Transforming Cybersecurity Leadership in Critical Industries

Joel Earnshaw, Senior Manager, Cybersecurity, Perenti

Joel Earnshaw, Senior Manager, Cybersecurity, Perenti

In today’s rapidly evolving digital landscape, the role of cybersecurity leadership has undergone significant transformation. With over 18 years of experience spanning a variety of roles and sectors including Education, Resources, Emergency Services, and Mining Services; I’ve witnessed and navigated this continual evolution firsthand.

Leading a Global Cybersecurity Capability

At Perenti, I head up a global cybersecurity capability, which is both a privilege and a challenge. My remit spans five core pillars of cybersecurity: Policy and governance, Risk and compliance, Audit and assurance, Education and awareness, and Security Operations. In this capacity, I shape our Group’s cybersecurity strategy, champion multi-year, large-scale security programs of work, and develop robust governance frameworks and standards.

But what I find most rewarding about my role is the continuous opportunity to steer the design and implementation of new or improved security solutions in response to an ever-changing global threat landscape. Supported by an incredibly high-performing team and exceptional partners, we can effect wide-reaching positive change that enhances our holistic security capability maturity. This enables us, as a global enterprise, to tackle today's pervasive and dynamic cyber challenges while preparing for those of tomorrow. Despite the complexities of our work, our focus remains within one of those five core domains, ensuring alignment with both our broader security objectives and those of the organization.

Cybersecurity plays a key role in building trust with clients, partners, and shareholders alike, ultimately enhancing an organization’s reputation and operational resilience. It can no longer be viewed as merely a cost-centre, but instead is a core function that offers competitive advantage, and contributes to business growth

The Evolution of Cybersecurity Leadership in Critical Industries

Throughout my career, cybersecurity and the role of its leaders have evolved significantly. In years gone by, cybersecurity was often viewed as the “department of no,” a reactive function perceived as being at odds with business operations. But in today’s highly connected digital world, its role has transformed. The rapid advancement of technology, increased connectivity, mobility and the growing complexity of the global geopolitical landscape have all driven this shift.

Cybersecurity is now considered a strategic enabler rather than merely a support function to be kept in the darkest corners. Today’s cyber leaders are not just technical experts; they must possess strong business acumen, communication skills, and the ability to integrate cybersecurity into strategic decision-making. By translating cybersecurity risks into business benefits, we can help our organizations overcome such challenges while creating long-term value and sustainability.

Cybersecurity plays a key role in building trust with clients, partners, and shareholders alike, ultimately enhancing an organization’s reputation and operational resilience. It can no longer be viewed as merely a costcentre, but instead is a core function that offers competitive advantage, and contributes to business growth.

Aligning Cybersecurity with Board-Level Priorities

Aligning cybersecurity initiatives with board-level priorities can be delicate, particularly in industries where operational performance, health and safety, and financial risks take absolute precedence. Framing cybersecurity risk in business context, linking them to the organization’s strategic goals, and weighing them against other enterprise risk factors ensures appropriate risk management. Effective cyber governance benefits from a healthy tension between the Board and Management. This dynamic fosters innovation, sharpens strategy and enables risk-informed decisions.

While cybersecurity is vital, it’s not always the core business priority. Cyber leaders must remember this when building and presenting business cases. Messaging must resonate with the Board and Management—not just reflect technical risk mitigation. We must understand the wider business context and risk landscape, aligning cyber efforts to support strategic objectives. By quantifying value and ROI effectively, we shift the conversation and drive stronger management outcomes.

Embracing Emerging Technologies for Cyber Resilience

Looking to the future, I’m particularly excited about the potential of Augmented Reality (AR) in strengthening cyber resilience. While AI is often discussed in cybersecurity, I believe AR has the potential to transform the way we approach cybersecurity more tangibly across industry verticals. AR allows us to blend the physical and virtual worlds, providing opportunities for real-time situational awareness, enhanced threat detection, and more interactive, engaging training experiences.

As cyber threats evolve in sophistication and volume, it’s critical for organizations to harness cutting-edge technologies in an effort to keep pace with our adversaries. AR’s ability to offer real-time insights and interactive capabilities could revolutionize how we respond to emerging threats, representing a powerful tool for improving situational awareness, while enabling more rapid and effective response to incidents. With ongoing advancements in AI and AR-driven technologies, I’m fascinated by the endless possibilities that these technologies introduce for securing and interacting with our digital world.

Advice for Young Professionals in Cybersecurity

For young professionals looking to build successful careers in cybersecurity, my advice is simple: there is no singular pathway into cyber. Every career journey is unique, and that’s what makes the field so exciting. Cybersecurity can be challenging, and it requires personal and professional resilience. You’ll face moments of discomfort and failure, but it’s in those moments that you’ll truly grow and develop.

Curiosity is crucial in this field. Ask questions, actively listen, and don’t be afraid to back yourself. Build meaningful relationships, collaborate with others, and learn from your mistakes. Cybersecurity is a team effort; no success story is ever written in isolation. Always try to surround yourself with good people who will challenge and help you grow. And remember that by helping elevate others, we elevate ourselves. Together we rise.

Keep pushing forward, set ambitious goals, and celebrate the small wins. Don’t place limits on your potential or the potential of those around you. And remember that the path you take doesn’t have to follow a straight line. Finally, don’t hesitate to reach out to industry professionals for guidance, many of whom have been where you are right now, and the wisdom of experience can make a world of difference.

Conclusion

As the cybersecurity landscape continues to change, I am proud to contribute in some small way to our global security community. I strive to be at the forefront of cybersecurity thinking by continuing to challenge myself and those around me, helping to ensure that the people and organizations we represent endure and prosper in this complex interconnected world. By combining deep technical expertise with a keen understanding of business, fostering meaningful and collaborative relationships, and embracing an innovative mindset fueled by people, process, and technology, we can collectively create a more resilient cyber future.

For young professionals aspiring to enter the cybersecurity field or those at the very start of their career journeys, I hope that my story and shared insights serve as a source of inspiration for your success in this ever-evolving, critical profession.