NSW CISO Milosavljevic departs for federal DHS role

Dr Maria Milosavljevic, the NSW Government’s inaugural chief information security officer, is leaving the role to become the federal Department of Human Services’ chief data officer.

Milosavljevic sent an email to her Department of Finance, Services and Innovation (DFSI) colleagues this morning announcing her departure.

“Thank you for your collaboration over the years – we have covered a lot of ground and it’s great to reflect on the distance travelled,” she wrote.

Dr Maria Milosavljevic

“This would not have been possible without the groundswell of support both inside and outside of NSW Government. This role is all about relationships and I’ve enjoyed a great many new ones,” Milosavljevic added.

The NSW GCISO role will be filled by DFSI’s director of engagement and prevention Tony Chapman in an acting capacity until a replacement can be found.

Milosavljevic was appointed to the then newly created state government position in May 2017, joining from AUSTRAC, where she held the position of chief information security officer and chief innovation officer. Prior to joining AUSTRAC in 2015, Milosavljevic was the chief information officer at the Australian Crime Commission.

As head of the NSW government’s Office of the GCISO, Milosavljevic said her team had “achieved a lot in a short space of time”.

In September, her office launched the government’s first cyber security strategy, incorporating a$20 millionaction plan for training and awareness, cyber skills and career pathways. A new Cyber Security Policy will soon be launched, to replace NSW’s heavily criticised Digital Information Security Policy.

Milosavljevic and her office raised the levels of cyber governance across government, appointing deputy secretary-level ‘cyber risk owners’ from all clusters, and establishing a Cyber Security Advisory Council.

She laid down whole of government incident response plans, and ran a number drills to test how staff and management responded. A‘Passive Security Assessment’was also run to scan 3,257 web domains used by NSW Government agencies to uncover vulnerabilities.

Describing the work of the last two years, in a December blog post Milosavljevic said “Because it is rare for serious cyber threats to be limited specifically to one organisation, coordination is the key pre-requisite to effective cyber security. Cyber security conducted in a siloed, agency by agency manner only increases the problem because the opportunity is lost for others to quickly pre-empt and avoid emerging threats.”

Milosavljevic remains the only female to have served as a government GCISO anywhere in Australia. Not long into the role, she hired four women into the cyber team.

Milosavljevic and her cyber team

“I figured we were probably unique globally. And completely unplanned of course,” she told CIO Australia in September.

In the same interview she described herself as someone attracted to solving complex challenges (during her academic career she developed the first AI-generated adaptive website in the world) and ones where she can break new ground, set the vision and collaborate with others.

“I’m very strategic and collaborative. I’m not a maintainer. I’m an innovator and entrepreneurial perhaps,”she said. “A lot of what you do is through influence and through diplomacy. It’s not like you are working to build tech capability in one organisation and basically someone in the organisation makes it so. Instead, you are collaborating. A lot of it has much more to do with influence than laying down the law.”

Milosavljevic will be taking a short period of leave before commencing at the Department of Human Services at the end of the month.