• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.


    Add comment
Garrett O'Hara

Gar’s guest this week is Jacqui Nelson, the CEO of Dekko Secure - an Australian software company that helps government, law enforcement, medical and legal organisations secure their workflows when working with sensitive and confidential information. Jacqui walks Gar through her journey from an investor in Dekko to CEO, her passion for solving business problems, Dekko’s new end-to-end encrypted video conferencing software, and delve into the importance of trust – not just from a digital perspective but across every facet of business and our lives.

New Aust Cyber podcast:


The Get Cyber Resilient Show Episode #26 Transcript

Jacqui Nelson: [00:00:00] Trust is paramount not just in the digital space, it's paramount in every, you know, every section of our lives.

Garrett O'Hara: [00:00:12] Welcome to the Get Cyber Resilient podcast. I'm Garrett O'Hara, and this week, I'm excited to be joined by Jacqui Nelson who's the CEO of Dekko Secure. Jacqui didn't come from the cybersecurity world, but was initially an investor in cybersecurity via Dekko Secure five years ago. In her words, she loves solving business problems, and today, she gets to do that working with two deeply technical founders. The importance of trust is definitely a theme in this episode.

We hear from Jacqui on her journey through cyber and the importance of transparency and traceability, the disconnect between hype and reality, how doing the right thing can be a competitive differentiator, and we talk through what Dekko are doing around their secure collaboration platforms, including the just launched DekkoLYNX end-to-end encrypted video conferencing platform.

I'm actually looking forward to using DekkoLYNX next month, for a CISO round table being run by Chris Cubbage, where Shamane Tan is moderating.

So lots in this episode, please do enjoy.

Welcome everybody, today I'm joined by Jacqui Nelson, the CEO for Dekko Secure, how're you going Jacqui?

Jacqui Nelson: [00:01:18] Very well thanks Garr, great to be with you here today.

Garrett O'Hara: [00:01:21] Yeah, great to, uh, to have you along. And cracking day in Sydney, I'm looking at a- a amazingly bl- blue skies, but I got told it's going to rain this weekend, so a bit of a bummer, but, um, yeah, looking forward to it. How's your Friday going so far?

Jacqui Nelson: [00:01:34] Yes, very, very nice I must say. Uh, I did notice that beautiful clear sky today. I had, uh, I had the pleasure of walking along the foreshore, uh, on my way to the office this morning. And it certainly is a spectacular Sydney day out there.

Garrett O'Hara: [00:01:48] It is, yeah. It's a beautiful city, that's for, uh, for sure. So, Jacqui, you're the- the CEO for- for Dekko Secure and, um, you know, the opening question for- for the podcast is always like; how did you get there? Um, obviously you're working in cybersecurity in Australia and- and leading a- a company locally, what was your pathway to- to CEO?

Jacqui Nelson: [00:02:08] Yeah, great. So, I think the interesting thing for me as the CEO of a, like you said, a cybersecurity company here, is that I'm actually, uh, not a technical person. Uh, so that is, uh, that's actually, uh, quite an interesting, um, a differentiator, I think, in the market a little.

Um, cybersecurity I'm not a, you know, I'm not a cyber expert, um, and so leading an organization in this cyberspace, uh, is certainly incredibly exciting, incredibly dynamic, uh, and of course I came to Dekko for... about five years ago. Uh, initially as an investor, uh, into- into the cybersecurity space in Dekko. Uh, I have two fantastic, um, founders that I work with, who are very deeply technical, some of the best cybersecurity minds in the country.

Uh, and I certainly, um, was very captivated by the problem that they were looking to solve in the market, and so whilst I say that I'm not a cyber person, um, uh, I'm absolutely, um, a- a business person, and I love to solve problems for business. Uh, and so I was very attracted to the proposition, uh, and to, you know, to cybersecurity in generally, and- and how it was going to help us, uh, move into the future.

Garrett O'Hara: [00:03:25] Absolutely, do you think it's, uh, in some ways can be an advantage, actually, coming from a non-technical background, because it's something we talk about a lot on the podcast, and in general, is the... call it the disconnect, you know, between, "the business" and the technical side. Um, but having leadership, that actually, you know, fundamentally understands the business side, is probably a good... you know, it's maybe a good thing, right, in terms of kind of leading a- a security company?

Jacqui Nelson: [00:03:49] Oh, look, absolutely, and that's certainly the way I see it. Uh, and, uh, I think that's the way we see it internally. And, you know, the great thing is, and I think the important thing in every business is, to have a balance. You know, if your new business is stacked too heavily on one side or the other, you don't perhaps get, uh, a really organic and- and foregrounded view of the world, and perhaps the problems that you're solving. So, you know, at the beginning, uh, it used to worry me a little, that I didn't, um, maybe a- maybe sort of a tiny bit of imposter syndrome? Uh, certainly when I ran up a lo- uh, against a lot of technical, uh, speak and jargon, and we know that, um, you know, the cyberspace is full of, um, uh, of lots of acronyms. So, um, they were a little intimidating and overwhelming, uh, in the beginning.

