Reflections on the Australian Infosec market

Size of information security department
Manufacturers - 1-2 FTE in security
Insurers - 2 -10 FTE in securty
Small Banks - 2-5 FTE in security
Large Banks - 50- 100 FTE in security

Typical activities
Testing new projects
Closing audit issues
Developing security policies
Managing vulnerabilities
Testing compliance with policy

Challenges
Implementing management reporting/metrics
Developing expertise in web application security testing
Producing standards for application developers
Figuring out a pragmatic approach to security logging