Home
You’re currently viewing our content for All Regions.
You can switch to a different region:
August 27, 2025
Much like the sandstone which provides a structural bedrock and historical reference, the University of Melbourne has resilience etched into both its foundation and philosophy.
The oldest university in Victoria – founded in 1853 – continually walks that invisible tightrope between tradition and transformation. Regardless of approach, each is underpinned by an elastic framework designed to create a robust durability that is delicately counterbalanced by pioneering flexibility.
Welcome to the daily juggling act of the modern day CIO.
“The short answer is, there’s not an easy answer,” acknowledged Byron Collins, CIO of University of Melbourne.
Pressing an executive leader on this topic can be foolhardy however. This isn’t a zero-sum game, nor is it black or white.
Protecting the prized assets of the University is mission-critical. Embracing innovation to foster creativity and enable excellence is non-negotiable.
Hence why nuance is the name of the game.
“Trying to deal with both doesn’t lend itself to an easy answer so I won’t try and give one,” Collins added.
Collins has led the Infrastructure Services portfolio at the University since its inception in 2014, initially focused on the operational service delivery of information technology and facilities management.
In 2016, the role of CTO was added to his responsibilities, including information technology strategy and project delivery to the portfolio.
Today, Collins leads a team of over 500 professional staff across a range of disciplines including IT, Space Management, Facilities Management, Research Computing and Bioresources Management.
Widely considered as the benchmark for excellence in Australia, the University operates two core business models – teaching and learning alongside research.
From a teaching and learning standpoint, the institution has more than 53,000 students, 45% of which are international students spanning over 150 nationalities.
As a “research intensive university”, research income stood at $663.5 million in 2023 and continues to rise annually.
Independently published global and program rankings are enviable both domestically and internationally:
Strengthening cyber resilience
The Security of Critical Infrastructure Act 2018 (SOCI Act) regulates critical infrastructure assets in the higher education and research industry. That means if a University is compromised through a cyber attack, a range of reporting obligations come into effect.
“We have obligations that go above and beyond many other organisations in the broader economy,” Collins explained.
“If federal authorities felt that we weren’t responding in an appropriate way, they can intervene and take control of our environment. Of course, we are prepared for that to never happen but in a worst case scenario, we are bound by certain obligations.”
Accountability also extends to the University Council, which is the peak governing body of the University.
“The main focus of Council tends to focus on cyber security and what would happen in the event of a compromise,” Collins said. “Many members are from outside of our sector and sit on other boards and government bodies – so naturally, it’s top of mind.”
As CIO, Collins presents a cyber security update to Council each quarter and a total of five times per year. Expectations and questions naturally focus on the aftermath of a breach in terms of how the University would respond and its ability to continue operations.
“Universities are unlike several other types of organisations in that depending on what gets compromised, teaching and research can often continue,” Collins added.
“For example, if our finance system went down for a few days, it’s not like a bank which would mean they can’t trade. So it becomes a nuanced conversation and in the end, always comes back to a question of business continuity.
“The potential reputational damage is also there, especially if we were to lose large research data sets that might be attractive to third-parties.”
Collins operates with an abundance of caution on the issue of cyber security. Nothing is taken for granted and no stone is left unturned in the pursuit of improved protection.
“In effect, we’re running a small city from an infrastructure perspective,” he outlined. “We run a private data centre with over 6000 wireless access points in our Wi-Fi network.
“On any given day during a semester, we can have more than 40,000 unique connections to that network scattered across over 600 buildings. That can be at our main campus in Parkville but also across our other smaller campuses around the city and rural Victoria.
“At times, that does test the limits of technology capability which is why we work very closely with Cisco to ensure we’re taking advantage of the latest and greatest in this environment.”
In recent years, education has become a high-profile target for cyber security hackers in Australia due to the vast amount of sensitive data held by schools, universities and training providers.
These institutions store personal details of students, staff and alumni, including addresses, birth dates, medical information and financial records. Such data is highly valuable on the dark web and can be exploited for identity theft, fraud or ransom demands.
Universities are also prime targets because they often conduct cutting-edge research funded by governments and private industries, making intellectual property theft a lucrative motive.
