PODCAST: Cyber security and the modern battlefront – Mohan Koo, Dtex

Tune in as he and host Phil Tarrant explore what’s at stake for the Australian public, why the Defence Force is still playing catch up, as well as new initiatives that could identify and fast-track innovative technologies that will aid the industry and allow the country to become the world leader in this space.

Enjoy the podcast,

The Defence Connect team.

Make sure you never miss an episode by subscribing to us now on iTunes

Listen to previous episodes of the Defence Connect podcast:

Episode 435: PODCAST: Putting veteran families first, with the Families of Veterans Guild’s Renee Wilson
Episode 434: SPOTLIGHT: Mission engineering – a missing piece of the capability puzzle, with Downer’s Rachel Hatton and Nathan Rickard
Episode 433: SPOTLIGHT: Introducing the Australian Digital Defence Industry Matrix, with BenchOn’s Tim Walmsley
Episode 432: SPOTLIGHT: What does sovereignty mean in a post-DIDS industry? With Stephen Kowal, CEO of Atturra
Episode 431: PODCAST: Developing Army’s hand-to-hand combatives program, with Paul Cale
Episode 430: PODCAST: Aussie innovation supporting navies around the world, with Jeffrey Hawkins, Pivot Maritime International
Episode 429: PODCAST: Commercialisation essential to the success of space and defence industry, with Brian Lim
Episode 428: PODCAST: Firebrand topics on Ukraine, Israel, and Australian conscription, with Corporal Matthew ‘Willy’ Williams OAM
Episode 427: PODCAST: Unpacking the surface combatant review with the Honourable Kim Beazley AC
Episode 426: PODCAST: WA ready, willing and able to support defence industry opportunities – Paul Papalia CSC MLA, Minister for Defence Industry and Veterans Issues

Full transcript

Phil Tarrant: Well g’day everyone, Phil Tarrant here. I'm the host of the Defence Connect Podcast. Thanks for joining us today. We're going to have an interesting discussion around what is the new face of warfare today, cyber. It's the modern battlefield ... It's a modern battlefront, and we're going to get into the meat of Australia's ability to be prepared for ongoing attacks from a cyber-perspective, and how it's going to gear and arm itself to ensure that we can maintain and be protected for the years ahead. To help me with this, because it's way outside my pay-grade, I have Mohan Koo, who is the CTO and founder of a company called D-Tex. How are you doing, Mohan? Are you good?

Mohan Koo: Great Phil, thank you.

Phil Tarrant: We were just chatting quickly off air, and you've got an interesting back story to how you ended up doing what you do today, and we'll get into that a little bit later. D-tex has been around for ... I think you mentioned 2000, so 17 years. I imagine the world has changed quite a lot in that time.

Mohan Koo: Dramatically.

Phil Tarrant: From your perspective. What I like to start this Podcast with, and I want to tick off a few things today, and that's about how prepared we are as a nation for protecting our national interests, but then what are we doing to ensure that moves into the future. How would you explain the world today versus what it was the turn of the millennium, because I think it's really crept up on Australia, very fast, just how much of an issue this is, and potentially how unprepared we are in terms of protecting our assets.

Mohan Koo: Absolutely, well, I'll start by saying, the whole world is kind of unprepared for defending itself against cyber-attacks, and the reason is the bad guys are so much better at collaborating than the rest of us, and the game is changing so quickly, and the techniques that they use are developing so fast that if we're not sharing ideas and thoughts in the same way that they're sharing ideas and thoughts, we'll never catch up to them. In Australia, particularly in the last year, I've seen tremendous growth in the cyber security industry, tremendous growth in investment from Federal Government, State Government and Private Industry. It is the right time, we are spending the right amount to improve ourselves, but certainly we are playing catch up.

Since 2000, when we started this, back then there wasn't cyber security, it didn't even exist. It was called IT security, and not many people even knew what it was back then, but really all it is, is security. It's no different to any kind of physical security that we're used to in our airports, and in our homes, and in our office buildings. It's the same thing, it's just all online nowadays. Being able to protect ourselves from hidden dangers and unknown unknowns, is really the difficult challenge.

Phil Tarrant: Has it been a, like an, "Oh, shit," moment, do you think, on behalf of the Australian Government to say, "Hang on a second, we should have really looked at this some time ago?"

