Mark Goudie

Consulting Director

Cisco Security Services

Mark Goudie, is Security Principal in the Cisco Global Security Services organization in the Asia Pacific Japan and China (APJC) region. He is a recognised expert that has learned many lessons from investigating security incidents and data breaches in the APJC region as well as in the United States. He has been awarded citations from national law enforcement agencies for his contribution into the illegal activities of international organised crime rings. These investigations resulted in arrests and convictions in four countries. Mark has over 20 years of technology experience to complement his investigative skills, which adds real world practicality to breach containment and security remediation recommendations.

He has a wide range of security knowledge within Corporate Governance and IT environments (Network, Systems, Applications, and Cloud), with focused strategic business and IT transformation at the executive and board level. Mark has successfully designed, implemented and managed compliance programmes in line with, in-country legislative requirements (e.g. Privacy law, Employee law, Sarbanes-Oxley etc.), as well as ITIL practices, PCI DSS and ISO27001.

Mark is a frequent speaker, an active member of numerous industry associations, regularly contributes thought leadership to media, and is the founding president and current treasurer of the High Tech Crime Investigators Association (HTCIA) of Australia. He is also a founding member of the SANS/GIAC Advisory Board, the Asia Pacific representative on the GIAC Ethics Committee and was formerly a contributing author to some of the security industries most widely lauded annual security reports.


June 1, 2016


Insiders: The often forgotten threat

8 min read

Insider threats are of particular concern to organisations as the impact of a rogue insider can be catastrophic to the business. The 2016 Verizon Data Breach Investigations Report showed that 15% of data breaches were a direct result of insider deliberate or malicious behaviour.  Given that it is not likely that all insider breaches are discovered […]