“It’s an incredibly challenging issue to deal with,” Collins acknowledged. “A long time ago, when I was a graduate student, hackers were smart students trying to hack into the admin systems of the university to show off to their friends. They’re still around, by the way.
“But now we have nation state actors. We have a standard level of cyber criminals who are looking to exploit whatever they can.
“As a university, we have collaboration arrangements and an academic culture which means we’re not like a bank. We can’t lock things down as tightly as a bank.”
That’s not to suggest vulnerability however. Rather a nuanced approach based on depth and not relying on any single control.
“We adopt a layered approach and are focused on minimising any potential contamination to our environment to avoid it spreading quickly, should a breach occur,” Collins continued. “Ensuring the breadth and depth of protection is crucial but you can never make guarantees.”
Such a refusal to entertain complacency ensures Collins and his team remain vigilant to the endless – and likely limitless – wave of attacks targeting high-profile institutions such as a sandstone university.
“We get what we need from Council in terms of resources,” Collins said. “It’s probably the question I get asked most by Council, do you have all the resources you need from a cyber security perspective? That gets asked every meeting.”
The answer however, is always given in context.
“It’s not a problem you can solve by throwing money at it, again and again,” Collins cautioned. “I could spend my entire IT budget on cyber and never be able to guarantee that we won’t get breached.
“So, my approach to that question is that we regularly run maturity assessments. We form a solid structure on the basis of those maturity assessments and we go about implementing that strategy in a progressive way.”
Specific to resources, Collins reframed the question to instead prioritise funding the delivery of a cyber strategy based on such benchmarking findings.
“In my mind, just throwing money at the problem will most probably result in wasting a lot of money,” he explained.
“Buying tools willy-nilly isn’t a viable strategy. Instead, focus on ensuring the right tools can integrate in a way that minimises the degree in which gaps exist between them.”
According to Moxie Research, 81% of Australian businesses are currently consolidating the number of cyber security vendors they work with.
By extension, 75% are also consolidating the number of cyber security outsourcing partners working in the account, such as managed security service providers (MSSPs), consultancy firms and system integrators.
For the majority, the aim is to consolidate the number of cyber security tools and vendors into a unified solution and/or platform during the next 6-12 months – a plan currently in place for 67% of companies surveyed and under consideration from a further 21%.
When probed further by Moxie Research, Australian businesses either “strongly agreed” or “agreed” with the position that multiple security vendor products create:
Delivering digital resilience
As the daily battle to protect the institution continues, universities are also rapidly embracing digital technologies to transform how they deliver content and engage with students.
This includes increased investment in blended and online learning models that combine face-to-face teaching with digital platforms. Lecture recordings, interactive modules and on-demand resources are now standard, allowing students to learn at their own pace and revisit complex material as needed.
Virtual classrooms, video conferencing tools and learning management systems provide flexible access to course content, enabling participation from anywhere in Australia, or the world.
“The truth is that changes were already underway in the sector in terms of how content was being delivered,” Collins said.
“The old style, large format lecture delivery was still happening but in some instances, we had started to move towards delivering that content in different ways. Then the campus activity became about the reinforcement of learning.”
The impact of COVID-19 accelerated that change, speeding up a trend that was already underway at the University. In that sense, the logistics of closing the University and moving everything online created minimal impact from a learning standpoint.
“In many cases since then, we have reverted back to the physical delivery of content but a large number of subjects have retained a great proportion of digital delivery,” Collins added. “This continues to be supplemented by reinforced learning when students are on campus.”
Citing the migration of student behaviour during the past 20-30 years, Collins recalled a time when campus attendance spanned five days a week irrespective of subject.
“Whereas today, students have part-time jobs more often than not so they try and condense the number of days that they’re on campus,” Collins shared. “But when they do come in, they’re looking to do other things beyond just attending tutorials or lectures.
“That could be catching up with colleagues, socialising or in some cases, taking advantage of the Wi-Fi that we have. Perhaps less so now but certainly 4-5 years ago, our Wi-Fi was better than what many student had at home.”
