AISA Board of Director Nominations 2020


Joshua Craig

A senior regulatory and risk manager for Cloud Services, highly experienced in risk, compliance and governance for all things Cyber Security at ANZ Banking Group.

A risk professional who looks for the direct but pragmatic outcome, a background in technology, governance, security and leadership. Achieving a Masters in Information Technology, CISSP and CISM.

Creator and leader of a strong regulatory management team that worked on the first APRA No Objection for Cloud at ANZ, implemented a first of its kind shadow IT remediation across global operations to address significant risks, and a mentor and leader of a technology and security risk professional development program.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members, the community, industry and government benefit?
I see AISA continuing to become the peak body for advocacy in Information Security for the members and the wider community in Australia.

Bringing together the largest Business and Security Conferences for the Asia Pacific region as well peak state-run events in Australia to provide the community with the best industry experiences available.

For AISA to be the top cybersecurity advocate in the region for all ranges of government, working with a diverse array of other membership, community, education and government bodies to promote research, healthy legislative outcomes, training and development of cybersecurity professionals in Australia.

Dr Suelette Dreyfus

As an academic specialist in the School of Computing and Information Systems at the University of Melbourne, she both teaches and researches in the field of information security. She has initiated and won funding for five major research projects, including projects to help bring expertise to incident reporting and the design of information systems in a healthcare setting.

She currently co-runs a longitudinal study, running over a decade, in information systems in an emergency department. Her grant successes include winning national competitive grants, as well as philanthropic and foundation grants, in order to support the research work she designs and conducts. In addition to health IT, her research work has also been in the areas of online safety, barriers to adoption of cybersecurity and the use of anonymous, secure digital drop boxes. She has run free software development projects. 

She wrote the first mainstream book about computer hacking in Australia (‘Underground’), which has been translated into seven other languages.

She does extensive public outreach, via the media and public events, in order to educate and inform the community on IT security and privacy issues. Her written articles have appeared in major media outlets such as The Age, The Sydney Morning Herald, The Australian, The Guardian, The Independent (UK), as well as newspaper and online daily media sites in Germany and Spain.

She has curated and run many innovative cybersecurity outreach activities, including, for example, multiple events for young people at Splendour in the Grass, the largest music festival in the southern hemisphere. These brought in industry experts from different parts of Australia to teach awareness and skills. She also co-developed the first university-based, in-depth training projects in data hygiene for journalists and journalism students. Building on that, she created a project to do data security training for not-for-profit organisations in several European countries. In her university teaching, she actively brings industry practitioners into the classroom to ensure students are job-ready when they graduate.

Her experience includes board positions in not-for-profit organisations over the past two and a half decades. She served as a board member of Ross House Association (RHA), a not for profit umbrella organisation supporting 70+ community organisations and small businesses that share community values.

RHA owns and runs a 5-story building in downtown Melbourne that provides inexpensive office accommodation and community-building services for its members.

She runs a weekly research seminar series at the university in computing and information systems that is open to the public. Since mid 2018, she has run more than 70 of these seminars, with 11 more in the pipeline.

Finally, she has experience in engagement with policy-makers and parliament; she has presented to state and Commonwealth parliamentary committees on matters addressing encryption, digital privacy and integrity systems.

Dr Dreyfus is passionate about giving back to the community and has been working with not-for-profit organisations for more than two decades, helping to develop and support the next generation of skilled cyber security professionals.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?
My vision for AISA’s activities is enlightenment, outreach and engagement. By this I mean:
• building original research and databases that inform and supports both our members and informs government policy makers,

• creating and supporting channels such as via the media and public events,

• and interacting with the community in a two-way exchange of information and ideas.  The community includes our members but also our potential members, students who may become our members in future, policy makers and others with an interest in our domain.

My experience with governance has been that it is necessary to make a commitment to transparency and accountability by institutions to their memberships and stakeholders. This includes a belief that while partnerships are important, independence and integrity of organisations like AISA are essential. Without this, we cannot be true to our membership nor organisational purpose. My vision for AISA includes these values. 

Building a friendly community among the membership, that forms a network of help, support and wisdom, is a core part of what AISA should also do. The grassroots monthly meeting, guest talks, creation of networking events, specialist mailing lists or message groups are all part of this infrastructure. While my vision for AISA is national in the sense of building a presence of expertise that key decision-makers respond to, the essence of a not-for-profit association must be with its community of members.

