordinating effective detection and response systems are putting added pressure to the higher education sector in the increasing and evolving threat landscape.
“Through our Australasian Higher Education Cybersecurity Service, we are addressing these issues in a range of ways including via benchmarking, threat intelligence information sharing, specialised working groups, collaboration, and sector focused training programs,” Peever says.
“Research programs within the sector have been subject to foreign interference, and the sector is certainly a target for potential cyberattacks. It’s difficult to ascertain the ranking compared to other industries, but as a collective we must be diligent and aware of the risks, and work together to uplift the cybersecurity profile of the sector.”
Uplifting the Sector by Nurturing Collaboration
Peever’s role forms a key part of the Australasian Higher Education Cybersecurity Service, which is the higher education and research sectors peak cybersecurity body.
AHECS is delivered in collaboration with Australia’s Academic and Research Network (AARNet), AusCERT, Council of Australasian University Directors of Information Technology (CAUDIT), Research and Education Advanced Network New Zealand (REANNZ), and the Australian Access Federation (AAF).
“This collaboration illustrates a joint approach by higher education institutes and key supply chain partners including the sector’s internet service provider (both Australian and New Zealand), federation provider, and cyber emergency response team,” Peever says.
AHECS’s work is multifaceted and encompasses a variety of activities, including threat intelligence through an information sharing and analysis centre; sector benchmarking; webinars and training and an annual cybersecurity forum, to name just a few.
Peever’s position plays a key role in prioritising, and overseeing these activities, and contributing to the uplift of the sector through the AHECS service.
“I think this is such a unique offering, which I haven’t seen in any other industries, and provides immense value to the sector,” she says.
Peever will be joining CISO Brisbane 2022, taking place on the 6th of September at Hilton Brisbane. She is taking part on the “SOCI Act Reforms – what to do next?” panel discussion.
“I will be speaking about the SOCI Act, how the higher education and research sector has addressed their requirements under the Act, and how this Act addresses cyber risk for the sector (and other CI sectors).