For Collins, the patterns of attendance and activity on campus are placing new requirements on the University from a technology standpoint.
“We run a BYOD device policy via an open network,” Collins added.
“We still see the physical campus as being an incredibly important part of what we deliver. Content delivered online is a supplement to the overall experience, not a replacement of.”
By embracing digital delivery, universities are breaking down geographical barriers, fostering inclusivity and preparing students with the digital literacy skills essential for success in the modern economy.
The domino effect for Collins and his team is the creation of an attractive and appealing culture for technology professionals in the market.
“There’s a particular type of person that likes to work in the ICT function of a university,” Collins continued. “Especially on the infrastructure side because we provide challenges that perhaps don’t exist in other organisations.
“From a people perspective, our turnover is about 8% which I would say is a fraction too low in terms of bringing new blood into the organisation. But people join and enjoy the challenge – they enjoy the fact that we are constantly looking at new ways to service the needs of students and researchers which is a good standard to hold.”
Specific to change management, significant updates naturally occur during downtime windows to avoid disruption to students aligned to the academic calendar.
“But we did move to digital examinations which required us to fit out the Royal Exhibition Building in Melbourne with portable Wi-Fi capabilities for the period of the exams,” Collins said. “There are all sorts of manifestations that have an impact from a change management perspective.”
Igniting innovation with AI
According to the Cisco 2024 AI Readiness Index, artificial intelligence (AI) has become a cornerstone of business strategy due to an increased urgency among companies to adopt and deploy AI technologies.
In Australia, 92% of organisations acknowledge such urgency, driven primarily by the CEO and leadership team. Additionally, companies are committing a significant number of resources towards AI, with 38% reporting that as much as 10-30% of their IT budget is now being allocated to AI deployments.
Don’t equate enthusiasm with execution however.
The Cisco 2024 AI Readiness Index measures AI readiness of companies across six key pillars: Strategy, Infrastructure, Data, Governance, Talent and Culture.
Based on their readiness score, companies are categorised into four levels: Pacesetters (fully prepared), Chasers (moderately prepared), Followers (limited preparedness) and Laggards (unprepared).
In Australia, current AI market readiness ranks as:
Only 4% of organisations in Australia are fully prepared to deploy and leverage AI-powered technologies, down from 5% a year previously. This decline underscores the challenges that companies face in adopting, deploying and fully leveraging AI.
“Our approach to AI is multi-faceted,” Collins explained. “In terms of the entire organisation, we have a governance group looking at AI and broadly speaking, that includes research, teaching, learning and the enterprise.
“From my perspective as CIO, we have set up an internal AI environment so that researchers and academics can test out ideas in a safe way.”
Beyond this, Collins said plans are also underway to leverage AI to meet internal service delivery requirements with a specific focus on streamlining service management across the enterprise.
“But we don’t want our data going into public AI engines, at least until it’s been scrutinised and is ready,” Collins clarified. “There’s the provision of that environment and the provision of our associated capability to help usage in that environment.”
By Australian standards, the University runs a “significant” high-performance compute and storage environment for researchers with approximately 21-22 petabytes of data currently housed in the organisation’s data centre.
“That’s probably one of the areas that we will continue to invest in,” Collins shared. “We’ve looked at the economics of moving some of that to the cloud but it really doesn’t stack up for a whole bunch of reasons.
“Researchers and academics, by nature, are inquisitive. They like to push the boundaries which includes downloading new software all of the time – and they’ll correctly say that is part of the research process.
“Also, we collaborate with other universities which creates a huge amount of data flowing in and out of the organisation on any given day. That would set off alarm bells in any other business because it would look like a significant exfiltration event.”
From a student perspective, Collins stressed that the University does not see the physical campus as disappearing “anytime soon”. In fact, quite the opposite.
“We think that is part of the value proposition but it will continue to be augmented and enhanced by technology,” he added. “Particularly for those who might live close to campus and who are regularly attending and seeking out study spaces.
“I don’t see that landscape changing very much during the next four to five years but yes, we will continue to enhance how we use technology to improve the physical experience.”
Inform your opinion with executive guidance, in-depth analysis and business commentary.
