Josh Cannons
Hello

I'm Josh Cannons

Information Security Manager | Governance, Risk & Compliance | Cloud Security | Executive Risk & Strategy

I am an Information Security Manager with a background spanning infrastructure engineering, DevOps and cloud platforms, now specialising in Governance, Risk & Compliance (GRC), security strategy and organisational resilience.

Having progressed from designing and operating enterprise technology to leading Information Security, I bring a practical understanding of both engineering and governance. This allows me to bridge the gap between technical teams and executive leadership, translating complex security challenges into pragmatic business outcomes.

At aXcelerate, I lead the organisation's Information Security programme, responsible for governance, risk management, regulatory compliance, audit, security strategy and executive reporting. My focus is on helping the business strengthen resilience, maintain customer trust and support sustainable growth.

Throughout my career I have worked across systems administration, cloud engineering, DevOps, Security Operations and Information Security leadership. This breadth of experience enables me to develop security programmes that are technically practical, commercially aligned and built for long-term organisational success.


My Approach

I believe effective security is built on understanding both technology and business. Whether working with executives, engineers or customers, my focus is on enabling informed decisions through practical governance, clear communication and risk-based thinking. These principles guide how I approach Information Security, Governance, Risk & Compliance and technology leadership.

Security enables business

Security should support organisational objectives rather than become an obstacle to delivery. By reducing uncertainty, strengthening resilience and enabling informed decision making, security becomes a driver of customer trust and sustainable growth.

Practical over theoretical

Good governance must be achievable in practice. I believe security controls should balance business risk, engineering effort, customer expectations and regulatory obligations while remaining practical to implement and maintain.

Technical credibility matters

My background in infrastructure engineering, cloud platforms and DevOps provides a practical understanding of how technology is designed, delivered and operated. This enables productive conversations with engineering teams while communicating risk in terms meaningful to executive leadership.

Governance creates confidence

Effective governance is about creating clarity rather than bureaucracy. Well-defined ownership, accountability and decision-making frameworks allow organisations to manage risk confidently while supporting long-term growth and continual improvement.

Areas of Expertise

Information Security Leadership

Developing and leading security programmes that align with organisational objectives, customer trust and sustainable business growth. Focused on building practical security capabilities that strengthen resilience while enabling engineering and business teams.

Key Focus Areas
  • Security strategy and programme leadership
  • Cross-functional stakeholder engagement
  • Organisational security maturity
  • Security culture and continuous improvement

Governance, Risk & Compliance (GRC)

Developing governance frameworks that support business objectives, regulatory compliance and effective risk management. Building sustainable governance programmes that improve organisational maturity without creating unnecessary operational overhead.

Key Focus Areas
  • ISO 27001, ISO 9001 & ASD ISM (RFFR)
  • Risk and compliance management
  • Audit readiness and assurance
  • Continuous improvement

Security Strategy

Developing security strategies and multi-year roadmaps that align security investment with organisational priorities, enabling growth while improving resilience and reducing operational risk.

Key Focus Areas
  • Multi-year security roadmaps
  • Business-aligned security initiatives
  • Security capability development
  • AI governance and emerging technologies

Executive Communication

Communicating technical security concepts in clear business language to support executive decision-making, governance and strategic planning.

Key Focus Areas
  • Executive and board reporting
  • Business risk communication
  • Security metrics and KPIs
  • Stakeholder engagement

Risk Management

Applying risk-based decision making to help organisations understand, prioritise and manage security risks based on business impact rather than technical severity alone.

Key Focus Areas
  • Enterprise and security risk
  • Third-party and technology risk
  • Vulnerability management
  • Incident management

Security Governance

Developing governance frameworks that establish clear accountability, practical policies and repeatable processes, ensuring security remains embedded within everyday business operations.

Key Focus Areas
  • Policies, standards and procedures
  • Control ownership and governance
  • Audit evidence and assurance
  • Governance process improvement

Cloud Security

Applying a strong infrastructure background to design, secure and govern cloud environments that are scalable, resilient and aligned with organisational security objectives.