But certainly once you get your head around those, you realize that, um, it's a very simple formula that happens the world over. You know, businesses have got problems to solve, uh, and our jobs as service providers, is to understand those problems and deliver solutions to them.

Uh, and so, yeah, uh, look, I'm- I'm- I'm unbelievably excited by the team that we have, uh, I think we have a- a really great balance of both technical, um, and business people, and, uh, and I think, yeah, we've been able to solve some problems because of that.

Garrett O'Hara: [00:05:06] Yeah, good stuff. And we met, uh, we met fe- a few years ago now, over at the RSA conference, there was a lunch at the Austrade delegation, I think we were sitting beside each other, and had a... I remember having a good old yarn, the two of us. And, uh, it was probably a little bit of a refuge, if I'm honest, from the- the absolutely circus of the conference floor at the- at the RSA conference, which was just, uh, for me it was overwhelming; it was just... you know, bells, lights, fing-fangs going off, magicians, and it was, um, yeah, a little bit too- too much for me.

But that whole Austrade, was, kind of, a little bit- bit of an oasis for a good coffee, good beers, and- and good company. Um. What was your experience, how did you find the conference over there?

Jacqui Nelson: [00:05:45] [Laughs], yeah, interestingly Garr, I think, uh, very, very similar to you. Uh, I had a very similar experience of that space. And of course, not being a cyber person, um, it was equally as overwhelming, if not more so for me, uh, looking at that space. I do remember at one stage, that was sort of when I was relatively, uh, new to the- to the space. Uh, and thankfully we did have, like you said, the refuge, uh, of Australia House, run by Austrade, um, and yes, there was beer and coffee.

But also, um, I think Austrade did a fantastic job at bringing a lot of, um, experts from the field into the house, where we could actually get, you know, a clearer idea of what was happening in the cyber landscape, without some of the noise. I think we were lucky enough to have Angus Taylor, who was then the Minister for Cyber there, weren't we? So it was a pretty impressive, um, cohort that were there.

Um, but yeah, I agree with you. I think at one stage, I remember thinking to myself, "Wow, maybe we should all just throw our, um, our laptops in the ocean and run for the hills?" Because, uh-

Garrett O'Hara: [00:06:43] [Laughs].

Jacqui Nelson: [00:06:43] I know there was a lot of, [laughs], there was a lot of talk then, um, about the threats coming down the line that we're obviously facing, uh, now. Um, so, yeah, it was, uh, it was that. And then I did go to the RSA in Singapore last year as well.

Garrett O'Hara: [00:06:58] Mm-hmm [affirmative].

Jacqui Nelson: [00:06:58] Um, and so, yeah, it- look, it's- it's an incredibly overwhelming space, but, um, yeah, lots- lots of problems to solve, I think, is- is what it's all about, [inaudible 00:07:07].

Garrett O'Hara: [00:07:08] Yeah, no, it absolutely is. And, you know, when you think about those problems, like, I mean, they're- the hype versus reality, I think, we all experience when we go to some of the- the conferences. Um, it- it sort of relates back to this idea of trust, and that's probably a bigger societal issue these days, right? With the- the sort of scrutiny of data, privacy, you see that in kind of local and global legislation, and, um-

Jacqui Nelson: [00:07:32] Mm-hmm [affirmative].

Garrett O'Hara: [00:07:32] There's this weird thing, where at the same time, we're seeing citizens, really, just giving away this huge amount of personal information on things like, um, you know, TikTok, is in the news at the moment, and Facebook's been in the news for as long as Facebook's been around, it feels like.

How do you, kind of, square away those two mindsets? Because it seems like there's two different this going on there, and they're kind of in conflict?

Jacqui Nelson: [00:07:52] Yeah, look, it's- it's really interesting, isn't it? And I think, uh, this week you will have, you know, you will be, uh, across this as well. I've been listening to the new, uh, AustCyber podcast this morning, um, with the release of the Australia Digital Trust Report. Uh, and it's really interesting that, you know, trust in the digital space is really starting to come through.

And you're absolutely right, you know, the piece around privacy is- is really very conflicting. Uh, and I spend a lot of time thinking about is as we all do. You know, as everything happens, especially in COVID times. We're on line more and more, and, you know, we're forced into a situation where quite often, the only way to interface, and maybe connect and communicate, uh, is through some of these social channels. And yeah, we are giving a lot away.

Um, I... sometimes I think it's, we don't know what we don't know in a lot of instances.

Garrett O'Hara: [00:08:40] Mm-hmm [affirmative].

Jacqui Nelson: [00:08:41] So I think, starting to see, um, organizations and governments start to talk about, um, this- this piece around digital trust. I think there's been a lot of apathy, and a lot of misunderstanding, uh, amongst consumers. They actually don't know what they're giving away. You know?

Garrett O'Hara: [00:08:56] Mm-hmm [affirmative].

