David Powell

Managing Director - Security



David is a Managing Director in Accenture’s security practice and has over 20 years of experience in cyber security, primarily working with health financial services and government.

This experience encompassed all facets of cyber security including architecture, network, application, identity, intelligence, incident response, surveillance, governance and data security.

David has recently been work with the Australian national health system to uplift security. Prior to joining Accenture, he was the CISO at National Australia Bank for 12 years, where he ran large teams to provide resilience against cyber threats.

His recent emphasis has been on helping organisations deliver security solutions to mitigate risks against a deteriorating threat landscape, using industry leading technologies such as security data analytics, next generation SOCs, and AI for data discovery and classification.

Speech Topic & Synopses
Keeping Pace with the Threat Landscape

Keeping pace with the deteriorating threat landscape is becoming more difficult as threat actors devise new ways of infiltrating systems.

Understanding the threat actors and the techniques they use are critical in determining the likelihood of becoming a target and preparing mitigations as part of an intelligence-led security strategy.

The threat actors can be divided into 5 main types:

– Cybercrime: where criminals commit fraud for financial gain.

– Ransomware: where data is encrypted or systems are made inoperable in demand of a ransom.

– Intellectual capital: where data is stolen for commercial purposes, identity theft, etc.

– Hacktivist/Activist: where a motivated group or individual can disrupt business.

– Nation state: where foreign government resources are used for political gain.


Each type of actor uses different techniques, although the boundaries are now merging as zero-day malware becomes more prevalent, malware now runs in application memory, and advanced persistent threats once used by Nation State actors is now being used for Cybercrime.

Additionally, the measurement and reporting of security metrics is still performed poorly and many organisations do not understand the real number of attacks targeting their systems. Most companies now have over 90% of email categorised as spam and medium-sized companies are experiencing over 10 million attacks per month on internet gateways.

This presentation will provide examples of metrics and expose the real threats faced by organisations today, while providing practical mitigations as part an inclusive security strategy.