Key Focus Areas
  • Amazon Web Services (AWS)
  • Infrastructure as Code
  • Identity and access management
  • Operational resilience

DevSecOps

Embedding security throughout the software development lifecycle by integrating practical security controls into engineering processes without compromising delivery velocity.

Key Focus Areas
  • Secure SDLC
  • Vulnerability management
  • Code and dependency scanning
  • Developer enablement

AI Governance

Supporting organisations in adopting Artificial Intelligence responsibly through practical governance, risk management and policy development. Focused on enabling innovation while protecting organisational data, meeting regulatory obligations and maintaining customer trust.

Key Focus Areas
  • AI governance and policy development
  • AI risk assessment and data protection
  • Responsible AI adoption and acceptable use
  • AI vendor assurance and transparency

Technologies I Use

Education

Docker Deep Dive

Linux Academy

Learning Chef DevOps Deployment

Linux Academy

Linux Academy Red Hat Certified Systems Administrator Prep Course

Linux Academy

Certificate III in Investigative Services

OCA Tafe

Bachelor's Degree - Information Technology (Network Security)

CQ University

Diploma of Information Technology (Network Administration)

TNQ Tafe

Experience

2022 - Present

aXcelerate

Information Security Manager

Progressed from DevOps Engineer through Security Operations into Information Security leadership, with responsibility for governance, risk management, compliance and security strategy across an Australian education SaaS organisation.

  • Develop and deliver the organisation's Information Security strategy and multi-year security roadmap.
  • Lead Governance, Risk & Compliance activities, including audit, assurance and control management.
  • Maintain compliance programmes aligned with ISO 27001, ISO 9001 and ASD ISM Right Fit For Risk.
  • Partner with executive, engineering and operational leaders on security risk, resilience and business priorities.
  • Develop security policies, governance frameworks, executive reporting and board-level metrics.
  • Lead initiatives across vulnerability management, secure software development, third-party risk and AI governance.
2017 - 2022

Reef Information Technology

Technical Services

Provided technical consulting, systems administration and IT support for small and medium businesses across a diverse range of industries.

  • Administered Windows Server, Active Directory, Group Policy, DNS, DHCP and file services.
  • Managed Microsoft 365, Exchange Online, identity, licensing and email security.
  • Delivered server deployments, virtualisation, infrastructure upgrades and business migrations.
  • Supported VMware, Hyper-V, networking, firewalls, VPNs and wireless infrastructure.
  • Managed backup, disaster recovery, patching and infrastructure lifecycle activities.
  • Worked directly with customers to provide technical guidance, troubleshooting and project delivery.
2016 - Ongoing

Privata

Governance, Risk and Compliance Services

Established as an independent technology consultancy supporting infrastructure and cloud environments, Privata has naturally evolved alongside my career into an Information Security and Governance, Risk & Compliance (GRC) practice. Today it focuses on providing practical security advisory services that help organisations improve governance, manage risk and build security programmes that support business growth.

  • Governance, Risk & Compliance (GRC) advisory.
  • Security strategy and roadmap development.
  • Security policy and standards development.
  • Audit readiness and compliance guidance.
  • AI governance and technology risk advisory.
2017

Turmeric Products Australia

Developer

Supported the development and operation of an online retail presence, combining website delivery, e-commerce administration and digital engagement.

  • Designed and maintained the organisation's landing page and blog.
  • Developed and supported the e-commerce platform.
  • Maintained website content and product information.
  • Supported social media marketing and online community engagement.

Audiad

Developer

Contributed to the design and development of a web application, gaining early experience across application development, data modelling and digital product delivery.

  • Designed and maintained the product landing page and supporting digital presence.
  • Developed application functionality using Django and Python.
  • Designed and maintained data models using SQL and Elasticsearch.
  • Supported early-stage application development and technical problem-solving.
Loading ...