Josh La Verghetta - Risk advisory services.

Josh La Verghetta

Director, Risk Advisory Services

Risk Advisory Services

Contact

Executive Summary

Executive summary

Josh is a Director in the Risk Advisory Services team with BDO in Perth. He has a strong track record in leading the identification, assessment, and mitigation of technology risks for organisations across multiple industries, including natural resources and energy, government and public sector, education and critical infrastructure and utilities.

With more than a decade of experience spanning both information technology (IT) and operational technology (OT), Josh specialises in bridging the gap between technical solutions and business strategy, enabling effective risk management and informed decision-making for his clients.

Josh is committed to empowering organisations by positioning cyber security as a strategic enabler. He is passionate about supporting businesses in confidently adopting emerging technologies, such as artificial intelligence (AI), by integrating security solutions and processes that support innovation and accelerate digital transformation.

Expertise

  • Cyber security threat and risk assessment
  • Technology risk management
  • Technology resilience
  • Operational technology (OT) security
  • Offensive security
  • Internal audit
  • AI security and trust
  • Cyber security education and training.

Experience

Natural Resources & Energy

  • Leading a threat and risk assessment for a mining organisation’s end-to-end pit-to-port supply chain
  • Leading a review of a global mining organisation’s material cyber risks to ensure causes, impacts, ratings and controls were appropriately identified
  • Leading an OT disaster recovery internal audit for a global mining organisation’s port and rail operations
  • Leading multiple IT and OT internal audits for a global energy organisation, focusing on critical infrastructure operating assets
  • Leading the development of a contextual security architecture for a global energy infrastructure organisation
  • Leading the cyber security stream for a Security of Critical Infrastructure Act (SOCI) Critical Infrastructure Risk Management Plan (CIRMP) for a critical utility
  • Leading multiple red team security assessments for Australian utilities.

Government & Public Sector

  • Developing a security assessment framework for a federal government agency to assess third parties with access to their systems
  • Developing a risk-based audit program for a state government agency to manage cyber security requirements in an efficient and secure manner
  • Leading a review of a state government agency’s processes to manage cyber security risks associated with third parties
  • Leading an Australian Cyber Security Centre (ACSC) Essential Eight (Essential 8) maturity review for a state government agency.

Corporate

  • Leading a National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) for a financial services institution
  • Developing multi-year technology risk assurance and audit plans for a top 10 ASX-listed organisation.

Higher Education

  • Leading a review of an education provider’s IT and cyber security operations using the Control Objectives for Information and Related Technology (COBIT) framework
  • Supporting a university in identifying risks and developing remediation strategies associated with increased Internet of Things (IoT) usage.

Qualifications and affiliations

Bachelor of Engineering, Software (Hons)