Mohan Koo: Absolutely, absolutely. I think the current Prime Minister in [inaudible 00:02:50] has really shone a big light on it. From the start of last year, I think things started to change. Everybody started to realise. Some new structures started to get put in place at Federal Government level, which is really driven some strong impact. For the first time every we've now got a Minister for Cyber Security – and Minister Tehan is doing a great job – and we've got Alastair MacGibbon who's the Prime Minister's special advisor on Cyber. They're really driving hard. It's a tough gig, because there's a big cultural shift that's required if Australia's really going to take the bull by the horns, and I really do believe we have an opportunity in front of us right now, that if we keep the rate of change going, we can really lead the world in cyber security.

We have a fantastic education system here. We have a lot of talented young people that are coming up into the technology space. If we help guide them, and we give them the right direction and if we give them the right opportunities, we've got a really strong opportunity, not only to fill bums on seats that are needed here in Australia to protect Australian Defence, Australian Government, and Australian businesses, but also to export them, to help protect other businesses and Governments around the world.

Phil Tarrant: Let's break down cyber security within the defence industry community. It's on everyone's lips at the moment, and I think the government has indicated its ongoing investment into this as another arm of our protection force. I don't think a lot of people actually understand what it is and what it does. From a defence context, can you just give me a very quick description of what cyber security is? How would you frame that?

Mohan Koo: Sure, well, if you look at the way that cyber security has kind of changed over the last 10 years, it's really quite interesting. When cyber security first became coined, round about 10 years ago, the focus was all on Malware, it was all on attackers from the outside, it was all on hackers trying to get in and break through the firewall, or break through the perimeter to get inside organisations. Really, that has been the large part of the focus in cyber security for the last several years. In the last three years, I guess, the realisation that it's all about people, it's about a people centric approach to security, because we've done a lot to protect our perimeters, but now the perimeters are eroding. Everyone is mobile, everyone is on a mobile device.

People are connecting to networks all over the place, not just for defence, but for any organisation that's out there that's looking to protect their people, looking to protect their data, whether it be shareholder data, whether it be intellectual property, whether it be personal data about citizens that are out there. It's not just about stopping the hackers, and stopping Malware, it's also about teaching our people inside the organisation that touch the data legitimately, and do things on the network ... It's teaching them how to do things the right way so they don't unnecessarily open up vulnerabilities. If we train our people right, it's not the responsibility of someone that you hire in a security role. Let's say, if you're a big bank and you hire a Chief Information Security Officer and you say, "It's their job, and their teams job to manage the bank's security." That's the wrong approach, it's everybody's job.

It's their job to help drive that cultural change and supervise that, make sure the right technologies are in place, but if you don't shift the culture all the way from the top, to the bottom ... It starts at the CEO, it goes all the way down to the janitors, right? It has to be everybody's responsibility. In a defence sense, it's exactly the same, it has to start at the top, it has to go down to the bottom, and importantly for defence, it includes the supply chain. It's not just about employees within those defence organisations, it's also about all the contractors all the way down the line. People that are providing services, touching the data, touching the networks, or having access, we need to know what's going on.

The big shift, really, in security over the last few years has been moving away from this lock and block security technique where we restrict what people are doing, we stop them from accessing certain things, to being more open in culture, because you got Millennials coming through now. They're very open, they want access to their Social Media. They want to do things that is normal for them. We want them to be creative. We want them to be innovative, because that's how we compete, but we need to know what they're doing. We need to adopt the trust but verify approach, where we give them access to what they need, let them get their job done, but we verify. If they make a mistake we can teach them. If they do something bad intentionally, we know that we have the evidence to do what's needed to be done.

Phil Tarrant: You look at the outcome of poor cyber security, so there is numerous examples about people getting advantage over nations, over nations, or other groups by securing information that they shouldn't have, right?

Mohan Koo: Yep.

Phil Tarrant: Part of it is because of a cyber-breach of some sort.

Mohan Koo: Yes.

Phil Tarrant: It's a very different world that we're operating but it's still the same bases, right?

Mohan Koo: Yep.

Phil Tarrant: People want to get information that they shouldn't be getting. Also, you have a new paradigm where you have, say, Russia, for example, meddling with peoples' elections process, right? There are a lot that can be done via this very useful tool we now have called the internet. When you look at that and frame that within the Australian context, the way you paint it from people from all levels of the defence environment, but also from the contractors, everyone has a responsibility to ensure that stuff remains stable, but I'm going to take your point that it needs to be bottom up top down. Everyone needs to have their responsibility.

