Leon Fouche

Executive summary

Leon is a Partner in BDO’s Cyber Security team in Brisbane, and BDO’s National Cyber Security Lead.

He has over 20 years’ experience delivering a wide range of business and IT projects, ranging from strategy development through to system implementation, in Australia, Europe and Africa. Leon specialises in cyber security and technology risk advisory and has held numerous senior roles in these practice areas; this includes working extensively with Boards and C-suite leaders in the government and the private sectors.

Expertise

• Security and threat risk assessments to identify high risk areas within organisations, people, processes, and systems
• Cyber health checks and cyber strategy development to help organisations become more resilient and proactive in managing their cyber security risks
• Incident response and forensic analysis to identify and remediate systems affected by a cyber security breach
• Strategic threat intelligence and analytics to educate organisations on which adversaries would be interested in cyber attacking them and why
• Security awareness and incident response training to help organisations become more cyber security aware and effectively respond to incidents
• Cloud strategy and risk assessments to help organisations understand their risks and effectively manage systems and information security when migrating to the cloud.

Experience

• Leading multi-year co-sourced IT and cyber security internal functions across various financial services, government, utilities, and critical infrastructure organisations
• Various APRA CPS compliance reviews
• Leading a cyber security transformation program for a critical infrastructure operator
• Leading numerous vulnerability assessment and penetration testing engagements focusing on infrastructure (external and internal), web applications, wireless networks, mobile devices, operating systems, etc.
• SOC strategy development for an education institution, covering security logging requirements, incident management procedures, and resource capability to support security operations
• Leading a state government cyber incident response capability engagement, reviewing all agency SOC, incident response plans and cyber resilience capability
• Leading various privacy impact assessments and GDPR engagements across the government and financial services sectors
• Cloud risk assessments in the government, financial services, infrastructure, and resources sectors
• Various IT managed service provider reviews covering IT service management and IT governance across the government, financial services, and utilities sectors
• Cyber security awareness training for company boards and staff across various industry sectors.

Qualifications and affiliations

• Bachelor of Engineering
• Master of Engineering
• Certified Information Systems Auditor (CISA).
• Affiliate Member, Australian Information Security Association (AISA)
• Australian Federal Government Security Clearance (NV1/SECRET)

Professional engagements and activities

• Cyber security enhancement crucial for boards, says cyber expert, Accounting Times, 7 October 2024