Jacqui Nelson: [00:08:57] Uh, it doesn't seem... da- data doesn't necessarily seem real and tangible, and, uh, yeah, we do- we do give it away. Uh, and you know, I- I speak to people of all ilks, obviously, you know, starting with my own children, trying to, um, make them aware of- of what their digital fee- footprint looks like, or, you know, the data they give away.

And then I speak to people that, uh, you know, that are lawyers, you know. I was speaking to an MNA lawyer the other day, uh, and we were talking, sort of, more broadly about, um, privacy and trust, and security on line. And he said to me, "Oh, privacy online; I actually gave up worrying about that years ago." Um, and you know, it's- it's- it's really interesting, and I think that's- I think that's how a lot of people feel. I think it's, they don't know how to manage it, uh, and so it's just kind of, they throw it to the wind.

But yeah, there's- there's certainly a huge price to pay for giving our privacy online away too easily.

Garrett O'Hara: [00:09:52] And it, you're... I think you're spot on, because it feels like fatigue, and death by a thousand cuts. And-

Jacqui Nelson: [00:09:57] Mm-hmm [affirmative].

Garrett O'Hara: [00:09:58] ... it, but you know, two, kind of, sort of, funny examples; the first one, um, so, like I have a- an account with Amazon, Kindle, um, that I share with my wife, who I am positive is not into romance novels. Um-

Jacqui Nelson: [00:10:10] [Laughs].

Garrett O'Hara: [00:10:10] ... and I take it as a good sign that, um, the account is in my name. Um, but I take it as a really good sign that my digital footprint is small enough, because the recommendations come through for me, and they're always these weird, you know, paranormal romance novels, or, you know, Mills & Boons. And I'm pretty, you know, it's- it's not really... I think- I think, you know, I've got a pretty broad interest, but definitely not that.

And the other example was actually buying, um, some home office stuff a couple of days ago, at Harvey Norman. And the person at the- the till, asked me for my phone number for the receipt, and I was like, "That's okay, no, I'll just take a- a printed receipt." And there was a look of like, "What? Why- why wouldn't you just give me your phone number?"

You know, and it- it just feels like everywhere you turn, there's a-

Jacqui Nelson: [00:10:49] Mm-hmm [affirmative].

Garrett O'Hara: [00:10:49] ... a request for personal information. So, yeah, I totally agree with you on the, um, the fatigue. And you- you actually wrote, um, a piece on transparency and traceability, and you did that earlier this month, so earlier in July. And in there, there was a line that actually jumped out at me, uh, which I- I have printed out here in front of me, and it was; the evalu- the evaluation process should not be limited to whether this technology meets compliance criteria, it needs to consider the ethical discussion of, "Are we doing the right thing?" And at the moment there's-

Jacqui Nelson: [00:11:21] Mm-hmm [affirmative].

Garrett O'Hara: [00:11:21] ... this kind of backdrop of global change that's happening, we see that across lots of different social movements. Do you see doing the right thing becoming a competitive differentiator? Probably a starting point.

And then, do you eventually see it become table stakes?

Jacqui Nelson: [00:11:36] Yeah, absolutely Garr, absolutely. You know, um, you know, trust is paramount. Trust is paramount, not just in the digital space, it's paramount in every, you know, every section of our lives. Uh, and I think we've actually not understood, um, you know, how important it is in- in... how important trust is in the digital space.

Um, you know, and the part that I spoke about was, um, that you- you're exactly right, you know, compliance and regulation, that's all part of it. But companies need to take responsibility, and they need to make sure that they check themselves along the way, and inherently do everything that is trustworthy. And, you know, if you are... if you're, uh, company is all about, um, mining people's data, uh, to sell, uh, and to monetize, fine, but you've got to be upfront about it, it's got to be front and center. Because, you know, too often we find that, you know, we go down rabbit holes, and we have no idea what the cost is.

And, you know, there is a certain amount of caveat inbuilt by the web, but you're right, uh, we've got fatigue, the world's moving quickly, uh, and we have to- we have to demand from our organizations that they're completely upfront and transparent about what they intend to do with our data. Uh, and you know, it's the- the- whole freemium model. You know, people just-

Garrett O'Hara: [00:12:53] Mm-hmm [affirmative].

Jacqui Nelson: [00:12:53] ... I really don't think, understand that, if something is given to you digitally for free, it's because you and your data are the product. Um, and, you know, even if we know that at a surface level, I don't think any of us really... it's just starting to sink in now. I think, uh, a lot of the work that government's doing around this is really important.

Uh, but I think we really need to digest that, and we need to sit with it. And we need to understand it. Um, but, you know, you know, just- just transparency. You know, be-

Garrett O'Hara: [00:13:22] Mm-hmm [affirmative].

Jacqui Nelson: [00:13:22] ... completely upfront, and honest about what your charter is as a company. I think that's- that's where it needs to begin, um, and if we do, we'll be doing well.

Garrett O'Hara: [00:13:31] Yeah, totally agree. And- and there really is some good movements, I think by, uh, many governments, including the Australian government around that, kind of, transparency. Um, and even you know, the notifiable data breach legislation, I would say is a good example of that, where, you know, it's- it's citizen centric, um, in a very useful way. And, um, yeah, sort of, hopefully, we see more of that.