Andrew Evans

Andrew James Evans was born and raised in the UK. Andrew served for nine years in the UK Armed Forces serving operationally in Northern Ireland and Northern Iraq and Southern Turkey and travelled the globe as part of his duties. During this time, Andrew operated radios, radio antennas, communications equipment and moved from manual encryption of messages through to the use of cryptographic devices. This started a lifelong interest in technology and information security.

Andrew’s interest in technology, electronics and computers led him to successfully undertake a BSc (Hons) in Computer Systems and Networks degree at the University of Plymouth where he attained a first class degree in 2002.

Following a position working at AT&T Communications, in 2004 Andrew was successfully accepted to work for the UK Government in a cyber security role where he remained for 9 years, was promoted twice, became CISSP certified and completed a part-time MSc in IT Security at the University of Westminster achieving a distinction. Andrew was successfully awarded Australia Permanent Residency in 2010 and in 2012 moved permanently to Australia where he opted to reside in Melbourne Victoria.

Arriving in Australia, Andrew worked for CSC as a security consultant using his knowledge of control system security working with an energy company in Victoria and a mining company in Brisbane where he experienced the fly-in-fly-out lifestyle. Further roles included security manager and risk advisor within CSC/DXC. In 2018 Andrew joined Telstra as a security partner and manages the day-to-day operations of the Telecommunications Sector Security Reform (TSSR) activities within Telstra.

A keen networker, Andrew joined AISA, ISACA, ISC2 and ACS on arriving in Australia and has settled on AISA and ISC2 as his chosen cyber security associations of choice.
Andrew lives in Melbourne, Victoria and is a practicing security professional who recently started instructing as an ISC2 certified CISSP instructor currently teaching AISA members. In his spare time, he is a keen artist, painting in watercolour and oil mediums and has a number of limited editions prints in his collection.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?
My vision for AISA aligns with the purpose of the AISA company stated in the constitution as being to help protect people living in Australia from the harm that can be caused by inadequate and inappropriate data and information security practices and systems, and the examples provided in support of this purpose.
Having been an AISA volunteer since arriving in Australia and having directly benefitted from the time and effort provided by existing AISA members; I am a firm believer in giving back to the community and passing-it-on to others. I enjoy being an AISA member and seeing the other members benefit from our collaboration.
My personal vision is that AISA remains the primary association for Cyber Security within Australia and builds upon this to remain relevant to its members. To ensure this vision is achieved I would:

  • As someone who is passionate about education, I would look to build upon the excellent work undertaken in the webinar area to harmonise this aspect of AISA once we return to physical meetings. I have some ideas around greater use of social media and video journal reviews that are all aimed at members and build towards national and state/territory conference events.
  • I am keen to look into the leadership subject within the cyber security field and increase the information available to members with an interest in leadership and specifically the CISO roles. Currently at branch level I have been building a leadership series of webinars that aims to provide further information in this area.
  • I am keen to continue working with AISA national conference as I appreciate this event is the main financial driver for the association. I have some ideas around how we can continue to grow the event having attended a number of massive security conferences in the USA (e.g. SANS Fire and ISC2 security congress events (in 2012 and 2014)).


Mitra Minai

I am currently the Chief Information Security Officer (CISO) at Healthscope. I am in charge of defining and implementing Healthscope’s Security and Data Privacy strategy and roadmap to uplift the Security posture of the Organisation and deliver effective Information Security and Data Privacy solutions and services across the Enterprise to 43 Healthscope Hospitals.

I am a recognised leader in Technology, Data and Cyber Security controls transformation, successfully defining and implementing Centre of Excellence Technology and Cybersecurity functions across a multitude of industries, including some of the major International and Australian Banks. I am a trusted advisor to senior stakeholders including Board of Directors, Risk and Audit Committees, delivering effective governance and insights for investment and decision making.

I have been a Board Director of the ISACA Melbourne Chapter since 2004 and have been ISACA’s lead liaison to the International Standards Organisation (ISO) since 2014, working with International experts on the uplift of standards such as AS/NZS 31000 Risk Management, ISO/IEC 38500 IT Governance and ISO 27001/2 Information Security standards.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?

AISA has become a leading Information Security Association within Australia and is very well regarded amongst its members and the industry. AISA has built a strong platform to be the voice of security professionals and the security industry on a number of fronts. 

