Peter is a member of InfoGovANZ's Advisory board, Director in the KPMG Forensic Technology practice and his previous experience includes leading the Sydney Forensic IT practice of PricewaterhouseCoopers, and Acting Sergeant in the NSW Police High Tech Crime Unit.
Over the course of a combined 20 years in these roles, Peter has undertaken analysis of electronic evidence in hundreds of criminal and civil matters, presented expert evidence to state and federal courts, investigated and remediated internal and external data breaches for numerous organisations, managed complex electronic discovery environments, and provided advice to government, public and private organisations in relation to cybersecurity and IT governance related issues.
Tell us about yourself?
I’ve been really fortunate to have had opportunities to chase a variety of careers and interests. My career path started with the NSW Police which ended with a stint as a digital evidence specialist. This position helped me to jump into a career in digital forensics consulting at PWC, where I also completed an MBA at UTS. I then jumped into a lecturing position at the same uni while completing a PhD in IT Governance, keeping my hand in consulting with a part time position at Ferrier Hodgson. I returned to full time digital forensics and eDiscovery consulting at KPMG in 2019.
What has kept me in the digital forensics field for so long is the puzzle solving aspects – trying to piece together actions and motives from digital activity traces is a great challenge! I’m also a dad to three wonderful kids (including a set of twins) who are really good at soaking up most of my free time.
What led you into the world of Information Governance (IG)?
My professional focus is primarily on forensic technology, electronic discovery and post-IT incident review. Much like when I was a police officer, working in these fields has meant I usually turn up at an organisation when they are dealing with a crisis.
Over time, I began to identify common themes in the underlying causes of IT incidents I investigated that generally led back to either a lack of an effective IT governance framework or the failure to properly implement/follow the framework. This realisation was what lead to my interest in IT governance and my PhD topic.
Tell us about your current role in IG?
My current role is investigating breakdowns in good IG practice – everything from technical security incidents to IT procurement & project failures. In addition to providing expert reporting where necessary, I also identify root causes and provide guidance for improvement where the job scope allows for such.
What pressures are organisations facing to ensure IG best practices?
As there always has been, there is a constant friction between following “best” practices and workflow efficiency (e.g. the battle between data security and availability). On the flip side, I think many organisations still fall into the trap of thinking that IG is really just risk management with a fancy name. The pandemic, rise in privacy regulations and constant newsfeed regarding IT security incidents has really driven this risk focused view to the fore. However, it is important that those charged with responsibility for IG need to be thinking in terms of both risk and reward when it comes to information and technology.
What are the biggest developments you have seen in the IG?
In the last 5 years we have seen a lot of activity in the IG thought leadership space – it is great to see industry bodies and professional groups really trying to build comprehensive frameworks and guidance around a holistic view of information and technology rather than continuing to build in a piecemeal way. Leaders have become increasingly aware of the value of properly governing organisational information, however this has unfortunately given rise to a far more active and dangerous criminal element seeking to profit from this increased realisation of value.
Do you have any tips for someone starting out in IG?
IG is such a broad field, and even amongst experienced IG specialists there are very few who could accurately claim to be fully across everything that IG encompasses. I would recommend picking one or two focus areas that are of interest and specialising in that field. Once you have developed a core skillset it will help you to branch out into other areas (via training or other professional development), understand how your area ties into (or should tie into) an IG framework and identify opportunities to put forward or participate in IG efforts within your organisation.
With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?
Organisations are still sorting out their preferences on cloud technology and machine learning, dealing with the challenges of unstructured data and privacy regulations, and grappling to really understand the risks and benefits of these issues at a leadership level. This is where IG really needs to come to the fore to help leaders make sense of the wild array of tech, legal and operational issues at play.
We will see better performing organisations really break down the cultural and functional silos between IT, internal counsel, risk management and operations to ensure that the risk vs reward for technology opportunities is properly understood and effectively acted on. These organisations will have responsive and evolving IG frameworks in place, almost certainly giving them a competitive advantage over those without.
Why is it important to be a member of InfoGovANZ ?
Information technology is such a rapidly evolving field, even in a highly specialised area such as digital forensics I am constantly learning and updating my knowledge. Expanding that out into all of the legal, risk and operational aspects encompassed by IG – it becomes an increasingly difficult task to stay on top of just the critical issues. Participating in InfoGovANZ events and reviewing the great content coming through the newsletters has not only given me a great way to stay on top of current events, it has also given me the opportunity to meet and become acquainted with an amazing group of individuals from a vast array of backgrounds. It really has helped me feel that if I don’t know the answer to an IG question, I surely know someone who does!