The govt needs to encourage Aussie CISOs to buy local

While Data61’s new Melbourne cyber security centre signals that the Turnbull government is committed to following through on its national cyber security promises, private industry isn't as enthusiastic about embracing local cyber security start-ups and innovators.

The strategy outlines the government's goal of making Australia the innovation hub of Asia, underpinned by strong investment in cyber security.

Yet last month’s SINET61 conference sowed seeds of doubt as to whether the Australian marketplace will take the steps required to welcome start-ups, innovators and venture capitalists into the fold. 

SINET61 brought together speakers from a variety of Australian businesses, research institutes and government, as well as international guests representing cyber security in the UK and the US.

A common theme emerged: Australian entrepreneurs are often forced to relocate their companies to other geographic regions to acquire the venture capital and customers they need to get their business properly off the ground. 

Eddie Sheehy, CEO of Australian cyber security success Nuix, told the conference that the US market had made Nuix the success it is today, while Australia was but a small percentage of its business.

Differences in market sizes aside, it was made clear at the conference that large Australian customers are not putting enough faith in local start-ups and innovators, instead opting for the American in the shiny suit and with the massive expense budget.

The CISO of US media giant Hearst, David Hahn, provided an example of the type of leadership we need to see in Australia: Hahn said his main concern is whether a vendor can fit their technology and capability into his strategic security jigsaw - he claims he would happily buy from a start-up witout flinching if its products do what he needs.

If leaders in the local market were this results-oriented, it would be easier for disruptive start-up companies to secure the venture capital funding they need here in Australia. But if the market prefers to take the easy road and buy the product before the strategy, then the multinationals will always win – since the CISO will build their strategy based on the words in the vendors’ marketing collateral.

The US Department of Defense publishes online a list of problems that the US military wants to solve, with the expectation it will lead to start-ups forming in an attempt to solve that problem - companies DoD can then nurture, prototype and eventually invest in.

We need the Australian government to follow suit and find a way to encourage and incentivise our local cyber security leaders to buy local and think global.

Only then will we see Australia become the innovation hub the government’s strategy is aiming for.