Mohan Koo: Yes.

Phil Tarrant: I don't think that people yet have that mindset.

Mohan Koo: They don't.

Phil Tarrant: How do we change it?

Mohan Koo: That's a very, very good question, Phil. The cultural shift needs to start taking place now. We have successfully engaged the people at the top to understand that there is a problem, that we are behind the 8-ball, and we have to do something about it. That's a start, that's a good starting point, but actually being able to push and get everybody in every organisation to understand cyber security, really starts at the street level. It starts with the citizens. It starts with the moms, with the dads, with the grandparents. They all understand cyber security is a problem, but they don't understand what it is.

They don't understand exactly how it's affecting them, and they don't understand what they can do to stop the problem. I think we have to start driving that education really at the grassroots, because if people understand how cyber security affects them personally, then it's very easy for them to see how they should behave when they're inside Government, inside Defence, inside a business. Starting with getting everybody to understand how it impacts them personally, I think, is the right place to start to change culture.

Phil Tarrant: I know you're working with Government, but also Industry now, and also Corporate Australia, across a number of different areas to get their mindset changed, but also equip these organisations with what they need to ... I imagine it's a deterrent, but it's also a protection type thing. In your work with the Australian Government, from a defence perspective, what sort of conversations are you having with them? Is it, "Let's do this for the future," or, "Let's get this fixed right now, and then we can think about the future?"

Mohan Koo: It's absolutely both.

Phil Tarrant: Okay.

Mohan Koo: Right now everybody recognises we've got to catch up, so we're trying to do the best that we can to help them catch up. The difficult thing, I guess, about any government anywhere, in dealing with any government anywhere, is the bureaucracy that you have to go through to make change happen. There is a drive to do that, and one of the things I'm really impressed about with Australian defence is that they are taking innovation seriously. Now, if you look at any other defence organisation or an agency in any country, it's difficult to onboard new technologies, it's difficult to change processes, it's difficult to change policies, because you've got to go through that bureaucratic process to get there. In cyber security, if it takes a year, two years, three years, to initiate change, in cyber security that's a whole lifetime.

Things have changed, and completely, dramatically evolved in that two to three years. We need to enable organisations to onboard these technologies and change their policies, processes, and cultures much, much quicker than that to have a good effect on cyber security. Australian defence has stood up a new organisation called, "CDIC." CDIC, their job is actually to rapidly identify and onboard new and innovative technologies that can help Australian defence. That is a really good initiative. It is really working, and I hope that wider government can adopt a similar approach.

Phil Tarrant: You mentioned beforehand that you feel that Australia, if it gets it right, it can be a world leader in cyber security. What are those three things that need to happen for us to achieve that?

Mohan Koo: There's a few things that need to happen. Number one, we need to harness the talent. We need to identify and harness it, right, because we have got a great education system. Australians are in a very unique position globally, because Australians are pretty much trusted everywhere we go, and it's not just Western countries that trust Australians. We can be trusted literally in every country of the world. That's something that's not easy to develop. That's something that's unique to us.

Phil Tarrant: Why do you think that's the case?

Mohan Koo: The culture of Australia is seen to be very open and honest. We're a hardworking breed of people, and we say what we mean buy and large. There's always exceptions to the rule, but buy and large, that's how we're viewed. I spent many years working in Europe, and many years working in the US. Everywhere you go Australians are given jobs first just because-

Phil Tarrant: It opens doors.

Mohan Koo: It opens doors. It opens doors. Interesting-

Phil Tarrant: Sorry to interrupt you there.

Mohan Koo: No worries.

Phil Tarrant: No, no, this level of openness allows Australia to take the advantage and be on the front foot and move quickly. What are those other couple of things you think that we need to do to be the world leader in this space?

Mohan Koo: I think what we need to do is to have and find ways and means to be able to identify that talent and put them in jobs as quickly as possible. It's not necessary, and this is a mentality that we have to change. It's not necessary to put someone through a full on, three year degree in cyber security, and then, only then, they can be ready to walk into their first job in cyber security. We can be teaching people on the job. We need to build their foundation skills. They have to have an interest, they have to have a keen interest in the space. They have to be intrigued by it, and wanting to learn more about it, and naturally kind of driven that way. If they are, we can groom them in those positions throughout their working career. One of the things that we've ... one of the initiatives that we've kicked off together with the Australian Cyber Security Growth Network, is the Defence Industry Cyber Challenge.

