Gartner Expert

Rob McMillan

Managing Vice President

Rob McMillan covers information and IT security topics such as strategic planning, security policy and governance, security incident response, risk management, and security metrics. He brings firsthand experience with nine years in the financial services industry at the executive level within one of the largest banks in the world. Prior to this, Mr. McMillan spent 12 years within the university sector, including nine years with specialist security incident response teams.

Previous experience

Mr. McMillan joined Gartner after almost nine years in information security at the Commonwealth Bank of Australia, where he was Executive Manager of Business Information Security Support. In this position, he was responsible for developing and implementing security policies and standards, operating the bank's threat intelligence capability, implementing the security awareness program, rolling out security infrastructure technologies, and a range of other issues. During this time, he was also a key participant in broader industry initiatives.

Prior to this, Mr. McMillan was co-founder and general manager of AusCERT, responsible for the strategic direction and overall operational management of its core business. He had also spent four years with CERT in the U.S.

Professional background

Commonwealth Bank of Australia

Executive Manager, Business Information Security Support

University of Queensland (AusCERT)

General Manager

Carnegie Mellon University (SEI/CERT)

Member of Technical Staff

Areas of coverage

Security and Risk Management Leaders

Information Security Management Program (retired)

Technology, Information and Resilience Risk

Education

Associate Diploma in Applied Science, Applied Chemistry, Queensland University of Technology

C.B.A. Executive Education Program, MIT Sloan

B.AS., Computing, Queensland University of Technology

Read More Read Less

Top Issues That I Help Clients Address

1Security strategy, governance, organization, budget and staffing

2Presenting risk and security to senior management and the board

3Measuring security and its relevance to business objectives

4Security policy development and implementation

5Security incident response planning