South Australia taps public sector veteran for new CISO role

David Goodman appointed SA chief information security officer

David Goodman has been appointed South Australia’s first chief information security officer.

The state government created the whole-of-government CISO position earlier this year.

“The position of chief information security officer was recently created to support the government of South Australia’s approach to cyber security and risk assurance in the broader context of modernising the public sector,” a spokesperson for the Department of the Premier and Cabinet (DPC) told Computerworld in February.

Prior to his appointment as SA CISO, Goodman had been acting as director of cyber security and risk assurance at DPC. He joined DPC in February last year as senior manager, cyber security and risk, coming to the department after a six-year stint as senior ICT security manager at SA health.

“His extensive experience in the field includes designing and implementing a number of ICT security functions that have delivered significant improvements across organisations,” a spokesperson for DPC’s Office for Customer, ICT and Digital Transformation told Computerworld.

The security chief will report to the office’s executive director.

Goodman will head up DPC’s Cyber Security and Risk Assurance team. The CISO has been tasked with developing a cross-government information security strategy for SA as well as leading the development of a Centre of Excellence for Cyber Security service provision for government agencies.

Last month the New South Wales government appointed Dr Maria Milosavljevic to the newly created role of government chief information security officer (GCISO).

Before becoming the state’s first CISO, Milosavljevic was the chief innovation officer at AUSTRAC — the federal government organisation charged with fighting money laundering and terrorism financing. Milosavljevic was also AUSTRAC’s CISO.

The federal government earlier this month released the first annual update to its national cyber security strategy.