We launched that last month in South Australia, and the first competitions will be run in August whereby what we're trying to do is open the aperture right up, so that we're not talking just about University students. We're talking about secondary school students, high school students, because at the end of the day, kids are determining what they want as a career as young as 12, 13, 14 these days. If we're not approaching them, and interesting them in the topic, we're going to lose that pool of people as well. As well as that, we're trying to go out to the workforce and say, "You might already be in a job that's not cyber security, and you might not have considered cyber security, and yet you may have the talents to apply."

We're creating these competitions so people can try their hands at cyber security and see if they like it, if they're talented at it, and if they are, we'll find positions for them because the demand and supply is well out of balance globally. Right now, people that have cyber security talents of any shape or size are in huge demand and we just cannot fill those positions. That's why I think it's a really unique position for Australia if we can grab hold of that.

Phil Tarrant: We're talking about manufacturing more cyber security experts. What's the DNA of someone that would be interested in this particular space, because I imagine they're sitting behind a computer, right? What are those things? What sort of interests do you need to have to be able to see this as a potential career?

Mohan Koo: Yeah, so first of all, the view and the perspective is very common that if someone's sitting behind a computer with a hoodie-

Phil Tarrant: Yeah, that's why I asked you that.

Mohan Koo: Tapping away at a keyboard, but cyber security is much bigger than just code, right? It's much bigger than just hacking. It's about understanding the threat and how an organisation needs to react to that. In many cases it's a business application, rather than a technical application. Some of the competitions that we run will be based on gamified situations where we might have contestants pulled into a team of, say, four or five, and they will represent the Executives of a company, maybe the CEO, maybe the CTO, maybe the CISO, and a breach happens, how does that organisation react? How do they manage it from a HR perspective? How do they manage it from a legal perspective? How do they manage it from an interaction with the media perspective?

These are all really important aspects to cyber. It's not just about tapping the keyboard, and sitting behind a computer, but how we develop those skills and what kind of skills are required. It really is more about an inquisitive mind. It's about someone who understands the complexities or even wants to understand more about the complexities of cyber security of cyber space and living online, and how our identity can be compromised online, and then putting yourself in the mind of an attacker or someone who's going to use that data to do something bad, and then figuring out how we solve that problem.

Phil Tarrant: As another arm of our Defence Force, say, in terms of protecting our assets from a cyber-perspective. If we do not get this right-

Mohan Koo: Well, we're starting to see it on a daily basis already, right? If you compare the amount of breaches that are coming out in the newspaper right now, compared to a year ago, it's grown exponentially just over the last year, right? That is not going to slow down, it's going to keep going. The question is, how do we deal with that? How do we react to those problems? The breaches aren't going to stop. It doesn't matter what technology you put in place, we have to get better at how we deal with the problem. It's time that everybody wakes up and realises that we already are breached. In every network, in every organisation, we already are breached.

There's people inside those companies that are doing bad things. There's people inside those organisations and those defence facilities that make mistakes, and those mistakes are vulnerabilities that outsiders will take advantage of. How we identify and detect those problems before they become breaches and before they become public is really important, but then also how we react when it does become public, and how we deal with the fallout from that in preparation for those events, is really important as well.

Phil Tarrant: We spoke really briefly before we come on air about, most peoples' paradigm around cyber security is evil hackers sitting somewhere else in the world, pinging and trying to get in and breaking down walls, but most of the time, most networks and most businesses, or organisations, or defence organisations, are compromised from within.

Mohan Koo: Yes.

Phil Tarrant: It's good old fashioned just people opening the front door.

Mohan Koo: Yep, absolutely. Opening the front door, and all forgetting to close the window. More and more we're seeing the espionage cases happen, where outsiders realise it's actually too difficult. It's too expensive for us to hack this organisation and get what we're looking for, because even if we manage to get through and get inside, we still have to search for what we want, what's important to us. Most people that work for big organisations can't find what they're looking for when they have legitimate access, right?

Phil Tarrant: Yeah.

