Afternoon Cyber Tea with Ann Johnson
Episode: The Power of Converged Security in a Connected World
Guest: Darren Kane, Chief Security Officer, NBN
Date: October 28, 2025

Episode Overview

This episode features Ann Johnson in conversation with Darren Kane, Chief Security Officer at NBN (Australia’s National Broadband Network). The discussion explores the concept of "converged security"—integrating cyber and physical security—and its critical role in protecting vast, critical infrastructure in an increasingly connected world. Kane shares insights drawn from his diverse background in law enforcement and corporate security, discussing challenges in modern cybersecurity, the influence of AI and automation, the rising importance of collaboration, organizational and human resilience, and the future of security leadership roles.

Key Discussion Points and Insights

Darren Kane’s Path to Converged Security Leadership

[02:17 – 06:37]

• Background and Motivation: Darren describes his journey from law enforcement (Australian Federal Police, ASIC) into corporate and cybersecurity roles, highlighting how transnational crime and an interest in technology’s role in crime prevention motivated his move.
  • “I could actually see that technology, applications, networks, platforms were supporting both IT and OT security risk controls…my ability to actually control or have authority about where and how that money was spent was incredibly limited because I was actually on the physical personnel side of the business.” (B, 05:14)
• Vision for Converged Security: Kane underscores the value of a holistic approach, combining cyber, physical, and personnel security for effective enterprise security risk management.
• Leadership Perspective: Centralized security leadership eliminates finger-pointing after incidents, enabling transparency and accountability:
  • “If we have a post incident response, for example, there is no finger pointing, they're just talking to me.” (B, 05:50)

Understanding NBN’s Unique Security Challenge

[06:37 – 09:40]

• What is NBN?: Kane explains NBN’s role as “the nation’s digital backbone,” connecting 10 million+ homes and businesses across Australia’s vast, sparsely-populated 7.7 million km².
• Scale and Importance: Maintaining security for 80% of the country’s data flow and nearly 400,000km of cable presents unique physical and digital security issues.
  • “Around 80% of the nation's data packets passes through our multi technology mixed network with fibre every day and we've got cable exceeding around about 390,000 kilometres, which is nearly 10 times around the world.” (B, 08:40)

Converging Physical and Cyber Security at Scale

[09:40 – 14:42]

• Integrated Approach: Kane explains why combining physical and logical security is critical in managing utilities like broadband.
  • “If I was only to look at one stream of security risk…you would be much better off having sole accountability for all three and managing the risk…because it would be more effective and more efficient.” (B, 11:09)
• Fusion Center Model: By integrating diverse data streams (personnel, access logs, surveillance, cyber data) into a fusion center, NBN gains real-time, comprehensive oversight—a necessity for resilience.
  • “If you can think of all the data feeds that I’m getting from all of the different streams…I actually have all of that feeding into our fusion center. And now with the assistance of machines…I get a valuable picture.” (B, 12:27)
• Memorable Moment: Megan Trainor quoted for humor and analogy—“it’s all about the data, no trouble.” (B, 14:15)

Mitigating Threats and Managing Critical Infrastructure

[14:42 – 18:12]

• Threat Landscape: NBN contends with nation-state adversaries, physical sabotage, undersea cable risks, and more.
• Risk-Based Prioritization: Kane details a tiered approach, prioritizing the most critical assets using likelihood and consequence frameworks, in close collaboration with government and vendors.
  • “I prioritize those assets, I look at what controls and capabilities I require to manage that and then this is where Microsoft and other vendors come into this process.” (B, 15:34)
• Vendor Relationships: Emphasizes trusted, collaborative partnerships with vendors and service providers as extension of the team—“I see them as people who are very, very important to me…” (B, 16:04)
• End-User Education: Stresses that security cannot rest with a central team alone—end users must also be engaged and informed.

Models for Effective Security Collaboration

[18:12 – 23:32]

• Legislative Frameworks: Australia’s Security of Critical Infrastructure (SOCi) reforms and frameworks like the Essential Eight, NIST, PSPF are seen as positive, practical standards increasing sector-wide maturity.
  • “If you like, a rising tide lifts all boats. There’s incredible dependency in this integrated world we live in…” (B, 22:43)
• Trusted Relationships: While regulatory models matter, what works is personal trust and collaboration among peers across sectors and organizations, including tech vendors.