I am keen to bring the voice of AISA and all that the security profession stands for to the broader International market and communities of practice. This can be achieved through active involvement and contribution to ISO and other International Associations and organisations that aspire to continue to improve cybersecurity resilience across all industries and give back to communities. By contributing to and being part of the International Standards developments and actively engaging with the International Security Community, AISA will be well informed and at the forefront of thought leadership in International security trends and conversations. This rich knowledge  sharing, forward thinking ideas and vision can then be shared with the Australian Community and Security professionals as well as provide a more well-rounded perspective, advice and influence to Government agencies and organisations active in cyber defence and resilience. AISA can also influence the International Security community processes and practices, ensuring active alignment between all user groups.

Branko Ninkovic

Branko has over 25 years' experience specialising in software and cyber security.

Branko is known for his innovative and collaborative approach and the key to Branko's success is his ability to develop strong, enduring partnerships which are outcomes driven, providing value to all involved.

Branko is also the Australian Information Security Association (AISA) Sydney Chair. AISA is a non-for-profit organisation with a membership of over 7000 security professionals nationally.  Branko was the recipient of AISA's 2019 Branch Chair of the Year award.

In addition, Branko is also the cofounder of healthcare start up, VAXXIN8, a digital platform, whose mission is to protect healthcare workers from vaccination preventable diseases.
Branko is also a knowledgeable and engaging speaker on cybersecurity and business who has spoken at numerous events including IBM seminars and global vendor conferences, and a cybersecurity advisor to boards and mentor to young and upcoming cyber professionals.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?
My vision for AISA is an active national membership base to drive cyber security advocacy that leaves a lasting and positive impact across community, industry and government.

As a member since 2008 and as the current serving AISA Sydney Chair, I have had and continue to have the privilege to meet and engage with professionals and individuals. I have also had the privilege to speak to students and industry around awareness and to partake in government think tanks and initiatives in cyber security.

To realise my vision, I am committed to continuing and further developing and connecting with the good work and strong foundation in members and partners. I am determined to create impactful cyber security advocacy and to retain the position of the peak industry body for cyber security within Australia.

As members, the benefits vary and when asked are unique and different to each member. It's personal, and it's professional. This is a nod to the past 20 years. This is a nod to the past grit to provide members with a platform to connect and engage.

I believe strongly in this vision of lasting and positive impact, and I am committed to helping continue and nurture our AISA community of like-minded and progressive "members", of like-minded and progressive "individuals" all who harbour a path and who all bear a story.

It may be your path or your story, or it may be the story of your organisation or a government initiative that you strongly support or fiercely oppose.

Whatever your path or story, for me, AISA is where we all come together, and we all share our story, our view and our opinion.

And when we listen to these stories, in a safe environment, free of judgement or prejudice, we grow personally and professionally, we connect, and we share our insights and our knowledge.

These are stories that create a lasting and positive impact on ourselves and our communities.

These are stories that create strong advocacy and connect-one-another in our dynamic and challenging industry.

These are the stories I hope to continue with you as an elected AISA Board Member.

Sharmila Packiaraja

An ambitious and dedicated leader, Sharmila Packiaraja has demonstrated true value and success as a cyber security champion and positive role model within the industry and community. Through the many hats she wears – from Information and Security Manager, AISA Branch Executive and Ex-Officio Member for the NT Government’s Ministerial Digital Advisory Council to Lecturer at Charles Darwin University (CDU), STEM Ambassador and Diversity Champion. Working tirelessly to promote the importance of being cyber aware and cyber smart, Sharmila combines her knowledge of the complex global cyber security landscape with her extensive professional network of cyber security experts and her passion for education and skills building to bring simple, effective and meaningful cyber awareness and safety to Territorians in all walks of life. She demonstrates outstanding leadership, integrity and excellence as a cyber security professional, coach, and mentor through her workplace, industry and community engagements. 

This includes working with the NT Government, ICT Businesses and CDU to develop and deliver informative and educational training for students, junior members of the workforce, senior citizens and local business owners which not Nomination details only builds their cyber awareness, but also their skills and capability to protect and defend themselves from cyber threats.

She is also the recipient of the NT Cybersecurity Professional of the year at the 2019 Northern Territory Digital Excellence Award.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?

First of all, my efforts and initiatives will align with AISA’s vision to improve awareness on risk and dangers of cyber-attack and data theft to a wider audience - individuals, businesses and governments. There has been significant amount of initiatives that have been delivered by the existing board representatives in the past. At this point in time, I would like to join the team in helping to delivery on the existing work in the pipeline.  