Mohan Koo: How are you, as an outsider, going to find that even if you do get in? The quickest and easiest way to get access to data that you shouldn't have access to, is to pay somebody on the inside, or coerce somebody on the inside, or force somebody on the inside, to give it to you. Somebody who's got legitimate access, somebody who knows their way around the network. It's good old fashioned spy work that's going on out there.

Phil Tarrant: Yeah.

Mohan Koo: Now you can just kind of see from that explanation, cyber is not some weird kind of aspect to security, its traditional security. It's no different, except that it's online.

Phil Tarrant: The future for us as a nation, you say, is to be world leader in this regard. I think you've painted a very vivid picture, quite an alarming picture, that people always frame our skill shortages as we don't have enough plumbers and builders, and not enough traits people, but it would appear that this is an area, which is going to be essential to not only our economic, and political sort of strategy health moving forward, but is something, which is going ... In a global context is quite considerable. How do we change our mindset? How do we manufacture more of these talented people, because this initiative you spoke about is great, but it's only the tip of an iceberg, I imagine.

Mohan Koo: Sure.

Phil Tarrant: Need to start from absolute grassroots, and show this is an attractive industry to be within.

Mohan Koo: Absolutely, I'll go back to the one word again, it's "collaboration." We need to collaborate more. We need to be prepared to take risks, and make mistakes to be able to learn and grow as a nation. We need not only Federal ... Federal Government can only lead, in cyber security, to a certain degree. We need industry to get behind it, we need academia to get behind it, and we need everybody to stop operating in silos. Everybody has an initiative in cyber. Every organisation in this country has some kind of an initiative on cyber, but we're all not talking to each other.

Phil Tarrant: Is it just an inherent and strange thing that we sort of like to be a bit closed when it comes to this sort of stuff?

Mohan Koo: Yeah, I think it is. We are traditionally a very conservative culture when it comes to business and when it comes to government. We tend to keep things pretty close to our chest, but in the game of cyber security, if we're not collaborating ... Even competitors, direct competitors, should be collaborating in this space, because if someone ... If one company, or one business, or one defence organisation gets hit, it affects all of us. We all have to come together and support each other and stop reinventing the wheel. We can help each other improve quicker if we collaborate in the process.

Phil Tarrant: In a business like yours, I'm quite interested about we spoke very theoretical at the moment around cyber and the opportunities for Australia to really invigorate its position in this marketplace, and the reasons for that. A company like yours, what do you guys do? Do you sort of ... If someone says, "Hey, look, we've got this issue, can you come in and tell us where we're vulnerable, and can you fix it?" Is that pretty much it?

Mohan Koo: Yeah, so what we're doing is, we're approaching security from a very, very different approach. We're very focused on the people centric view of the world, and helping to change culture. How we're doing that is with user behaviour analytics. What user behaviour analytics does, it looks at, across an organisation, it looks at all the files that are touched, and all the things that people are doing to create patterns, to be able to baseline what's normal for people and what's not normal, and look for those abnormalities.

It gives us an ability to be able to detect something changing that might represent something bad, or a threat to the organisation before a breach happens. Not just focusing on the second that data gets stolen, because that's already too late, the horse has bolted. Focusing on understanding how behaviour changes before an event like that takes place, so we can detect those behaviours and then prove that -

Phil Tarrant: This is like minority poor cognitive thinking, being able to say, "Hang on a second, we predict this is going to happen because of all this learning that we have..."

Mohan Koo: Exactly right.

Phil Tarrant: Okay.

Mohan Koo: Exactly right.

Phil Tarrant: How's that focus, or how's that approach resinating with both government and Defence Force Security Organisations, do they get it?

Mohan Koo: Very well. They actually do get it. The challenge that I was mentioning before is not, do they get it? The challenge is, how do they onboard it quick enough?

Phil Tarrant: Quickly. Yeah.

Mohan Koo: If it takes a year and a half, two years, to procure a solution, that solution has completely changed by the time that gets onboarded. We need to help them be more nimble when it comes to onboarding new technologies. It's not just about onboarding new technologies. Gone are the days when an organisation can think they can buy a new piece of technology and it's going to fix the problem. It's not. Technologies that are going to really help are the ones that actually drives change in the organisation from a cultural perspective.

