Kieran Jacobsen

Kieran Jacobsen

He/Him. Microsoft MVP and GitKraken Ambassador. 🌏 Poshsecurity.com. 🏳‍🌈 Gay.

Melbourne, Australia


Kieran Jacobsen (he/him) works at Phocas Software as the Head of Business Systems. Kieran combines his passion for business process automation, systems integration, and cybersecurity to help organisations rapidly grow and evolve.

Kieran’s involvement in the technology community has seen him present at Microsoft’s Ignite the Tour, NDC Sydney, and CrikeyCon. Kieran is well known for his security focused presentations that blend real-world examples with storytelling.

Microsoft has recognised Kieran’s contributions to the community by awarding him with their Most Valuable Professional since 2017. Kieran is also a member of the GitKraken Ambassador Program.

Kieran lives with his Husband in Melbourne, Australia. In his spare time, Kieran enjoys gaming, Dungeons & Dragons, and Melbourne’s amazing food culture.


Area of Expertise

  • Information & Communications Technology


  • PowerShell
  • Azure
  • Automation
  • security
  • devops
  • devsecops

Understanding the Cyber Security Acronym Soup

Over the last several decades, international standards bodies and governments have developed an acronym soup of cyber security standards. We commonly hear: SOC ISO/IEC, PCIE, ESTI, CIS, IRAP, ISPC; but how much do we really understand the goals, purposes and impacts on these standards?

In this session, we will be diving into some of these standards, with the aim of answering two critical questions:
• What does it mean for an organisation to be compliant with these standards?
• What does it mean for consumers of IT services when a provider or vendor has these certification?
• How can consumers be confident that their IT service providers/vendors are actually following the processes outlined in these standards?

In this presentation I am going to describe the who, what, when, where and why of cyber security standards; their implications on customers, development, security and operation teams; and how they may being positive and negative change to company culture.

Avoiding DNS Pain

In every organisation DNS is a critical system, but it rarely gets the attention that it deserves. We rely on DNS for the smooth operation of our businesses; if your customers can’t reach your website or email you, then your business is effectively cut-off.

Organisations will keep disaster recovery plans and business continuity procedures for their corporate websites, mail servers and internal systems; but how many of these plans and procedures include DNS?

Over the past few years, attacks against DNS have been on the rise. These attacks may be direct attacks against DNS server software; but they can also come from compromised credentials or DNS zone misconfigurations such as dangling DNS entries.

In this session, I am going to walk through performing a DNS maturity assessment and how you can improve the management of DNS with tools like DNSControl.

Using GraphQL as a Secure Innovation Boundary and data-driven culture driver

Do these scenarios sound familiar?

* "It's hard to innovate; every time we want to access some data we need to talk to multiple teams and wait to get approval."
* "When we access our core data we need to wait for a time-constrained subject matter expert to help us out; the data schema of our core systems is hard to decipher without their help."
* "The easiest way for us to integrate with core systems is via the reporting replica databases, but now all of our systems are tightly coupled and we can't evolve our core systems."
* "Our systems integration landscape is a security nightmare, there is no cross-cutting authorisation or telemetry and we are using shared database credentials between systems that give full access to all the data."

As consultants, we've seen these problems occur commonly across multiple organisations. As it turned out, we were no exception either! We recently realised that these problems we've helped identify and solve for our customers were impacting our business, Telstra Purple, the largest Australian-owned technology services company. To address this, we took our learnings from multiple customer projects and applied them to our business. This involved using GraphQL to implement a Secure Innovation Boundary that we lovingly call Purple Graph!

In this presentation, we will describe how we went about pitching, prototyping, launching and operating Purple Graph. We will cover the learnings we've had along the way (technical and non-technical) and talk about the cultural change that we are starting to drive using this technology.

You'll leave this presentation with an understanding of the people, process and technology changes we were able to drive using this technology as well as our technical and non-technical tips to help you want to roll out a similar change to your organisation.

Panel: Career changers - the ideas, suggestions and people who influenced your career

Panel of industry professionals discuss the pivotal moments in their career including ideas, suggestions, advice and people that changed their career tragectory.
Hosted by:
Shiva Ford (Community Program Manager, Microsoft)
Natalie Yan-Chatonsky (Founder & CEO, Full Time Lives)
Kieran Jacobsen (Head of Information Technology, Telstra Purple)
Sarah Bowden (Microsoft, Sarah Bowden One Commercial Partner Director)
Amy Kapernick (Front End Dev, Evangelist, Dog Lover)

Bank Grade Security

Banks and financial services providers love to make some big claims when it comes to the security of their products and networks. The truth is, the phrase "bank grade security" has become an oxymoron. Many institutions have failed to implement basic security controls, least to keep ahead of security curve. Yet we continue to place considerable trust in them, and put up with security controls that are counter-productive, all to maintain the theatre of security.

This session will look at some of Australia's largest institutions. With simple tools we will make some of our own assessments on how well they secure their networks.

The Boring Security Talk

We all know that securing our applications is a necessity, but it can be incredibly boring. With time and budget constraints, we often focus on the more exciting security aspects and tools. In this talk, we'll be looking at some of the aspects to our application security that are often overlooked; the software we depend upon, CI/CD infrastructure, sending email and resolving DNS. Vulnerabilities here might not result in a newsworthy breach, yet they are still worth discussing and defending.

NDC Sydney 2020 Sessionize Event

October 2020 Sydney, Australia

Microsoft 365 May 2020 Sessionize Event

May 2020

NDC Sydney 2019 Sessionize Event

October 2019 Sydney, Australia

DDD Sydney 2019 Sessionize Event

September 2019 Sydney, Australia

DDD Melbourne 2019 Sessionize Event

August 2019 Melbourne, Australia

Global Azure Bootcamp - Melbourne Sessionize Event

April 2019 Melbourne, Australia

NDC Sydney 2018 Sessionize Event

September 2018 Sydney, Australia

Global Azure Bootcamp Melbourne 2018 Sessionize Event

April 2018 Melbourne, Australia

Kieran Jacobsen

He/Him. Microsoft MVP and GitKraken Ambassador. 🌏 Poshsecurity.com. 🏳‍🌈 Gay.

Melbourne, Australia


Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top