Straight-talk with KJR’s newest cyber security expert, Sylvia Choa

News

14 February 2019

This week we pulled up a chair next to cyber security expert, Sylvia Choa. Sylvia joined the KJR Collective as Principal Consultant in our Cyber Security team in January 2019, super-charging our offering to clients and building our cyber security capability and leadership.

Where were you working before KJR and how did you come to join the Collective?

Prior to KJR, I was a cyber security consultant for a number of global and local information security firms for many years. This provided me with a very good understanding of the challenges that clients are facing, and not just within Australia, but at a global scale.

However, my focus at KJR will be Australian based companies, that said we have big plans here at KJR.

What was it about KJR that attracted you?

KJR was attractive to me because I could see that it had a fantastic team with great people. Also, KJR has huge opportunities in the cyber security area and I will assist to make that service even better for our clients.

KJR has a fantastic flat structure that allows our clients to access our senior people. This was appealing to me as it demonstrates a collaborative working nature that benefits everyone. KJR has a welcoming and open culture that our clients appreciate. Happy people means great work, and that in turn means happy clients.

What is KJR’s offering in the cyber security space?

We have a growing team of cyber security consultants and the service area is one part of the overall transformation work we offer to our clients based on their specific needs. With the team actively growing, we will also be reaching out into the market to get additional cyber security specific clients.

Some of the services we offer include: assisting companies in achieving information and data security,  enabling management to make strategic decisions for protecting data security; primarily around confidentiality, integrity, and availability of data; minimising IT security risks, reviewing of the current state of cyber security and working out where the gaps are then executing a plan to plug the holes; PCI Data Security Standards compliance certification audits and gap analysis; cyber security status reviews based on industries standards such as NIST, CIS Top 20 Critical Security Controls Assessments and ISO 27001; as well as Cloud security.

Third-party supplier audits are also a large part of what we do. Many organisations work with a large number of partners and share sensitive data with all those partners. Companies are concerned about privacy as well as confidentiality and how those suppliers or partners make use of and protect their data.

Some of this is done in conjunction with our partner network who supports KJR. We pick a crack team to get the job done.

"Cyber security, by its nature, is about risk and unless you know where the holes are, you’re unaware of the risk the company carries."
Sylvia

As you know KJR loves overcoming challenges, what challenges do companies face when it comes to cyber security?

One of the main challenges that companies face is that decisionmakers tend to focus on the issues they can see rather than the issues they can’t see.

Cyber security, by its nature, is about risk and unless you know where the holes are, you’re unaware of the risk the company carries. From my experience, management are sometimes apprehensive about putting in measures that will provide them with visibility of the problem, thus informing them of their current state and allowing them to make informed decisions. Companies must detect and monitor their vulnerabilities rather than waiting to see if they are attacked through one of them.

If they’re not detecting and monitoring their systems for potential virus, malware, phishing attacks and so on, and if there is no dedicated information security resource, they really have no idea of their current protection or position and the risks they are facing.

Of course, if they encounter an attack, by then it’s too late. The company is in reactive mode rather than proactive mode, and that is not where you want to be.

What will you be looking to achieve at KJR?

I will be looking to ensure that all our clients have a proactive approach to cyber security. The level of cyber-attacks is frighteningly high with cyber criminals adapting to new technologies as fast as we are adapting to stop them.

Through my global experience I have amassed a wealth of insights that can be applied to ensure our clients have visibility of their current position – allowing them to make an informed decision on the level of protection they need.  My goal is to ensure we can provide the team and the resources to help them achieve that.

For more information on any of the points raised or to talk to Sylvia, please contact her at 1300 854 063.

You may also like