Talking crypto, cybersecurity and ACS microCredentials with Nikesh Lalchandani MACS Snr CP (Cybersecurity)

5th November 2021

Highlights

• Technology Consultant, Author and Board Member, Nikesh Lalchandani MACS Snr CP (Cybersecurity), shares his insights on the impacts of emerging technology such as cryptocurrency on the Australian finance industry.
• As a recently awarded ACS microCredentials recipient, Nikesh explains why technology professionals and hiring companies should consider credentials highly in their employability metrics.

Technology is changing banking in a big way.  Fundamental to payments and banking is money, and as we have all seen, cryptocurrency, digital currencies and electronic forms of money are taking over from coins and notes. Many countries are talking about Central Bank issued Digital Currencies (CBDCs). The core of a bank is the ledger - traditionally this was a big book, now it is a computer system, and as we open ledgers up through initiatives such as open banking or Consumer Data Right, and eventually through blockchain, it will really transform the way money, payments and banking works. If you think about how much of our work and personal lives revolves around money and payments - that transformation is a big deal. Cybersecurity is central to the integrity of new systems, in the old days we would design systems and only check cybersecurity at the end. Technologies such as Bitcoin and other cryptocurrencies, demonstrate how we need to start with cybersecurity.  All the payment organisations and banks are looking at Digital Identity as the next big thing: this is also a cybersecurity concern.

2. Chair of the Senate Select Committee, Senator Andrew Bragg released a report looking at how cryptocurrency should be regulated in Australia. Are the recommendations of the report a positive step forward for cryptocurrency adoption in Australia?

Senator Andrew Bragg and his committees have done a great job in trying to move the bar forward. We are ahead of the world.  Traditionally, though, regulation is playing catch up with a quickly changing landscape. For example, if a bank goes broke, you can still get your money, but if a crypto-wallet company goes broke, you have lost your savings: the Senator's report recommends fixing this. Here I think we have an opportunity to use the new technology to have a positive impact on the world and I think this may have been overlooked. First is increased payment safety. It is still possible to transfer money anonymously for criminal purposes - good regulatory technology can solve that problem, it is too important to leave it to individuals: even CBA and Westpac made mistakes, what hope does a small business have? Also digital is international not local - we need to take a global lead on things like Digital Identity - I am disappointed we are not. In some states we have 4 vaccination digital certificates, and none of them adopt the international standard, and few of them are secure.

3. You were recently awarded ACS microCredentials in Information Security (Platinum) and Secure Development & Security Architecture (Diamond). How will ACS microCredentials help you in your career moving forward?

I do a lot of consulting work these days, and I have established my own name and brand in the industry, something I hope more of us will do.  Membership of the ACS, certified professional and especially microCredentials fill a gap of establishing my capability without relying on the company I work for. It empowers professionals, and gives individuals and clients confidence that they have the "real deal". 

4. Describe why microCredentials are important to the ICT industry? 

The process of filling roles in IT is subjective, and with a widening skills gap, we don't always select the right people for the job.  Unlike some other professions, ICT is open to everyone, but in some cases requires higher expertise than any other vocation. Macro credentials like a degree, are useful for long running roles or to enter the field as a generalist, but in an increasingly gig economy, it is important that we get the right skill for the right job. That's where micro credentials are useful. The beauty of the ACS microCredentials are that they look at the underlying skill of a holder and are less about a specific vendor technology (I believe too many employers focus on the tech, that you can pick up, and not the skill). With ACS microCredentials, all the hard work of technically interviewing and testing has been done, so as a client you can hire someone with the microCredential, confident they can do the job. There is a big difference in capability between those who can do and those that just talk, and as technology becomes more sophisticated, experts with these credentials will stand out.

5. How did you find the ACS microCredential process? Do you have any tips to give to members interested in applying?

I had already completed CISSP which is one of the hardest international certifications in cybersecurity. My experience was in architecture and strategy, and because I had the experience, I was able to complete the test and was confident in the interview.  Unlike CISSP where you have to know lots of technical facts, the testing for the microCredentials did not require study but looked at your experience and checked your understanding of concepts. The lowest level "Bronze" is itself a great achievement and demonstrates you are at the highest level of a technical practitioner (SFIA level 3). An employer can feel confident you can do the job. My recommendation is to go for bronze, anything above that level is a bonus. I urge established and emerging professionals to seriously consider these microCredentials as our best path of ensuring a high professional standard. Professionals and hiring organisations should weigh these credentials highly: they are objective independent assessments by professional peers in the Australian ICT industry.