Matthew Mullins

Matthew Mullins

Vice President, Consulting Delivery


Superheroes have existed for as long as I can remember.

Growing up in the 70s and 80s I looked up to the likes of Superman and Spiderman – they were defenders of what’s right, kept us all on the right path, solved complex problems and handled amazing feats with ease.

Since then, our collective fascination with superheroes has only grown stronger. And if we want a perfect metaphor for the importance of collaboration, we need not look any further than Batman and Robin.

While Batman often sets the agenda, Robin plays a critical role in crime-fighting by bringing new approaches and a sense of balance to the situation. Batman is the thought leader and the enabler; Robin is the protector and the overseer of governance.

So, what does this all have to do with organisational security? Let me explain.

Tackling security in a complex landscape

In 2018, the Australian Government released The Cyber Security Strategy defining 11 industry sectors of national significance. As a result, industry bodies have since developed various security frameworks that enable participants to assess, evaluate and improve their cyber security capability and maturity.

For example, the AESCSF (Australian Energy Sector Cyber Security Framework) provides guidance for the Australian Energy Sector by drawing from the extensive variety of global cyber standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.) into a single relevant framework.

Now, while government agencies try to support participants with their efforts, for most organisations the security game involves complex and expensive strategies, projects and technologies. To add to this complexity, most organisations are being disrupted by digital transformation, which is constantly changing the environment they are trying to protect.

At CGI, our pedigree and experience has primarily been around helping clients transform, manage and deploy IT solutions – and more recently, secured IT systems. Security is a crucial criteria that needs to be met when thinking about future IT designs and capabilities.

The challenge that we've been facing both on the client side and the system integrator side is that, in many cases, IT and security haven’t fully converged operationally. So when we’re building out solutions for our clients, we not only have to provide security assurances around IT solutions, but we also have to take into consideration the client's maturity around where they are in the journey of merging these two functions. We also often have to integrate successfully with their security organisation.

Bringing all the working parts together requires focused and coordinated collaboration between the two functions of IT and security. Batman and Robin. The enabler and the protector.

Developing a healthy codependent relationship

IT and security groups are undoubtedly different and don’t always work together perfectly, but they do share a common objective of enabling an organisation to grow.

If we think of information technology as the hardware and software that support the operations of a business, then security is the business management tool that ensures the reliable and protected operations of IT. They are indeed codependent on each other.

So what does this mean for cybersecurity?

Digital transformation often sends organisations scrambling to address new security and risk challenges that are difficult, large in scale and continually evolving.

For example, many organisations have been quick to adopt the flexibility, scale and the capabilities that come with cloud solutions. But when an organisation’s data is no longer contained within the walls of its building, new risks emerge.

The key to addressing and mitigating these risks is bringing security and IT – Batman and Robin – together.

When I work with executives that are responsible for protecting the organisation from an IT infrastructure and data perspective, my focus is on connecting with their organisation as much as possible. I need to empathise and understand where they are in the journey so that we can match and mirror their maturity, be one step ahead, have a vision and pinpoint what my team needs to do to help bring these functions together. It’s about partnering with clients over time as they evolve their thinking, their understanding, and in turn their maturity.

Unpacking the issues to empower your Robin

Security audits are designed to test and evaluate risks of a business and provide strategies and recommendations to remediate them. While a security audit’s primary purpose is to determine compliance with regulations, it often exposes inadequate IT practices, limitations in technologies and inconsistencies in operational processes.

In other words, it can produce scary results for IT. But it’s an essential step in ensuring it has the capabilities to support the cybersecurity process: identification, detection, protection, response and recovery.

There are three key things that IT must do today to support security strategies, and those I will share with you in my next blog.

In the meantime, if you’re interested in playing the role of Batman or Robin with CGI, keep an eye on our careers page for upcoming roles.

On their own, Batman and Robin have their strengths. But together, they’re invincible.