With seven years at ctrl:cyber and experience across offensive security, engineering, advisory, and operations, Kosta has seen Ctrl evolve through multiple stages of growth and maturity. Today he leads the Risk Operations Centre, supporting teams, clients, and leadership through some of the most complex security challenges organisations face. Read his Ctrl In Focus Q&A below.

 

Q.  How did you first become interested in cybersecurity?

A. My interest in cybersecurity started with simple curiosity. In primary and secondary school, I found myself exploring the inner workings of our computer networks, testing the boundaries of access controls and seeing how far I could get before the IT administrators stepped in. Each time I pushed those boundaries, my access was blocked shortly afterwards. Looking back, those early “catch me if you can” moments were my first real lessons in security.

As a first-generation Australian, my Greek parents were understandably cautious about letting me spend too much time out of the house. That meant I grew up surrounded by technology and computers, an environment that naturally pulled me deeper into the world of IT.

When I entered the workforce, I gravitated toward security-related work, often taking the lead on investigations into attacks against the companies I worked for. That blend of problem-solving, detective work, and the feeling of a digital “cops and robbers” chase was exhilarating. It became clear that cybersecurity wasn’t just an interest, it was the path I wanted to specialise in.

 

Q.  You’ve been with Ctrl for a while now – tell us about your journey here.

A. My journey with Ctrl is an interesting one, because it almost didn’t happen. Due to existing work commitments, I couldn’t make it in for an interview – so our CEO, Steve Williams, offered to come and meet me instead. We connected quickly, and soon after I joined as a Penetration Tester and Security Specialist.

What started as a technical role evolved rapidly. Whether through timing, value, or a bit of luck, I was soon leading the Offensive Security team, managing multiple concurrent engagements and ensuring risks were clearly articulated to stakeholders in a way that enabled real action.

As the business grew, Ctrl established a Security Operations Centre – later maturing into our Risk Operations Centre (ROC). Alongside leading the Penetration Testing team, I took on leadership of the Security Analysts, supported pre-sales conversations, served as the primary Security Engineer for newly onboarded SOC clients, and regularly briefed customers on emerging risks. It was a period of wearing many hats, but also full of momentum, growth, and testament to the talent within our teams.

Over time, as the organisation matured, I gradually stepped back from Penetration Testing to focus more on engineering, leading the SOC, and providing advisory support to key customer stakeholders such as CIOs and CISOs. Eventually this condensed into a dedicated advisory role across the ROC and the broader security landscape.

After several years in that space, I returned to lead the Risk Operations Centre. It’s been a huge seven-year journey, full of evolution, challenge, and growth, and I’m incredibly proud of the work we’ve done.

 

Q.  Tell us a bit about your role as Head of the Risk Operations Centre at Ctrl?

A. My role is all about ensuring our customers are continuously protected and supported in an ever-changing threat landscape. I oversee our internal IT risk management processes, making sure risks are identified early and that mitigation strategies are put in place.

A major part of my role is leading and mentoring a talented team of security professionals. I focus on fostering operational excellence, driving continuous improvement initiatives, and ensuring our team consistently delivers high-quality outcomes.

Collaboration is also central to what I do. I work closely with our internal teams, organisational leaders, security vendors, and key client stakeholders to maintain strong, transparent relationships. Our aim is always to operate as a true extension of our clients’ teams, not just another external provider.

I also serve as a key escalation point for major security incidents, ensuring swift resolution and minimal impact. Ultimately, my role is about creating a resilient, responsive, and proactive security function that supports and strengthens every organisation we partner with.

 

Q.  How do you guide executives and boards on cybersecurity maturity, and what gaps still hold organisations back?

A. Cybersecurity is now viewed as a core business function rather than a technical task or a compliance activity. It protects the assets an organisation relies on, and it requires the same level of strategic attention and investment as any other critical operation. Leaders are more engaged, risk conversations have matured, and boards increasingly recognise that resilience supports continuity, trust, and long-term performance.

The biggest gaps appear in consistency and long-term planning. Many organisations stay reactive, driven by what feels urgent instead of what is genuinely important. Cyber uplift is not a fixed destination. It relies on disciplined planning, steady investment, and a roadmap that strengthens capability year after year. Without that sustained approach, teams remain in a cycle of firefighting rather than building resilience that endures.

 

Q. Have there been any standout moments at Ctrl that made you stop and think, “This is why I do what I do”?

A. For me, the standout moments often come after the incident is over, when I see the team operating at their best under pressure, growing in confidence, and supporting each other to resolve something that could have seriously impacted a client. Watching individuals step up, apply their skills, and make a measurable difference reminds me exactly why I do this. It’s those real-world moments where expertise, teamwork, and purpose align.

 

Q. What excites you most about the future of cybersecurity and Ctrl’s role in it?

A. The pace of innovation, especially in automation, detection engineering, and AI-assisted analysis. It is creating new opportunities to strengthen security without adding unnecessary complexity.

As for Ctrl’s role in it, it’s that we’re uniquely positioned to help organisations navigate this transition. We see threats across multiple industries, we understand patterns at scale, and we can translate that intelligence into actionable protection for every client we support. As the threat landscape evolves, our ability to combine human expertise with advanced tooling means we’re not just reacting to change, we’re shaping what modern cyber resilience looks like in Australia.

 

Q.  What can we catch you doing when you’re not working?

A. When I’m not working, you’ll often find me diving headfirst into a renovation project, usually with ambitious goals that end up taking more time than I planned! I’ll happily spend hours watching tutorials and learning the skills I need to get the renovation done. Outside of that, I love spending quality time with my family, friends, and our baby boy, making memories and enjoying life together.

 

Q. What does Cyber Together mean to you?

A. To me, Cyber Together is about recognising that cybersecurity isn’t something any one person can do alone. It’s a team effort, working closely with colleagues, business units, and various stakeholders to keep organisations safe.

 

From early curiosity to leading one of Ctrl’s most critical functions, Kosta’s journey reflects a genuine love for the craft of cyber. Beloved by colleagues and clients alike, he has forged strong, enduring relationships in his time at Ctrl. His journey is marked by growth over the years and long-term commitment.

Read more Ctrl In Focus Q&A’s here ↗