DC

CISO • Cyber, Risk & AI Governance

David Carroll

Turning complex cyber, privacy, and AI risk into clear outcomes that executives and boards can act on.

CISO for Jonas Software. Responsible for cyber security, information security, and AI governance across 35+ businesses in Australia, New Zealand, and Asia.

25+ years across enterprise governance, cloud security, incident response, forensics, and investigations.

More about me →

What I Do

AI Governance

Policy frameworks, automated risk assessment, and responsible adoption at scale.

Cyber Strategy

Security programmes that align with business objectives. Board and executive advisory.

M&A Due Diligence

Tech and cyber assessments for acquisitions. Post-acquisition security uplift.

Incident Response

Playbooks, tabletop exercises, and hands-on leadership when things go wrong.

25+

Years in Security

17+

Countries Operated In

Cyber, AI & Risk

Focus

Latest Writing

View all →
Healthcare Security 9 min read

Data Security Deep Dive: Cybersecurity Legal Obligations for Australian Medical Practices

A comprehensive guide to the specific cybersecurity and data protection laws affecting Australian healthcare providers, including Privacy Act obligations and mandatory breach notification requirements.

Incident Response 5 min read

Did You Know That Having an Incident Response Plan Can Protect Your Business?

Discover how a well-prepared incident response plan can help your business quickly address cybersecurity incidents and minimize their impact on your operations and reputation.

Compliance 5 min read

Did You Know That You Are Required to Report a Cyber Incident?

Understand your legal obligations for reporting data breaches, particularly if your business handles personal health information, and learn about the significant penalties for non-compliance.

Recent Speaking

View all →
conference March 2026

KSA — The Unfair Advantage

Kestral Software Academy 2026

Kestral Computing

workshop March 2026

Copilot 101 — Your AI Toolkit

Kestral Software Academy 2026

Kestral Computing

conference October 2025

Automating Trust — AI Use Case Risk Assessment at Scale

CSI IT Security Summit 2025

Toronto, Canada

Interested in working together or having me speak at your event?

Get in touch