One of the things that we're doing is not just looking for the bad guys, we're predominantly looking for the mistakes people are making, and identifying those mistakes as teachable moments, and helping them to learn, "You did this, we've seen you just do that. Here's the reason why you shouldn't do that. Here's how you do it better next time." Over time, that is inherently changing across an entire organisation so that you get everyone to think with a security conscious mind, and it's security by design, not by force.

Phil Tarrant: This is a perpetual problem – we're never going to solve it. What's the best we can have? What's as good as it's going to get? Is it's going to be, we can deal with more threats, we can understand when a threat is coming forward, and we know how to react and deal with it. We're never going to stop it.

Mohan Koo: Yes.

Phil Tarrant: What's the best it can be?

Mohan Koo: Yeah, you just, you summed it up perfectly.

Phil Tarrant: Yeah.

Mohan Koo: It's about knowing how to deal with those problems. It's about getting better at detecting them, so that when we detect them earlier, we can stop as many as we can. We're never going to stop them all. The ones that do get through, the ones that slip through the cracks, we just need to know how to deal with that better as organisations, and as a nation. How do we react? How do we contain the problem, and how do we keep everybody realising that we're dealing with the problem as best we can, and we're good at it?

Phil Tarrant: If you had to compare corporate Australia, or corporate America, or corporate somewhere in Europe, versus our Government's approaches of security? Are they on par? Is the CTO in a large bank more on to this than the Chief Information person within a defence organisation?

Mohan Koo: It's a good question, right? I think if you look at the big four banks here in Australia, again, we're a very conservative culture. We're changing the game right now, I think there's a lot of investment going into it from a banking and a Telco perspective, but we're not moving fast enough. There's certainly a lot more that we can be doing. Again, I'll say it's collaboration. We're just not collaborating enough. We're not helping each other enough. We're not sharing ideas. That's what we'd like to see, and that's one of the reasons why I'm returning back to Australia right now, is to see is what can be done to help bridge that gap between industry, and government, and Academia, because that is really what's going to drive this.

Phil Tarrant: In the years ahead, are the big four banks going to be poaching the government's cyber people? Or is the government going to be poaching the big four banks…

Mohan Koo: It's happening all the time, and that problem will not go away until we relieve the skill shortage, because there's just not enough people to go around to fill all the jobs. We're stealing people from each other. That's happening globally. That's not just in Australia, that's a problem right across the world right now, so again, we just need to identify more talent and put them in the jobs.

Phil Tarrant: How big is that gap do you think, between what we're manufacturing in terms of people and…

Mohan Koo: It's huge.

Phil Tarrant: It's getting bigger and bigger.

Mohan Koo: It's getting bigger and bigger, because as the problem grows, as you see more, and more breaches in the media, that triggers people to panic, it triggers more budgets in cyber security. As it triggers more budgets you need more head count, as there's more data growing and more analytics to be done, you need more people to analyse that stuff. The problem is definitely not going away. This cyber security, and this is one of the things that I really want to impress on young people out there, cyber security is a really, really strong industry to build a career in, because if I wind the clock back three years ago, I have some of my best friends are the Chief Information Security Officers for some of the Fortune 250 organisations.

I have three in mind right now that were, three years ago, were sort of paid quarter of a million dollars a year, to be a Chief Information Security Officer. Those three guys are now well over a million dollars a year. That's just in three years. Their salaries have more than tripled.

Phil Tarrant: That's reasonable money, you know, you can't say no to it, and sort of a career growth and a career projection, that's pretty good.

Mohan Koo: Absolutely, absolutely.

Phil Tarrant: Cyber security people, the IT workers of the late 90s, where just because you did that an IT degree you walk out and you get paid a couple of hundred grand just to do one of the most basic jobs. These are the most attractive, tech, based people in the market right now?

Mohan Koo: Absolutely, and if there are people that are prepared to travel, then the world is your oyster, because there are so many organisations out there that just cannot fill the spaces right now.

Phil Tarrant: Does it worry you on a personal level?

Mohan Koo:       It really does.

Phil Tarrant: When you sit there and think, because you have looked under the hood, and you actually understand the workings of this much better than most people. Does it concern you as a nation, that we have these big holes that can be exploited?

Mohan Koo: It really does. I mean, I have three young kids. I have a 13 year old, and an 11 year old and a 6 year old, and it worries me what they do with their data. It worries me what other people do with their data, because once you're compromised, once your data is out there, you cannot get it back. It does not come back. People think that they, they put things on Facebook in private mode, and it's all protected. It's not, once it's out on the internet people are going to get access to it. Anytime, anywhere, anyhow.

