From Helpdesk to Cyber Leader: Doran Dorotheau's Career Journey

1. Can you share the story of how you first got into cybersecurity, and what drew you to this field?

My entry into cybersecurity has been anything but conventional. What drew me to the field was a deep curiosity about the architecture of digital systems and the ever-evolving nature of cyber threats.

Early in my career, I gained diverse experience across sales, consulting, and technical support roles within both MSPs and the non-profit sector. In 2015, I joined Arup’s helpdesk team and quickly progressed into infrastructure and data centre operations. This trajectory led to my involvement as a founding member of Arup’s Computer Security Incident Response Team (CSIRT), now known as the Security Operations Centre (SOC).

Exposure to incident response and threat management sparked a deeper interest in me which led to being awarded a Cisco scholarship, earning the CCNA Cybersecurity Operations certification in 2018. In 2019, I transitioned into a senior role within Arup’s global cybersecurity team, where I now contribute to the strategic development of our identity security framework, helping safeguard Arup’s digital perimeter across its global operations.

2. Looking back, what has surprised you most about working in cybersecurity, either about the work itself or the industry?

One of the most surprising and equally rewarding aspects of working in cybersecurity is the constant opportunity to learn and grow. The pace of change keeps you sharp and pushes you to stay ahead of emerging threats and technologies. It’s a field where curiosity and adaptability are genuine assets. What also continues to surprise me is how phishing remains one of the most persistent threats. It’s not due to a lack of technical controls, but rather the ongoing vulnerability of human behaviour. With the rise of AI-powered attacks, this challenge is only intensifying, reinforcing the critical importance of continuous user education and awareness as a cornerstone of any effective security strategy.

3. What’s one project or accomplishment in your cybersecurity career that you’re most proud of, and why?

Two projects stand out as highlights in my cybersecurity career so far.

The first was leading the re-architecture of how we host joint ventures during our cloud transition. I played a key role in implementing this on a $1B government contract spanning 10 years. The project required balancing enterprise-grade security, scalability, and compliance across multiple organisations.

The second was a smaller but highly impactful initiative to close a critical gap in security group provisioning and lifecycle management. By leveraging internal data APIs, we developed a self-service permissions portal that dynamically creates and maintains tailored security groups across key identity infrastructure. This solution integrates seamlessly with SSO-connected applications, SharePoint, and Teams sites. Automated workflows enforce governance through naming conventions, ownership, and expiry. Resulting in a scalable, user-centric solution that strengthens security and improves operational efficiency.

4. Which skills or personal qualities do you think are most essential for success in cybersecurity, and why?

Success in cybersecurity requires a broad skill set, but three qualities stand out for me:

• Continuous learning: is essential to keep pace with evolving threats, technologies, and research.
• Strategic thinking: supported by a solid understanding of your organisation’s architecture, enables you to navigate complex challenges and design effective solutions.
• Ethics: around decision making is non-negotiable as it builds trust, ensures accountability, and underpins every action you take.

Together, these qualities form a strong foundation for resilience, leadership, and long-term success in this space.

5. Looking back, is there a moment when you learned a lesson that shaped how you approach cybersecurity today?

One lesson that shaped my approach is never underestimating the power of communication and collaboration. Early in my career, I focused heavily on technical problem solving. Over time, I learned that even the best solutions gain little traction without the right stakeholder engagement. Cybersecurity is as much about people as it is about technology. The ability to translate complex technical concepts into simple, digestible information builds trust, drives adoption, and ultimately aligns security with business objectives.

ACS is highlighting members working in cybersecurity to celebrate the diverse paths, experiences, and insights shaping this vital field. These spotlights showcase how professionals entered the industry, the challenges they’ve faced, and what drives their passion for protecting digital systems. By sharing their skills and stories, ACS aims to inspire the next generation, encourage knowledge-sharing, and highlight the critical role cybersecurity plays in Australia’s digital future.