High-profile Telstra chief information security officer Mike Burgess has resigned and will work his last day on November 4, capping off almost four years leading IT security for the nation's largest telco.
He will set out on his own as a strategic cyber advisor within his own consultancy, providing guidance to boards and committees about security threats and the impact they could have on their business.
Burgess joined Telstra in Februrary 2013 after five years as the deputy director for cyber and information security at the Defence Signals Directorate, and more than 18 years in the intelligence and security sector.
His tenure at DSD included overseeing the establishment of the national Cyber Security Operations Centre (now the Australian Cyber Security Centre).
At Telstra, Burgess' goal was to transform the internal security mindset through all levels of the business via his two-pronged "discovery and influence" initiative.
It intended to bring a human solution to a human problem, coupling data analytics (discovery) to hunt down malicious events and unintended harmful behaviour by staff, with human to human engagement to resolve the matter (influence).
At Telstra, Burgess co-authored the 'Five Knows of Cyber Security', five tenets that "frame the complex problem of cyber security in a way that everyone can engage in" - which the CISO says should form the core of any business' IT security plan.
Burgess has also lent his expertise back to the government during his stint in the private sector, sitting on the expert panel tasked with reviewing the nation's cyber security strategy.
A Telstra spokesperson said Burgess had established "proven and effective security capabilities that play a critical role in keeping our customers data safe and our networks secure".
"Mike is leaving Telstra with the right strategy and capabilities developed and implemented – and as company, we will continue to build on these," the spokesperson said.
"We wish Mike every success in the years to come."
Telstra will undertake an international search for a new CISO.
It leaves the telco with three executive-level IT positions to fill - Telstra is still looking for replacements to its CIO and CTO roles following Erez Yarkoni's resignation in August, and Vish Nandlall's controversial departure in May.
Burgess' departure is one of five big CISO moves this year.
Australia Post last month appointed a new chief information security officer following Troy Braban's exit to JP Morgan Chase in the US. Kristin Lyons, the postal organisation's former head of cyber threat and business management, is now in the role.
The Department of Human Services this week hired a former Navy commander as its cyber security chief; AGL Energy in March brought on John Taylor as its first ever CISO; and the country's national airline Qantas is currently looking to appoint a chief information security officer.
Changes at National Australia Bank in July also saw long-serving CISO Dave Powell moved into the new role of general manager for IT security strategy and the promotion of cyber security executive Andrew Dell into the CISO role.