AI and Automation: Risks and Transformative Opportunities

[23:32 – 27:56]

• Dual-Edged Sword: AI is rapidly reshaping both attacker tactics (phishing, automation) and defense (threat detection, incident response).
  • “AI is both a shield and a sword. It plays a dual edge sort of thing in our roles.” (B, 25:37)
• Positive, Practical Approach: Don’t fixate on AI’s risks at the expense of its benefits—use it to enhance detection, automate responses, and learn faster than adversaries.
  • “If we rely too much on the catastrophization or the downside of risks that AI might represent, I really do think we may miss the upside of the opportunity.” (B, 24:44)
• Data is Gold: AI depends on quality data and robust hygiene practices (classification, protection, access controls).

Organizational and Human Resilience

[28:18 – 34:13]

• Shift Left, Move Right: Proactive defense is key, but so is robust incident response and recovery planning.
  • “Nowadays we all must move right. We all must actually spend a large part of our…efforts around how are we going to respond and what have we got in place to ensure that response is the shortest period of time to recovery.” (B, 29:20)
• Critical Basics: Good cyber hygiene (passwords, updates, basic vigilance) and a security-first culture are foundation for resilience.
• Workforce Well-being: Kane addresses psychological fatigue in incident response teams and importance of pastoral care and work-life balance:
  • “The pastoral care of the team and helping them understand what their role is…is probably the most significant priority I have…” (B, 33:41)

The Evolving Security Leadership Role

[34:13 – 40:51]

• From CISO to CSO: Kane predicts the traditional 'Information Security' focus will expand to enterprise-wide Chief Security Officer roles:
  • “I’m the guy who says drop the I…The days of the CISO are slowly coming to an end…The role is so much bigger now than just information security.” (B, 34:49)
• Broader Business Skills: Future CSOs don't need deep technical backgrounds but should excel in leadership, collaboration, prioritization, and communication.
• Career Advice: Be confident, embrace breadth, "fake it until you make it," and don’t overly specialize early—enterprise security offers diverse, dynamic career paths.

Future Optimism in Cybersecurity

[41:18 – 43:13]

• People Power: Kane expresses optimism about the next generation’s talent and curiosity; security is a growth industry open to all.
  • “If folks can make it, folks can break it. And I’m optimistic about people making the difference. I’m optimistic about the future talent in our field…” (B, 41:18)
• Responsibility to Inspire: Calls for the sector to better promote opportunities to ‘Gen Next’ and bring in new, diverse talent.

Notable Quotes & Moments

• “Transnational organised crime is not siloed…because of my experience, I looked at it more holistically.” —Darren Kane [05:54]
• “Simply, the NBN CO is the nation’s digital backbone. It’s Australia’s largest critical infrastructure project.” —Darren Kane [08:35]
• "It’s all about the data, no trouble." —Darren Kane (with a nod to Meghan Trainor) [14:15]
• “AI is both a shield and a sword.” —Darren Kane [25:37]
• “The pastoral care of the team...is probably the most significant priority I have in managing the role I’ve got.” —Darren Kane [33:41]
• "I’m the guy who says drop the I. The days of the CISO are slowly coming to an end." —Darren Kane [34:49]
• “Don’t limit yourself to one particular capability or stream...make sure at the very start of your career you’ve got a broad scope and understanding of the size of opportunity enterprise security risk.” —Darren Kane [40:07]
• “There’s a reason why the windscreen is so large and the rear-view mirror is so small, because the world is telling you to look forward.” —Darren Kane [41:54]

Key Timestamps

• [02:17] Darren Kane’s career journey and transition to converged security
• [07:06] Overview of NBN and its national importance
• [10:31] Integrating physical and cyber security: the fusion center model
• [15:10] Managing large-scale infrastructure threats: prioritization and partnerships
• [18:49] Effective collaboration: national frameworks, trusted relationships
• [24:24] Practical approaches to AI, risk, and opportunity in defense
• [28:59] Organizational and human resilience: shift left/move right, team well-being
• [34:41] The evolving security leadership role and career advice
• [41:18] Why Darren Kane is optimistic about the future of cybersecurity

Summary Conclusion

This episode delivers a comprehensive look into the complexity and necessity of converged security, especially for critical infrastructure at national scale. Darren Kane’s insights clarify that integrating cyber and physical security, embracing emerging technologies sensibly, prioritizing collaboration, focusing on resilience, and nurturing talent are key to future readiness. His pragmatic advice and message of optimism for coming generations offer both actionable strategies and inspiration for security professionals and business leaders alike.