And, you know, so with the sort of security, um, of applications, or platforms, there's this thing, we're kind of giving misleading information, for want of a better expression. It seems to be a dead end, but it does seem to happen quite a lot, where, kind of, people make a claim, and there's a lot of very smart people out there that are very hell bent on getting to the truth behind, you know, technology performance, or company motives, or if there's a- a breach for example. And how the comms are dealt with-

Jacqui Nelson: [00:14:18] Mm-hmm [affirmative].

Garrett O'Hara: [00:14:18] ... sometimes, are- are questionable. Um, why do you think it is that organizations persist in this- this idea of tr- trying to pull the wool over people's eyes when they get caught out? Like, what- what do you think is the... what's going on there?

Jacqui Nelson: [00:14:32] Mm-hmm [affirmative]. Yeah, it's really interesting, I mean, it's, um... what is really going on there? I don't know, I think it's a l- obviously a lack of true, um, of- of organizations not understanding their true value proposition. Um, perhaps it's about the leadership model in these organizations? Um, perhaps it's about, um, larger organizations being fractured and not being able to, um, to, you know, uh, to align on their corporate, social responsibilities. Uh, and like I said, their core value propositions.

You know, I know there's been, uh, especially, uh, around the video conferencing space, um, there's been a lot of, um, there's been a lot of press about organizations, um, you know, planning to do something, and then defending it online, and then actually saying, "No, sorry, we weren't."

Um, you know, we can give some of them the benefit of the doubt and say, you know, "Perhaps they misunderstood the terms and conditions?" But, um, in- in these times, that can't- that can no longer be a defense, we can't get away with that anymore. You know, and your right. Um, you know, uh, part of this- part of the digital environment and, um, and being open, um, to all sorts of platforms, is that we have people that are ready to call us out, um, and keep us accountable. And, you know, I- I couldn't welcome that more.

Uh, I think the more and more we have of that, the better it's going to be. Mm-hmm [affirmative].

Garrett O'Hara: [00:15:54] Yeah, and- and better- better for everybody, as you say. Um, yeah, it's funny, I often think about it, because I do think, like, is there a bias almost built into it? Because the- the ones we hear about, where organizations maybe don't communicate a breach in a, let's say, a useful way to their customers, or there's some version of, like, "Let's try and manage the truth." Um, and, you know, like, it probably points to a bigger problem globally, right, at the moment?

Jacqui Nelson: [00:16:19] Mm-hmm [affirmative].

Garrett O'Hara: [00:16:20] You know, they call it "post truth", uh, here. Um.

Jacqui Nelson: [00:16:22] Mm-hmm [affirmative].

Garrett O'Hara: [00:16:22] But I wonder, is there some sort of bias that kicks in there, where you really only end up hearing about the organizations that are caught out, and then I... like, what worries me sometimes is, there are a bunch of- bunch of companies that make claims, or, uh, you know, something bad happens, but we don't know about it because they, uh, they manage to kind of get away with it. I don't know.

Jacqui Nelson: [00:16:41] Yeah. They manage just, you know, yeah, yeah. Look, and it's, you know, it's really interesting. Um, yeah, you know, I mean we have to start asking- asking deeper questions of our organizations that we engage with, you know. Um, yeah, it's- it's a... it's- it's a tricky time, it's a tricky world to navigate in terms of that. But, you know, trust is absolutely important. It's- it's the- the- the pillar of security. You know. We have to be able to, um, because... I think also because, um, you know, the area of cybersecurity can actually seem mystical for so many people.

Garrett O'Hara: [00:17:15] Yeah.

Jacqui Nelson: [00:17:15] You know, I think it's- I think it's been slightly demystified now, and I think there's more plain business language being used around it, which is fantastic. Uh, I think, you know, 10 years ago, uh, if you were at a- a barbecue, and you said to somebody that you worked in cybersecurity, you know, you'd find them kicking the dirt, and looking at their toes, and excusing themselves to go to the bathroom, almost-

Garrett O'Hara: [00:17:36] [Laughs].

Jacqui Nelson: [00:17:36] ... like you said you worked for the tax department, you know. Uh, but I think now, um, you know, it's a very different environment, and people do understand what it's about. And I think, um, it's really important that we normalize the language around cybersecurity.

Garrett O'Hara: [00:17:50] Yeah.

Jacqui Nelson: [00:17:50] So that people actually know which questions to ask of the organizations that they think are there to protect them. Uh, and I find it, um, I find one of those areas that we come up against a lot, we obviously, um, are an end-to-end encrypted platform, um, and we all know that encryption is one of those words that has 15,000 different interpretations of it, depending on the way you put the words together.

