Principal Security Consultant | ACT
Sebastian Scandura joined ASG in 2021 as Principal Security Consultant. With plenty of experience working previously with one of the Big Four, Sebastian is helping ASG fine-tune its cyber security offerings and develop new capabilities in line with the ever-changing threat environment. Learn a little more about Sebastian, his role, and what he’s doing with all his new “free time” now that he’s at ASG!
CAN YOU GIVE US A RUN-DOWN OF YOUR ROLE HERE AT ASG?
I’m the Principal Security Consultant which means I’m part of the Security team led by Adam Misiewicz. My line of service is essentially developing cybersecurity frameworks and working with clients mostly in the national critical infrastructure space – think along the lines of airports, Oil and Gas, and power and utilities. We do Cyber security assessments against most popular frameworks such as Essential Eight, NIST, ISM, CMMC for these clients to determine where they’re at and where they need to be. If they have their own in-house team, our health checks give them some homework to complete, otherwise, we can provide them with the resource to get it done.
Prior to ASG, my experience was with Defence and National Cybersecurity working at one of the Big Four.
ASG: WHAT ARE YOU ENJOYING MOST ABOUT YOUR ROLE?
ASG has been a good experience so far. Whilst ASG has always delivered cyber security wrapped into its solutions and services, I came into help the team build it into its own function. That involves developing collateral, practices, processes, and also developing our people and recruiting for new skills. It’s an exciting time, we’re able to engineer the function in a way that suits the market and our existing clients. Our clients already trust us with many facets of their IT, and cyber security is another service we are offering to help clients manage skill shortages, obtain insights, and ensure they have the best security strategy in place to meet their business’ needs.
WHAT DREW YOU TO JOIN ASG?
Partly what drew me to the role was the opportunity to develop capability. In my previous role working for a large bank, I was developing capability, but it was just my hobby that I was working on after hours. I had my 9-5 work, then I had all the admin work, and then AFTER those hours my hobby was developing and building capability. So, I came to ASG because building capability was the primary role, I knew I’d get to be creative and contribute to growing something. The idea of getting to do my hobby in work hours and get paid for it had me sold!
IT’S AN EXCITING TIME, WE’RE ABLE TO ENGINEER THE FUNCTION IN A WAY THAT SUITS THE MARKET AND OUR EXISTING CLIENTS. OUR CLIENTS ALREADY TRUST US WITH MANY FACETS OF THEIR IT, AND CYBER SECURITY IS ANOTHER SERVICE WE ARE OFFERING TO HELP CLIENTS MANAGE SKILL SHORTAGES, OBTAIN INSIGHTS, AND ENSURE THEY HAVE THE BEST SECURITY STRATEGY IN PLACE TO MEET THEIR BUSINESS’ NEEDS.
HOW HAVE YOU SEEN THE SECURITY SPACE CHANGE THROUGHOUT YOUR CAREER?
Cybersecurity has evolved, in the last 3-5 years especially, as it is no longer an afterthought. It is now something you must factor in when procuring any solution or service.
Our thought of what a cybersecurity breach actually is has also changed as ransomware attacks and cyber hacks are more publicised in the media. We no longer think of that image of a loner hacker in a dark hoodie with a big screen writing code. As services have developed, such as apps for ordering pizza or transport apps that track movement, there’s that thought – I build something, I deploy something, but then how do I secure it? That final question was often left out. But you put all your personal details into these apps – your name, your credit card number, oftentimes your birthday and your address – with those 4 things alone your identity is at risk and can be stolen. So, imagine having 100’s and 1,000’s of clients in your database and no security to protect them!
Generalists have come into prominence in the security space. Again, traditional thinking had coders and technical ICT people sitting in the security space, but generalists are now being favoured as cyber practitioners because of their balanced view on each area of IT.
HOW DO YOU LIKE TO SPEND YOUR SPARE TIME?
Outside of work, I recently bought a bicycle and am jumping on that after work and doing a few km’s.
Last year I did a charity ride for Starlight – pledging to ride more than 300km for the Foundation.
We get to benefit a lot from Starlight, my daughter has Osteogenesis Imperfecta which means she has fragile bones. Starlight Foundation has been a great support every time she is in the hospital, so doing a fundraising ride for them was a no brainer.
On weekends, we like to get up and go out for brunch. Canberra often treats us to some good weather, and when it does, we like to spend as much time as possible outside.
WHAT MOTIVATES YOU IN YOUR ROLE? WHAT ARE YOU PASSIONATE ABOUT?
Above all, I’m passionate about doing a good job. I like to connect the dots and create something new that nobody has been able to do before, bringing together two ends that wouldn’t necessarily meet. I’m also always thinking about creating efficiencies to help, whether for ASG or for the client, and improving the way that people operate. I do this best by understanding drivers, meaning not just looking at what people want to do but the reason why they want to do it.
WHICH OF THE ASG EMPLOYEE VALUE PROPOSITION PILLARS RESONATES WITH YOUR EXPERIENCE AT ASG AND WHY?
I gained a lot of experience in a Big Four, but I don’t miss it, I’m excited to be able to apply the experience I gained there but have a more reasonable work-life balance that ASG affords me. So, I’d say ‘Balance’, definitely. I’m still finding new ways to fill up my time now that I’m no longer staying up ‘til 4:00 in the morning with work but I’m really enjoying the work I’m doing and the flexibility that comes along with it!
Read more about the work Sebastian is doing and learn about our security services here: https://www.asggroup.com.au/insights/cyber-security-partner/