Home > Our People > Ross Widdows
Ross Widdows, Partner, Advisory, Cyber Security

Ross Widdows

Partner, Advisory, Cyber Security

Sydney

+61 2 9240 9815

vCard

Ross is a cyber security and technology Partner in Sydney’s Advisory practice. With over 15 years of experience, Ross has worked worldwide, including operational roles across industry and providing consulting services at professional firms in Europe, the Middle East, and Australia.

In his role at BDO, Ross leads the Cyber Security team, which provides cyber security, data governance, technology risk, and GRC services.

Ross has supported some of Australia’s most successful established organisations and start-ups in achieving confidence in their cyber strategies, thus allowing them to focus on their business goals with confidence. Through this, he has developed a strong network of contacts at the Board and senior level across the cyber security space and more broadly across multiple industry sectors and with regulators.

With a strong background in cyber security, Ross’s core expertise lies in helping organisations identify and protect their essential information assets and develop fit-for-purpose cyber strategies and control environments.

Services

  • Cyber Security
  • Financial Services Technology
  • Risk and Regulation
  • Systems Integration
  • Emerging Technology
  • Personnel Management
  • Proficient in multiple coding languages – Python & Ruby

Sectors

  • Financial Services
  • Retail
  • FinTech
  • Government
  • Construction
  • Technology

Key assignments

  • Implementing effective cyber risk management practices that allows an organisation to understand what they are trying to protect and from who. This allows management to make targeted investment decisions based on risk.
  • Assisting organisations to develop well-informed cloud strategies, including the evaluation of both technical and strategic requirements. Experience with AWS, Google, and Azure security architecture.
  • Preparing for and implementing the requirements necessary to meet Regulatory requirements, such as APRA Prudential Standards CPS 231/232/234. Including engagement and collaboration with the Regulator and other industry bodies.
  • Developing social engineering, threat intelligence and behavioural analysis plans to highlight gaps in business operations and training that can lead to downstream impacts on information security.
  • Working with FinTech’s and start-ups as an on demand CISO, to help navigate and implement fit for purpose cyber defences and strategies.
  • Cyber framework assessments, remediation activity and control implementation, including ISO 27001:2013, NIST, PCI DSS, CIS. SOC2 and SWIFT CSP.

Qualifications

  • AWS Security Speciality
  • CISA – Certified Information Systems Auditor - ISACA
  • ITIL Foundation
  • COSO Internal Control Certificate

Authored insights

Article: An overview of the Critical Infrastructure Bill
Article: Ransomware explained - An analysis of the Government's new ransomware action plan
Webinar: Mapping the Fraud Blueprint of Tomorrow - Tech
Article: ISO 27001:2013 and the new fraud standard - building organisational cyber security and operational resilience

“I am excited to build a cyber capability that will help to secure both Australian start-ups who are disrupting the market with innovation and digital thinking, and the established organisations who are transforming their products and services to meet the needs of a digital world.”