Um, and, you know, and I talk to organizations that might actually believe they're secure, because somewhere, uh, in a piece of paper they read, it said that data's encrypted. Um, but it's actually about knowing enough, you don't have to be an expert sitting on the board, um, you know, to be able to talk about curves and encryption and all of that, you know, all of that deeply technical stuff. But understanding what those things mean to you, and the differences between what encryption might mean, or what end-to-end encryption might mean.

What end point security wh- might mean, what... you know, the different type of firewalls are, uh, so I think- I think it's up to organizations to actually speak, uh, in plain, clear language, um, when we're- when we're marketing and talking about our products. So customers are better, um, placed to ask relevant questions about the solutions we're delivering.

Garrett O'Hara: [00:19:11] So, I cannot agree with you more, um, on that one. And, like, my perception of it is as an industry... look, you're right actually, it does feel like a mystical world. And- and I'll be honest with you, I've been doing this a little while, there's parts of it that still feel like that to me. Um.

Jacqui Nelson: [00:19:25] Mm-hmm [affirmative].

Garrett O'Hara: [00:19:26] You know, as- as part of the research for this I, uh, I was looking at your end-to-end, uh, encryption and the stuff that you guys are doing, and just some of the stuff about elliptical curve encryption, and I happen to be going through CISSP training at the moment, so it was on my radar anyway.

And I, you know, I'm, "Okay, this is a perfect opportunity to maybe understand this better?" I couldn't get into it; it was just impenetrably complex. And-

Jacqui Nelson: [00:19:48] Mm-hmm [affirmative].

Garrett O'Hara: [00:19:48] ... I- I... look, I- I know enough to know what- what it means, and how good that is as an encryption methodology, but it's actually... like, understanding the mathematics behind it, and how it actually works, I don't have four years to go off and study maths at that level so, you know, I... back to your original comment, or- or one of the comments you made is, you know, that idea, that trust is paramount.

That's where it comes in, it's- it's knowing enough to know that the experts here, um, you know, the tech team in- in Dekko for example, understand encryption in a meaningful way, and when they say end-to-end, it's not an interpretation of that statement, it's actually end-to-end. What does that mean for a business user? And so I-

Jacqui Nelson: [00:20:27] That's right.

Garrett O'Hara: [00:20:28] ... cannot agree with you more, um. And I think part of our job sometimes, is that thing where, we- we dist- demystify up, if that makes sense? So, you, you know-

Jacqui Nelson: [00:20:37] Mm-hmm [affirmative].

Garrett O'Hara: [00:20:37] ... each layer, hopefully, tries to sort of straddle their, uh, below, and they kind of, not simplify, but I- I think your word is better, normalize the language.

Jacqui Nelson: [00:20:46] Mm-hmm [affirmative].

Garrett O'Hara: [00:20:46] And ultimately get to; what are the business outcomes? What are the impacts in the real world? Um, so yeah. A little bit of a rant there, but I... it's one of those things that I- I think you- you sort of touched the hot button for me, in terms of, just the complexity of the language that, uh, we often use, unfortunately. On-

Jacqui Nelson: [00:21:00] Yeah, absolutely.

Garrett O'Hara: [00:21:03] Uh, a little while ago, I spoke to, uh, Dr. Cate Jerram out of University of Adelaide, and back then we were talking about the- the pressure to grow, to innovate quickly, and-

Jacqui Nelson: [00:21:12] Mm-hmm [affirmative].

Garrett O'Hara: [00:21:13] ... how sometimes that can outrank the pressure to do things securely by design, and one of the things that, uh, Dr. Cate mentioned, was that sometimes investors, or VCs now look at the security of an organization, potentially back way, if there's a perception of risk there, because the, you know, the cybersecurity side of things haven't been done well, or well enough.

Um, your CEO for an organization in cyber, so perfect person to ask; what are your thoughts on that whole pressure to do the right thing when it comes to the conflict then, with the pressure to grow?

Jacqui Nelson: [00:21:44] Yeah, absolutely. Look, and a really great question. It's probably not a question, um, that I can ask from a completely subjective point of view. Uh, [laughs], and that's purely because of the nature of our organization. Uh, if you know anything about, you know, if you just need to know one thing about Dekko, Dekko is actually about, um, technologies that are secure by design.

So, everything that we do, um, comes from the value and the principle, uh, about building technologies that are absolutely secure by design, um, and- and that is our core value proposition. So, um, for us to go and innovate on top of that, um, is absolutely a no-brainer for us. But, you know, um-

Garrett O'Hara: [00:22:24] Yeah.

Jacqui Nelson: [00:22:25] ... and- and to that point, part of my, um, mantra that I feel is really important, is that, um, Australian, uh, organizations actually need... that are- are building new technologies, actually need to consider security first. And I think if we... and I think that will happen, you know, globally. We see lots of organizations thinking like that now.

Um, but certainly, you know, if you don't... if security isn't your- isn't your mantra, uh, and then you look to build things on top of it, it's a real challenge. You know, and I think it is about, um, it is about that mysticism, uh, and I think, you know, I did actually listen to Cate, and I agree with her and an enormous amount of what she said, um, it's the other side that's really difficult for organizations to balance.

