Tamara has provided technical writing services to a classified CASG project, through the development of a Security Governance Framework which includes a series of overarching program level security plans, procedures, and sustainment strategies, ensuring the articulation of command-and-control responsibilities for the security function within the broader organisation, including partner agencies and industry. Additionally, Tamara provides guidance to the project, ensuring product and design selection aligns with overarching security plans and strategies.  

Commencing with the organisation as the Associate Director Cyber Security, Tamara now leads the business's security practice and team, providing security guidance within the company, including developing and participating in the implementation of the business and Its clients’ initiatives focused on the reduction of risk. Additionally, Tamara engages with a broad range of stakeholders to identify and develop strategies to remediate identified areas of concern.

Tamara worked closely with key stakeholders to ensure Defences security and operational postures were not unduly compromised through ineffective access management procedures and policies. This required Tamara to undertake a strategic view of the operating environment, and in doing so, drove the realignment of several remedial activities, including technology configurations and procedural practices to support Defences broader security objectives. 

Accomplishments: 

• Realignment of Active Directory security policies for 52 of the 56 Active Directory structures under the Central Processing contract. 
• Remediation and reduction of high risk (T0) permissions assigned (directly or indirectly) to human attributable and service accounts, in preparation for onboarding into CyberArk. 
• Implementation of streamlined RBAC process to ascertain the requirements of each capability’s sustainment requirements, focusing on least privileged, contractual deconfliction and Commonwealth risk acceptance for non-compliance. 

Tamara primarily focused on assisting stakeholders to realign the poor practices and legacy behaviors, often considered ‘too hard’ to resolve on a large scale. Tamara thrived in tackling each challenge, using a collaborative and diplomatic approach, ensuring each stakeholder had a voice that was heard. Tamara achieved endorsement from executive management to implement initiatives, which resulted in security and operational objectives being realized. 

Accomplishments: 

• ANAO Financial Statement Audit - Remediation and reduction of high risk (T0) permissions assigned (directly or indirectly) to human attributable accounts within the DRN. 
  
  • This was subsequently rolled out to the remaining PROD and Transformed TST Active Directories.  
  • Tamara ensured the Transformed DEV Active Directories were compelled to apply the structure and policy during build and provide evidence as a requirement to achieve TIS/TSR. 
• P: Drive Decommission – Decommission of extent temporary network transfer capabilities, often used as unapproved storage locations for corporate information, and to run systems, such as Access Databases. 
  
  • Remedial actions undertaken included heavy stakeholder management, including the identification of folder owners, followed by intensive engagement to identify their business requirements, and matching them with suitable alternatives, which often required accompanying members on an educational journey to understand the benefits of alternate solutions. 
• Outlook Public Folders – Remediation/Decommission of Outlooks Public Folders to ensure compliance with Defence Acceptable Use Policies. These folders had blown out from the original intent and had become a hotbed for inappropriate comments and posts, which did not align with the APS Code of Conduct or the Values of the Tri Services.
• Change Management – Implementation of ICTSB into the Change Management process, enabling greater visibility of changes occurring within the DIE, and there for assisting to close one of the loops utilised by stakeholders to circumvent ICTSB and Accreditation Authorities directions. 

The key focus of my position was to assist in the coordination, implementation, and delivery of Defence’s Patch Management capability, to ensure compliance with ASDs Top 4 Strategies to Mitigate Cyber Security Incidents.  

This position required continues engagement with various system managers and owners to negotiate on matters of compliance; including identifying issues of non-compliance and opportunities for alternative mitigation implementation to ensure operational and security risk is minimized.   

Accomplishments: 

• Patch Management – Tamara contributed to shaping the culture change associated with the introduction of monthly patching cycles by prime service providers, including the introduction of a Non-Compliance Process. Additionally, Tamara worked with the reporting team to setup easily accessible reporting capabilities. 
• Unapproved Software – Tamara conducted an intensive assessment of the core production domains, targeted at identifying software which was not authorised for use within the DIE, in particular various games and pirated software or media. The objective was the removal of these items from the DIE, with subsequent findings to be handled via formal investigative processes. 

The key focus of her position was to undertake stage 1 audits of various Defence systems, which included comprehensive review and risk assessment of the system security documentation, provided by system owners for seeking system accreditation.  

The key focus of the position was to assist technical teams to meet contractual service level requirements, this was undertaken through both the continuous monitoring of active and suspended tickets assigned to my teams’ queues within the service management toolsets, and proactive engagement with my technical teams. 

An additional responsibility was standing up and managing the Defence USB Approvals process, which involved reviewing individual business requests for connection of various USB devices to the Defence Networks, prior to making appropriate recommendations for or against the device connection. Additionally, Investigations were required to understand who had circumvented security policies to enable unauthorised devices to authenticate to the networks.