News & Events calendar

September 04 2018

ISACA OceaniaCACS 2018

The ISACA OceaniaCACS 2018 conference, part of the series of conferences for IS audit and security professionals, takes place in Melbourne, Australia on 3rd and 4th September 2018.

BSMimpact’s Daniel Merriott has been asked to deliver his presentation “Where are the Cybersecurity skills?“.

The feedback from the attendees at Daniel’s “COBIT and SFIA as Organisational Design Tools” session at the EuroCACS event in Scotland in June ranked his presentation extremely highly, scoring significantly above average for all questions. So be sure to attend this session if you’re going to OceaniaCACS 2018.


  • Many organisations fail to deliver a comprehensive cybersecurity capability owing to skills gaps. In this session, you’ll explore how to define and assess the skills needed and manage the skills gap to build or enhance your cyber security capability.
  • Building on the extensive experience of using the SFIA and COBIT frameworks in organisational design, recent experience of using the NIST CSF, (and having mapped COBIT and the NIST CSF against SFIA), the session will be focused highlighting the transferable skills that can be deployed in cybersecurity and how they might be identified.

Supplementary info:

  • Achieving maturity in any capability requires understanding the skills required to plan, build, operate, monitor, and manage that capability. Leveraging existing recognised frameworks such as the NIST Cyber Security Framework (CSF) can be a great help to organisations seeking to develop a such a capability.
  • The NIST CSF provides a high-level guidance on an implementation approach that is very well complemented by resources such as ISACA’s “Implementing the NIST Cyber Security Framework”. However one of the major challenges remains how to define and assess the skills required to deliver the capability, and how to manage the skills-gap that inevitably exists.
  • SFIA (the Skills Framework for the Information Age) is an industry recognised framework that describes the skills needed by staff. SFIAv6 saw significant enhancements to the framework to address new cybersecurity skills and enhance existing skill descriptions with security responsibilities and it is expected that SFIAv7 will continue to further identify and support cybersecurity skills. SFIA describe skills in a way that facilitates both evaluation of the skills needed to deliver capabilities and the assessment of individual and team capability in a coherent way.

Bookings for the OceaniaCACS event in Melbourne are through the ISACA website. Daniel’s sesson with be on Tuesday 4 September.