It's... security is one thing but we've actually got to have usability, and we've got to be able to get things done, um, in- in businesses. You know, we forget that, um, you know, human interaction with technology is still the most important thing, uh, and if humans don't interact with it, um, then, you know, it's completely and utterly worthless, uh, and everything is academic.

So, for organizations to try and find the balance between usability, taking people along the ride, and security, uh, is certainly not an easy thing to solve for. Uh, and I think Cate, actually, uh, touched on this when she said, uh, "That's why it makes sense that, uh, that technologies have to be secure by design, uh, to really be able to integrate into organizations."

Garrett O'Hara: [00:23:58] Yep, absolutely. And-

Jacqui Nelson: [00:24:00] Mm-hmm [affirmative].

Garrett O'Hara: [00:24:02] ... we- we're going through a pretty interesting time at the moment with COVID-19 and, you know, obviously a lot of businesses are, sort of, everything strategy, but also the technologies, and the platforms, and the- the way they service their, I suppose, their missions, and- and what they're looking for as business outcomes. What are- what are you and the team there seeing, um, as Australians come to term, and Australian businesses, come to term with this kind of new reality that we're now living in?

Jacqui Nelson: [00:24:28] Yeah. I think one of the, um, the thing that, uh, that I find with the organizations that we work with, uh, and certainly ones that we'd interfaced with, um, you know, uh, initially, and now we're actually having deeper conversations. I think this whole transition to working remotely, uh, cau- caught a lot of us unaware. Um, and you know, it- it comes back to, um, you know, big organizations especially, and even smaller ones are getting much, uh, better at actually making sure they're secure. Um, you know, internally, you know, we're great with firewalls, email filtering, all of that kind of stuff, uh, and when we're working internally on our networks, um, we- we're generally very, very secure.

Um, but I think what caught a lot of people unaware, was suddenly we had this, you know, remote workforce that couldn't always necessarily or easily, um, access the complex IT infrastructure that was keeping them safe. Uh, and so that caused a, you know, a lot of pain and some vulnerabilities.

Uh, so I guess being able to- to access technologies that, um, that are secure, that allow you to work externally quickly, and remotely, uh, has been something where we've seen, uh, an enormous amount of interest in the market. Um, yeah, so, yeah. I- I think, yeah, the- the whole remote piece has, you know, um, been challenging on so many levels, but- but certainly when it comes to- to managing the cyber posture, it- it's been challenging, yeah.

Garrett O'Hara: [00:25:53] So, Dekko just launched DekkoLYNX, and that's actually a military grade video conferencing solution. Um, and actually does true end-to-end encryption, and by that I mean the- the version of end-to-end that the security industry would understand by that term, rather than a loose interpretation of that. Um. Was that a- a kind of timely coincidence? Given everybody's kind of moving to this remote collaboration, um, you know, as the new norm. Was that, for Dekko, was that a coincidence, or were you guys planning that anyway?

Jacqui Nelson: [00:26:22] Yeah. So, look, we were absolutely planning it anyway, it wasn't, um, it wasn't in- it wasn't entirely coincidental. Uh, so, you know, Dekko Secure, obviously, our charter is around helping organizations, and we work with, uh, with government organizations, particularly in the law enforcement space. Uh, who very often had to rely on the manual transmission of highly sensitive documentation. Now, they've had to do that for a number of reasons, uh, some of it is around, you know, complex work flows, uh, and then, um, you know, a combination of technology risks, um, and some human risks associated, uh, with moving things man-, um, you know, digitally.

So, um, moving across to our platform has allowed organizations to be able to collaborate externally with really... on highly sensitive and confidential information. You know, our platform is not, um, for all sorts of information in terms of the- the- the collaboration tool, um, but as we moved to COVID, uh, we- we'd already worked to move a lot of these, um, these complex work flows across to a digital environment. Um, and then as we moved to COVID, we very quickly found, um, that communication that would normally happen in a boardroom, um, or where, you know, um, a law enforcement officer might visit a judge in person, um, that could actually no longer happen, and so there was, um, there was some- some concern about how they were actually going to manage that internally.

Obviously, being an external collaboration platform, uh, we- we have the capability, it's always been on our roadmap to add video conferencing, uh, to our platform at some stage. Uh, and so there was certainly a drive from government organizations, um, for us to be able to help solve that. Uh, so yes, it was- it was something that we probably, um, we might have done over the next 12 months, uh, but it was certainly, um, it was certainly something that we were able to execute, and we have, um, and yeah, it... look, it's- it's solving a real problem, you know, being able to allow, um, people to communicate wherever they are, remotely, with true end-to-end encryption in the web browser, without an- having to rely on complex infrastructure, uh, has certainly, um, has certainly helped solve some problems around secure comms channels, which is great.

Garrett O'Hara: [00:28:45] It- it is great, and you raise an interesting point about the types of communication, and I think the mental association to how secure they are. And, like, if I'm honest, and I work in cybersecurity, the VC thing, you know, video conferencing, never really was on my radar as far as something I'd need to worry about being secure. Um, and I- I probably shouldn't say that on a podcast about cybersecurity, [laughs], but there you go.

