On April 9, Talenza and Cybercuity hosted a closed-door panel at Sofitel Brisbane, bringing together senior business leaders navigating the challenges of cyber uplift programs. The event was designed to encourage real conversations, with Chatham House Rules in place to create a space for honesty over buzzwords.

Over the course of the session, attendees heard from leaders who’ve delivered uplift programs in some of Australia’s most complex environments:

Jane Hogan France, Senior Manager Cyber Security, Allianz Australia (Moderator)

Scott Brown, Chief Information Security Officer, Rio Tinto

Jon Coleman, General Manager Cyber & Information Security, Energy Queensland

Martin Holzworth, General Manager Cyber Security, UnitingCare Queensland

While the format was informal, the insights were anything but.

Key themes from the session

Cyber strategy needs to serve the business

No matter the industry, uplift programs only stick when they align with the broader goals of the organisation. That means:

• Using business language, not security speak
• Understanding the commercial context you're operating in
• Making it clear how cybersecurity enables progress rather than blocks it

For example, one energy business has aligned every part of its security program with its "Best Operator" strategy. Other leaders spoke about the importance of tailoring cyber messaging to different sectors, translating technical initiatives into clear business outcomes.

Storytelling matters

Getting executive buy-in remains one of the biggest challenges. It’s not enough to have a strong strategy. The story behind it has to resonate.

Shifting the conversation from compliance to risk, or using metaphors like safety, helps leaders see how cyber fits into their world. Boards talk about risk, not security. It's up to security leaders to translate.

The basics still matter

While innovation and transformation often take the spotlight, many uplift programs still come down to fundamentals like identity management, patching, and cleaning up legacy systems.

One speaker noted that 90% of what their team does is hygiene. It’s not flashy, but it’s what keeps the organisation secure.

Several panellists emphasised the importance of setting expectations. Being clear about what won’t be done is just as important as sharing what will be delivered.

The role of the CISO is evolving

The conversation wrapped with a discussion on how the skillset of a modern CISO has changed. Today’s leaders need to influence, translate, communicate, and, importantly, know when to switch off.

The view was clear: it’s no longer about gatekeeping. CISOs are business leaders in their own right.

Wrapping up

After the panel, the conversation continued over drinks and networking. Attendees left with practical insights, new connections, and a few good laughs. Once again, it proved that the best conversations happen when you get the right people in the room.