Karen’s family emigrated from Sri Lanka to Canberra when she was three years old. After school, Karen’s first role was with the Defence Security Branch. She took to security instantly and was soon promoted to more senior roles and to other government agencies.
Karen has had an expansive career, charged with a range of security projects, from designing physical layouts of Centrelink offices to minimising the risk to staff from customers; from changing combination locks for the Prime Minister’s office when the Prime Minster at the time, Paul Keating, was walking around to liaising with agencies such as ASIO and Interpol for specialist security tasks.
“I loved working in security. It was so interesting as there were so many different scenarios and challenges to tackle every day.”
By the time ECU started marketing their brand new bachelor’s degree in security, Karen had been ‘securing’ seven Commonwealth agencies. Karen would have been one of the first directly qualified professionals in cyber security in Australia, having commenced her security degree in 1995 with the foresight to choose internet computing as a minor study followed by a Master’s degree in IT.
Karen said, “I studied these degrees because I wanted a qualification to cement my professionalism in the industry.”
During her last role in Canberra, Karen trained other agency security advisors at the Protective Security Coordination Centre (Attorney-General’s Department). Her work included taking students on field trips to the ASIO test site and the High Court to see security initiatives. This department allowed Karen to participate in working groups to set the government security policy through the Protective Security Manual, as well as establishing the very first Australian Government Security Vetting Service (AGSVA).
“I know I worked very hard but I was privileged to have undertaken so many personally enriching opportunities––particularly while working in Canberra, where significant political history was being written virtually every day.”
Not only was she working full-time and studying part-time, but she was also participating in six sports at a national level including the first Wallaroos Women’s Rugby Team––as well as being a reservist for the RAAF.
Eventually freezing Canberra winters and a love for the beach inspired Karen to move to Perth to complete her studies. At that time, Karen was living in the ECU student village in Mount Lawley and while security was not given much prominence in non-government organisations, the September 11 attack that unfolded before her and about 25 international students all living together, changed that almost immediately.
“This abrupt change in the world security landscape along with the rapid uptake of computers in the workplace, saw information and cyber security emerging as the new organisational priority.”
When Karen graduated from ECU, she was appointed into a new role of IT Security Manager for St John of God Health Care where she established both cyber security and continuity management frameworks.
“I remembered something I learnt while working with ASIO, which was coincidentally reinforced with ECU assignments. It was that you don’t just buy the fanciest lock, you make sure the lock you choose suits the risk.
"For example, going from a very secure organisation to a ‘free’ health care environment, my immediate reaction was that I would put an end to shared logins. However, visiting the hospitals and seeing how one computer was shared by many medical ward staff, it became obvious there could only be one login. So, we used other compensating controls.”
Karen took a similar role with Synergy and then joined the cyber security team with the WA Police Force. From Karen’s perspective, government, health care, critical infrastructure and policing intelligence are some of the main targets for cyber security adversaries, making the challenges to secure data and protect against cyber threats both very interesting and extremely important to get right.
“I mainly manage these projects with a distrust towards everything. I have seen and heard of many clever attacks that have been planned over many months and executed meticulously, with massive losses to organisations in both time and money.”
Karen is currently working with the Australian Bureau of Statistics providing cyber security advice to the Prime Minister’s Department on the Data Availability and Transparency Bill through ASD’s Information Security Registered Assessors Program (IRAP).