Jacqui Nelson: [00:29:09] No, that's fair enough.

Garrett O'Hara: [00:29:10] Um, just being honest.

Jacqui Nelson: [00:29:10] Fair enough, yeah.

Garrett O'Hara: [00:29:11] Um, yeah, but like, I- if I think about email, you know, I'm- I'm conscious of that, I want that to be secure, phone calls, I feel like they're secure, unless the NSA has my phone bugged or something like that, which I'm pretty sure they- they don't. Um, but it- it is, you know, it's a little bit funny how, depending on the communication mode, it feels like there's just a really different level of- of sensitivity around the security. Um, do you- do you think people are accurate in that? Is there any kind of, uh, you know, any comments you might have about, m- maybe what people should think about when they're communicating and the modes they use, and- and maybe the types of meetings, you mentioned boards? I mean, that's highly confidential stuff, that I wonder sometimes, like, how many boards meet on, you know, potentially insecure platforms, and don't think about it.

Jacqui Nelson: [00:29:59] Absolutely, Garr, and you know, I don't think you're alone in not- in not thinking about, um, video conferencing. I think two thirds of the world, maybe even more, thought exactly the same way as you. You know, we weren't in a situation, uh, where we had to have all our communications, uh, over video conferencing. You know, it might just be that we, you know, we spoke about the marketing plan, or we talked about, you know, bits and pieces in an organization that wasn't necessarily deemed to be sensitive, and if somebody might be listening, you know, big deal.

And in fact, I don't even think we ever thought about whether somebody might be listening. Um, but it was quite interesting, um, you know, as COVID hit, I don't know if you're- if you're even sure you'll remember that, um, you know, as schools and everybody transitioned across to this new, um, you know, this new quite stressful environment, um, Hamish Blake, who is, uh, the Australian comedian, uh, ran a little, um, uh, you know, a- a something on Instagram, a little play on Instagram, where he offered to pop up into Zoom meetings in the classroom at school?

So, my 14 year old son came home from school absolutely, thinking this was the best thing since sliced bread, that Hamish Blake... he could secretly send Hamish Blake a link to his maths class, uh, and Hamish Blake would pop in uninvited, and unannounced, and completely disrupt a year nine boys maths class. And, you know, everybody roared with laughter, and it was, you know, it was- it was probably a little bit of light relief that everybody needed, um.

Garrett O'Hara: [00:31:27] Yeah,

Jacqui Nelson: [00:31:27] But, you know, it started a much bigger and deeper question and conversation around, and I think that's where we all started to go, "Oh, okay. This could be pretty damn serious." So someone can pop in unannounced and uninvited, so we're talking about not having to authorize, or authenticate people, um, into our systems. Uh, and then you start to dig a bit deeper, and you think, "Well, what's actually happening at the media server? What's happening where eyes can't actually see what's going on?"

Uh, and I think when those things started to come to the fore, certainly around sensitive conversations, you know, um, we really, really needed to stop and think. And I think we saw, um, a- a- a move from, um, some of the organizations in this country that, um, have very sensitive and security conscious information, um, become acutely aware of that risk. Um, and immediately move away from unsecured platforms.

Um, you know, not saying that there are a lot of unsecured platforms out there, you know, it's sometimes just a different way to do things. Uh, and so our charter was, to allow, um, those totally secure meetings to happen, um, in a situation, in a web browser, where we may need to do things on the fly, and we need to discuss them sensitively and quickly. So, yeah, that- that was the, that was the impetus for it.

Garrett O'Hara: [00:32:47] Yeah, phenomenal. And you guys obviously, uh, Dekko's focus area is- is secure communications, um, and file sharing. I'm guessing you probably have some stories, or even idea of, like, what does it look like when it goes wrong?

Jacqui Nelson: [00:33:02] Yeah, for organizations?

Garrett O'Hara: [00:33:03] Yeah.

Jacqui Nelson: [00:33:03] When they send really, highly sensitive files to the wrong person accidentally?

Garrett O'Hara: [00:33:08] Yeah. [Laughs].

Jacqui Nelson: [00:33:08] Yeah, what does that look like? [Laughs], that looks like sleepless nights, maybe millions of dollars in lost, um, fees. Uh, interestingly, you know, there's a lot of war stories, um, that come and- and, uh, we actually had a situation recently, we're talking to a construction company, um, one of the largest construction companies, uh, in this country, who actually became acutely aware, um, that they were having a breach of some of their most sensitive information. Um, uh, and it was happening inside their IT department.

Um, you know, where we've got things where thing... when- when we've got open lines internally, where things, highly sensitive documents, are actually not encrypted, and they're allowed to flow through normal channels. Um, we just don't know what's being intercepted, and what's being... what, from- from where, and who may being compromised, to share information.

Um, and so there's a lot of those conversations that go on, uh, and sometimes organizations find out too late, that this-

Garrett O'Hara: [00:34:12] Mm-hmm [affirmative].