In addition to that, I believe there are number of areas which would benefit from AISA’s focus which I would like to lead or contribute to: 
Cyber Safety Awareness and Education among senior citizens. 
Cyber bullying campaigns targeting school children.
Advocacy towards influencing the changes within Australian curriculum to promote the awareness and mindset of cyber from grassroots level.
Inclusion of Aboriginal and Torrres Strait Islanders in the broader cybersecurity discussions.
Revision of member benefits and tailored approach on delivering AISA services to regional  businesses, state and territory governments and communities
Building strategy around attracting those looking at career transition from other industries into IT and cyber areas. 

There are a number of activities which I have called out may not directly impact our member base. However, we certainly have an opportunity through those activities to strengthen our integrity in the community. This will in turn will bring more membership and allow AISA to review its membership model to include members we may not have traditionally looked at.   


Jeff Whitton

Expert ICT and Cyber Security executive professional with exceptional leadership, strategic vision, technical and analytical skills. Well-organised, systematic and diplomatic in building consensus and spearheading teams.

Passionate technologist, I have worked in the ICT industry for over thirty years and for the past 22 years in the role of Chief Executive Officer, Director of Engineering, Technology and Innovation. In this role I successfully led a technology and innovation company providing cutting edge services in Australia, New Zealand and Singapore. The team I led was made up of an elite diverse team of ICT engineers and strategists, Cyber defence and offence threat teams and project managers. Adept Technology and Cyber Security industry subject matter expert, exceedingly client and stakeholder focused executive that can talk on all technical and non-technical levels and articulate a clear understanding when presenting to Board and C level executives, public speaking or dealing with peers.

Fellow of the Australian Institute of Company Directors, I am an experienced board member and chair, expert in board meeting processes and governance. Expert in regulatory compliance, Australian Privacy Act, Sarbanes Oxley and GDPR, I am an accomplished company director, a member of the Australian Institute of Company Directors since
1994, graduating in 1995 and elevated to Fellow status in 2007.Highly trained and certified individual, I have an extensive track record of strategic leadership excellence across all disciplines of the OSI model. I am enthusiastic about using my skills and industry expertise in mentoring Board members, C Level executive’s and government members and agencies on ICT, emerging technologies and Cyber security.

Skilled at public speaking, I am a Local Government Councillor serving for the past seventeen years in Orange. This has allowed me to become familiar with the lobbing processes being involved with government members and public servant at the highest levels, leveraging the best outcomes for Orange and the surrounding region.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?
I am passionate about bringing like minded people together to share and learn from one another. AISA has become an institution that has attracted the best in the industry in to its membership. My vision is to see AISA as the primary advocacy for Cyber Security in Australia.

My role as a director of AISA board is to continue on with the vision and mission of the organisation that has seen the organisation become the recognised authority for information security in Australia. Promote our values and integrity growing the membership through advocacy, diversity, education, as the leader in this industry.

I believe the members, community, industry and government will benefit if I as a director understand and promote the existing Vision, Mission and core values of the organisation as a living statement of AISA.

Gareth Willis

Gareth Willis is an experienced cyber security professional whose expertise includes information security governance, risk, and engineering. He is highly valued for his strategic vision and advice and is a passionate community leader and active contributor to the information security profession.

Gareth has worked in and consulted across a wide variety of client verticals including oil and gas, mining, tech and gaming. His experience providing virtual CISO services to large national and international organisations uniquely positions Gareth to review, analyse and advise on cyber security threats and risk implications. Gareth relishes opportunities to
engage with organisations across the breadth and depth of cyber security issues.

Gareth’s in‐depth understanding of threat and risk has been finely honed throughout his career. He has conducted a significant number of risk assessments, created information
security and assurance roadmaps, while simultaneously building organisational resilience.

In addition to a broad range of cyber security qualifications, Gareth has an MBA from the University of Western Australia and is a GAICD.

What is your vision for AISA and what would you do to ensure that vision is achieved? How will members,the community, industry and government benefit?
As Cyber Security becomes more integral to the success of not only the modern business but the safety of society as a whole, the importance of a capable & representative peak body for cyber security is critical.

For AISA to achieve that vision it will need an ever more diverse range of cyber related experience, not only to engage members but advocate on their behalf to industry, government
and the broader community.

AISA will achieve this by:

  • Engaging with international peak bodies for cyber security and risk management
  • Retaining an experienced and capable board
  • Supporting members locally through strong branches
  • Working with cyber focused enabling entities such as Austcyber, the JCSCs, OSCS, & Cyrise
  • Broad outreach & engagement with local & federal government