Tech Talk
Cybersecurity Leadership & Resilience: Lessons from Domino’s and UniSuper CISOs
In the fast-evolving world of cybersecurity, two leaders—Stephen Bennett, Group Chief Information Security Officer (CISO) at Domino’s, and Vijay Krishnan, CISO at UniSuper—share invaluable insights on security, business alignment, and resilience.
Domino’s CISO: Merging Security with Business Goals
Bennett describes his role as leading a startup within the global pizza chain. As the company’s first CISO, he initially struggled to pinpoint key security challenges but quickly adapted by immersing himself in meetings, shadowing senior staff, and becoming a “meeting pest” to understand what was and wasn’t working.
A turning point came during his first board meeting, where he realized the necessity of bridging security with business priorities. While security teams focus on technical complexities, business leaders are primarily driven by profitability. This realization shifted his approach—transforming security into a business enabler. Sometimes, this meant preventing risky decisions, such as blocking a proposed “Domino’s Dating” app in the Netherlands due to serious privacy concerns.
Bennett emphasized the importance of identifying and protecting the company’s “crown jewels”—its most valuable digital assets—while balancing security investments. Referencing Gartner VP Christine Lee’s insights from the Gartner Security and Risk Management Summit in Sydney, he acknowledged that increased protection comes with rising costs. At Domino’s, discussions are ongoing about recovery point objectives within this framework.
Exclusive Fraud Risk Management Bootcamp for BFSI Professionals in Lucknow on March 24 – Register Now!
One of Bennett’s most practical pieces of advice for CISOs is to “befriend a board member” to better understand what executives want to know about security risks. He suggests presenting key risks in a way that resonates with leadership—eschewing technical jargon in favor of clear, strategic communication.
His hands-on approach also extended to working in a Domino’s store for two days. Observing the strict governance around pizza-making—down to the precise amount of cheese and baking times—made him question why similar discipline wasn’t applied to cybersecurity across the company.
Reflecting on his early days, Bennett advises aspiring security leaders to engage with different business functions sooner rather than later. By the time he actively reached out, he was no longer the new face at Domino’s, making those initial conversations more challenging.
UniSuper’s CISO: The Power of Resilience in Crisis Management
Meanwhile, at UniSuper, CISO Vijay Krishnan highlighted the critical role of resilience in cybersecurity. The superannuation fund faced a major setback in May 2024 when a Google Cloud misconfiguration inadvertently wiped out UniSuper’s private cloud, affecting its core member administration system.
Despite the severity of the incident, UniSuper managed to recover within three weeks, thanks to its well-structured crisis management and redundancy strategies. Krishnan credited their robust, multi-cloud architecture for helping mitigate the impact, although in this particular instance, the private cloud deletion affected both availability zones.
The company’s saving grace was its strong backup strategy. UniSuper maintained backup copies not only within Google Cloud but also with two separate cloud service providers, ensuring data resilience. Additionally, infrastructure-as-code played a significant role in expediting recovery, while rigorous disaster recovery planning and simulations proved invaluable, even though they had not anticipated such a rare “black swan” event.
UniSuper’s business continuity plan, including pre-planned crisis communication protocols, also contributed to the swift response. Krishnan’s key takeaway for security professionals? “Ensure your backups are watertight” and stored separately from primary systems. Additionally, he urged companies to assess their architecture thoroughly, reinforcing the need for robust and resilient IT infrastructures.
Key Takeaways for Security Leaders
Both Bennett and Krishnan’s experiences highlight a crucial takeaway: cybersecurity isn’t just about technology—it’s about business alignment, risk management, and strategic preparedness. CISOs must communicate security priorities in business terms, integrate governance into everyday operations, and ensure resilience against unforeseen crises. Whether protecting a pizza empire or a financial institution, the key to success lies in balancing security with business objectives while being prepared for the unexpected.