Jacqui Nelson: [00:34:12] ... has actually been going on, when it's cost them millions of dollars, uh, or when they've lost something, you know, really valuable, and they end up having to report a data breach, and we know that that can have dire consequences, especially for smaller organizations in this country. Uh, so there's, you know, there's a lot of stuff going on that- that people actually, unfortunately, only find out about accidentally. Yeah.

Garrett O'Hara: [00:34:36] Yeah, it is, it's kind of a horror show. Um.

Jacqui Nelson: [00:34:39] Mm-hmm [affirmative].

Garrett O'Hara: [00:34:40] But, so, do you see at this stage, kind of buy-in at a senior level, um, for the security of files, security of communications? Um, you know, it almost goes back to where we opened, you know, the- the business versus the technical, and, you know, the... I suppose the raising of the, um, importance of cybersecurity, and good sort of data hygiene, and data protection.

It feels like that's shifted? It feels like there's something going on in the zeitgeist, where, you know, we're seeing the- the PM make announcements about massive cyber attacks. It's- it feels likes people are really struggling to, uh, understand this more broadly in the community. Are you seeing that? Is there good buy-in now from senior execs in organizations?

Jacqui Nelson: [00:35:20] Most definitely. Most definitely.

Garrett O'Hara: [00:35:22] Okay.

Jacqui Nelson: [00:35:22] I think we're seeing, um, we're seeing a very big shift in the way, um, organizations... I think there's always been this perception, uh, and I know I'm not the first person to say it, um, is that, you know, security belongs to the IT department, and nobody really knows what the IT department does, but we actually trust that they know what they're doing, and they do the right thing.

Um, and that's great, but now I think what's happening is, the IT department's communicating very, very clearly, with the board, um, about the inherent risks in their systems, and the board's actually listening. Um, and, uh, there seems to be good two-way ownership of the problem, um, and solving it, and, you know, obviously that's the only way this is ever going to be solved, you know, it needs to be a collaborative, um, process inside organizations.

Um, I certainly see that, you know, we see, um, government organizations being incredibly concerned and proactive. Uh, and you know, some of them have got really, um, they've got legacy systems, um, but they are very, very proactively looking at ways to retrofit, um, those systems. Uh, or rebuild them, and fix them. And, you know, uh, the- what the... you know, Dekko secure, we play a very small role in that. You know, we don't... we certainly don't go in and solve, um, all of the government, or an organization's problems, we only solve a very small channel, and that's very often just around the highly sensitive and confidential communication channels.

Um, but it's just so encouraging now, when we are, uh, talking to organizations about that, there's a much bigger piece at play, and they are taking the whole thing, very, very seriously. So, I think we will get there, and you're right, and I think it's governments talking about it. And I think it's back to demystifying the language around it again.

Um, around boards actually knowing what, um, you know, knowing what the CISO's actually communicating to them. Um, understanding, because there's- there's more awareness of- of it in the broader community. So, yeah, I think it's... I think we'll- we'll get there. There's a long way to go, there's a lot of work to do, but, uh, I agree with you, it's certainly looking more and more encouraging, that's for sure.

Garrett O'Hara: [00:37:26] Well that's a- a fairly positive note to, I think, end on. And, um, yeah, like, I really just thank you so much for taking the- the time out. Um, obviously, as a CEO of a cybersecurity company, and- and given the launch of DekkoLYNX, um, pretty recently... this is what, two weeks ago I think? [crosstalk 00:37:42].

Jacqui Nelson: [00:37:42] Yeah, two weeks ago. Yes.

Garrett O'Hara: [00:37:44] Yeah.

Jacqui Nelson: [00:37:44] Absolutely, yeah. So it's, um, it's, a, it's early days, but it's exciting days and, um, uh, hopefully we can help some people solve some problems, which is what it's all about.

Garrett O'Hara: [00:37:55] Definitely, well, we'll include a... we'll include a couple of links actually, uh, obviously links to DekkoLYNX, and- and Dekko as a- as an organization in general. Um, and also the AustCyber podcast which, um, I'm pretty excited about. I think they do phenomenal work, so, um, yeah, very keen to support that.

But, um, Jacqui, thank you so much for taking the time, it's been an absolute pleasure, and- and great to see you again.

Jacqui Nelson: [00:38:18] No, it's my pleasure, thank you so much for having me Garr, it's been great to be here and chat with you as always.

Garrett O'Hara: [00:38:28] And thanks again to Jacqui for the insights, and for her time.

We'll include a link to the AustCyber podcast Jacqui mentioned in the show notes. And we'll include links on Dekko, obviously, and the new DekkoLYNX VC, or video conferencing platform.

As always, thank you for listening to the Get Cyber Resilient podcast. We have a growing back catalog of episodes, so have a listen to those. Subscribe, like, share, hire a sky-writer if you want to, but let us know of people you want interviewed, or topics that you want us to cover.

Keep safe, and I look forward to catching you on the next episode.


Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara