Alumni and Supporters

Bachelor of Science (Computer Science) Honours (2004)

Doctor of Philosophy (Security Science) (2008)

In the early 2000’s, Dr Kevin Sahba was awarded a scholarship to undertake a PhD with the Electron Science Research Institute at ECU. His doctoral research and development focussed on motionless laser radar. After completing his PhD, Kevin shifted into security consulting. 

“My background was always in IT given my undergraduate degree in computer science. So, with cyber security becoming a prevalent industry over the years, I came full circle and went back to my roots by increasingly providing cyber security consulting as part of a wider and holistic security risk management approach to projects in the built environment.” 

Kevin is currently an Associate Director and leads the Security, Risk Management and Information Resilience consulting practice across Australia and New Zealand as part of the specialist Technology Systems division at WSP, one of the world's largest engineering consulting firms.

Kevin’s team is responsible for providing comprehensive physical and information security risk management, design, governance and strategy services.

“Essentially, the philosophy we apply to our client projects is that a mature security program is decentralised and distributed––meaning security, like safety, is everybody’s responsibility during the planning, design and operational phase of a project.

We provide security assurance by demonstrating that appropriate cyber security policies, standards and controls have been implemented across design teams, business units and facility operators.”

With vast experience in improving the security, risk and resilience posture of organisations, Kevin has led the delivery of multiple advisory and technical consulting services based on industry and government security and risk frameworks.

These include: security risk, threat and vulnerability assessments; cyber security planning and assurance; and security risk workshops with government and private sector clients. Kevin specialises in the protection of operational technology (OT), cyber-physical systems, smart buildings and precincts. 

“Working in an engineering firm, the recent projects I’ve been involved in relate to industrial control systems in rail systems and protecting this national critical infrastructure from cyber security breaches.

We've worked on some major projects like Cross River Rail in Brisbane and Sydney Metro and have been fortunate enough to provide security assurance around critical rail networks and systems.” 

While technology is rapidly advancing, Kevin suggests avoiding looking at future trends in cyber security strictly through a technical lens. As everyday tasks are becoming more reliant on networked technology, he notes that cyber security underlies personal and business resilience and therefore cyber best practice should be common knowledge and applied as a community, not just by those working in the industry.

“Converged networks, cloud services, self-driving cars and artificial intelligence are potentially providing a wider attack surface and opportunity for new threat vectors, but the reality is that despite an evolving threat landscape, there are baseline security controls that you should have in place at work and home, regardless of your occupation.

While technical security controls can be deployed, human behaviour remains a challenging vulnerability that can be exploited.”

As a result, Kevin suggests the focus should be on cyber security awareness and training to build resilience. This involves ensuring security policies, plans and programs evolve over time to address the changing nature of the security landscape, including new technologies, new ways that threat actors are operating and better ways to involve employees in security risk management processes.