Meet Fusion’s Cyber Security Lead Architect
Francis Kaitano is a strategic, innovative, delivery focused Cyber Security professional. Originally from Zimbabwe he came to New Zealand more than 10 years ago for a short stint with Deloitte, NZ. He has had more than 15 years leading, building and delivering security capabilities for organisations and leading on continuous improvement on these. He has worked for EY (Zimbabwe) & Deloitte (NZ) and across some of New Zealand’s largest and complex organisations across insurance, financial services, health, Public Sector, energy and utilities sectors.
With a diverse international background, Francis has strong technical and operational capabilities. He has an extensive certification portfolio covering specialties across Security Governance, Risk Architecture, Frameworks and Compliance, Security Project Delivery and more.
He has exceptional ability to engage with C-Level Level Executives, Senior Leadership Teams and CEO’s. He has a strong stakeholder management track record, building security teams in Wellington, and with an impressive reputation for delivering innovative security solutions for large organisations. He has been involved in designing and delivering large technology, digital and security transformational work programmes.
Francis is highly motivated to make an impact through delivering value-added cyber security services for enterprises, whilst making security an enabler of business agility and customer experience. He uses continuous delivery and DevOps methodologies to deliver robust security across the risk, cloud, applications, APIs, integration, networks, Data, Critical Infrastructure, Mobile, Identity and Access Management and Integration aspects of security and architecture.
“I am purpose driven with the passion and courage to be innovative, transformational, results oriented. I am a pioneer of value adding initiatives whilst maintain a strategic and big picture view at all times. My previous three roles were all ground breaking, leading the establishment of the cyber security capabilities, governance, strategies, frameworks, and reference architectures, from scratch up to the successful delivery of enterprise wide security capabilities working with board members, execs, technical and non-technical business stakeholders.”
A Practical Approach to Cyber Security
Francis believes cyber security and resilience are vital in gaining competitive advantage and should therefore be backed into the DNA and supply chain of every business. Francis is innovative and loves to simplify complex issues, from a tech and security perspective. His approach is to use simple, pragmatic and easy to grasp concepts with measurable outcomes.
He is well versed with both the New Zealand and global security arena, including the various frameworks, regulatory and compliance requirements impacting both the private and public sectors.
Francis actively contributes to the cyber security industry in a number of ways which include writing articles, being a sought after presenter for industry conferences, and being a full member of various security forums, locally and globally. He also volunteers with the local ISACA and ISC2 chapter providing training and mentoring to new and upcoming security, risk, and IT audit professional. He has taught by invitation at the Unitec Tech Future Labs Master of Applied Technology Futures on the topic of Cyber Security Leadership. He is the former Membership Chair for the ISC2 Wellington Chapter.
Some of Francis’ Previous Engagements
IAG – Information Security Manager (2015-2017)
Francis came into IAG at a point where security was considered as an IT issue and a blocker to projects and BAU initiatives. He drove a culture shift to a level where security became an agenda at the Board and Executive levels whilst seen as a business enabler. He also built from scratch a high performing, diverse and innovative cyber security team which became known across the organisation for its pragmatic approach to collaboration and delivery. He was involved in ensuring that security is built into IAG’s key multimillion dollar digital initiatives. Key highlights included:
- Developed the cyber security strategy and roadmaps
- Put the case for and involved in the multimillion boundary and network security simplification and resilience enhancement project.
- Worked across the group wide multi-year cyber security uplift program initiatives
- Improved the PCI DSS compliance posture across board
- Implemented foundational operational security uplift capabilities
- Backed security into delivery life cycles of transformational projects using Secure By Design principles
- Enhanced secure software security and automation
- Initiated an approach for building a security aware culture at IAG which resulted in increased security awareness across board
Contact Energy – ICT Security Manager (2012-2015)
Francis was part of the first fully functional security teams at Contact Energy and led the development of security frameworks and policies resulting in the successful improvement of security across the corporate and operational (SCADA,and Generation) parts of the business. Key highlights included:
- Developed the cyber security strategy and frameworks
- Implementation of the Denial of Service Capabilities across the organisation’s critical network and applications
- Designed and implemented the continuous vulnerability and threat management capabilities
- Security Design and Architecture for key projects such as the SAP rollout, CheckPoint Firewall Upgrade, Network Upgrade Projects , etc.
- Worked with key service providers to ensure that security configuration and hardening standards are adopted
- Managed and delivering key PCI DSS security strategic and operational initiatives
- Created simple and informative security management metrics and reports
- Defined requirements for Contact’s Cyber Security Insurance Requirements.
- Defining and architecture of the Multi Frequency Keeping security resilience requirements as per the national grid and NZX’s requirements.
Government and Public Sector Experience
Francis has extensive experience working in the government sector. This has included large complex projects and BAU initiatives aimed at designing security architectures, policies, frameworks, managing compliance, and delivering cyber security risk management and resilient security capabilities for agencies such as the IRD, NZTA and MoE. He has also worked on cross sector initiatives spanning multiple government agencies on solution architecture and security levels.
Business and Leadership Qualifications
- Executive Leadership and Strategy: Cornell University’s RedShift Program (PostGrad).
- Essentials of Directorship Certificate (Institute of Directors NZ)
- Aspiring Director Series Course: Institute of Directors NZ
- Various In-house leadership development and mentoring courses
Professional and Academic Qualifications
- Certified Information Systems Security Professional (CISSP), (the first certified CISSP in Zimbabwe).
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Security Architect (SABSA, SCF)
- Microsoft Certified Solution Developer (MCSD)
- Microsoft Certified Applications Developer(MCAD.Net)
- ITIL v.3 Foundation
- Certificate in Designing Secure Cloud Architectures (SABSA)
- Professional Diploma in e-Technology (National Institute of IT)- NIIT
- BSc. (University of Zimbabwe)