Mikhail Lopushanski is the Chief Information Security Officer for Heritage Bank and has been in the information security space for close to 30 years. Involved with AUSCERT in its early days, Mikhail has an appreciation for the partnership that AUSCERT offers and its mission to help all organisation improve their information security.

 How did you first become involved with AUSCERT, and what motivated you to become a member?

I became an AUSCERT member in the late 90s. As an organisation, we required a partner, somebody that could help advise and mature our information security space. It was great having an organization that wasn’t connected to a vendor, government, or any particular area. AUSCERT helped my organisation to mature in that area with guidance, as well as providing us with alerts and starting to give us broader levels of alert capability than what we could do internally.

How has AUSCERT evolved over the years, and what changes have you seen in the cyber security landscape that have affected the organisation’s work?

AUSCERT has greatly developed since the late 90s. As a start-up coordinating globally, AUSCERT was able to provide information back to its members that was significantly up to date. You have to remember this is early days of internet and browser access. As AUSCERT developed, I’ve moved to several organisations and our needs have changed depending on our maturity. I found that AUSCERT was able to meet those needs regardless of what stage we were in. I’ve worked with AUSCERT across many projects, including setting up a threat intel group across the financial sector. AUSCERT fundamentally assisted me to set this up and to reach out to certain numbers that met the criteria of financial service spaces. I view AUSCERT as a true partner.

How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security? And what changes have you implemented as a result?

AUSCERT is a partner that can help an organisation mature in this space. In my experience going from several organisations that are less mature in information security to other organisations that are quite mature, the needs from what we wanted AUSCERT to do changed from place to place.

AUSCERT has certainly matured in this space over time. For a time they offered flying doctor service for incident response and they have really developed their capability for incident response, but also identification and threat intelligence and starting to provide quality IOCs and quality information to organisations. They shared this intelligence making it available across multiple industries. That development that AUSCERT created fell in line with how the industry over the years has also developed, becoming a real industry leader.

Is there anything else you would like to add?

Happy 30^th AUSCERT and I look forward to working with you in the next few years!