We need people to understand that, and to think about ... You don't want people to be paranoid but at the same time, just understand the risks. Understand the consequences and know the decisions you're making will have an impact.

Phil Tarrant: For defence industries, we're talking about Primes and also the SMEs, what would be your message to them in terms of enhancing their focus on cyber security because I imagine moving forward. Organisations, which are deemed to be weak in this regard is probably not going to win those big contracts. There's a real business case for this as well.

Mohan Koo: There's a huge business case for it. Today, if you want to win big government and big defence contracts, if you're not able to demonstrate that you have strong cyber security practises, you will just not get the awards. It's that simple. Even down to the really, really small service providers that ... Mom and pop shops, they have to be thinking about cyber security, they have to demonstrate they've exercised some diligence in their thinking around cyber, otherwise they're just not going to be getting the awards.

Phil Tarrant: I really enjoyed the chat, Mohan, for Defence Connect, cyber is a big focus of ours, and it will be into the future. If I was going to summarise this conversation, a couple of key points I pulled out was ... You've changed it, I think, a little bit. Number one, the government is trying to take this technology, or these processes quick to market, and it's imperative for the nation, and it's very comforting to know that, that is happening, and that they're working on it as well in trying to do more.

The most alarming thing for me is the skills gap. People are going to make the difference in this regard. You're talking about AI, and predicting when these things might be happening, but you need some smart people behind that, creating that tick to make sure that we can do that.

Mohan Koo: Absolutely.

Phil Tarrant: It's good. Anything to finish up with, mate? If you had a one message for defence, in defence industry around cyber, cyber security, what would it be?

Mohan Koo: It's just keep going back to the same thing. It's all about collaboration. We're actually starting to see it now. We're seeing the defence contractors getting behind this, and supporting things like the cyber security challenge. We've just got to keep going, we got to keep collaborating. We need more round table, we need more discussion. Let's keep it going.

Phil Tarrant: Just on the cyber security challenge, when is the first ... We'll check it out and we'll report on it, but what does it look like?

Mohan Koo: The first competitions for the defence industry cyber challenge in South Australia, which will be a National challenge, is just going to be hosted in South Australia because of the defence industry down there.

Phil Tarrant: Do you have to be there, or you can do it remotely?

Mohan Koo: You can do it remotely, anywhere you are.

Phil Tarrant: Good.

Mohan Koo: It's going to be open to high school students. It's going to be open to university students, and it's going to be open to people with jobs right now. As long as they're not in cyber security and they want to try their hand in it, it's going to be a fantastic opportunity.

Phil Tarrant: You've talked about, and I've got to wind up, but you talked about, my comment being that the typical perception of cyber security is someone sitting behind the computer with a hoodie on, lurking around the dark web, but you talked that it is a people’s business. If you're not particularly technologically apt or capable, or not that interested, but you like the idea of it, so you're a good people person. You might be a good commerce person who can manage these types of things.

Mohan Koo: Exactly.

Phil Tarrant: You can get involved even though if you're not a techy person.

Mohan Koo: Absolutely. That's the message. That's got to be a message that's loud and clear. This is a business challenge. This is a commercial challenge and this is a government challenge. Anyone that can think outside the box, and apply themselves, and use their initiative to think ahead of the curve, that's what this is all about.

Phil Tarrant: Good. I think that's a good way to summarise cyber security in Australia. Just think ahead of the curve, and -

Mohan Koo: Exactly.

Phil Tarrant: Be prepared. It's good. Mohan Koo, thanks for coming in. Mohan is the CTO and also founder of Dtex. Go and check it out, it's online. You can learn a lot about what these guys do. Thanks, mate, it's really good. Thanks for tuning in today. Remember to check out defenceconnect.com.au, It's a very safe, cyber safe site, which you got to build for the future these days. We are on all the social channels as well, Facebook, Twitter, LinkedIn, just search for "Defence Connect."

If you have any questions for myself, or for Mohan, email the team editor at, defeneconnect.com.au, and we'll pass those on and get them answered for you. If you're interested in coming on the show and having a chat on what you're doing in defence base, getting in contact as well, send me an email. We'll be back again next week, until then, we'll see you later, goodbye.