Director

David Stocks

Director

David leads Germane Advisory and is passionate about making an impact in cyber security, privacy, and data/AI governance.

LinkedIn Profile

Profile picture of David Stocks

David leads Germane Advisory. He’s at his best bringing together teams of specialists in technology, forensics, privacy, law, and crisis management. David has more than ten years’ experience helping organisations prevent, prepare for, respond to, and recover from significant cyber security threats. He also has experience in adjacent fields like data management and privacy - particularly as they present in crisis situations.

Project experience

  • Leadership of major incident response engagements for some of Australia's most significant cyber security incidents, leading teams of investigators and working closely to support senior executive stakeholders during a time of crisis - from ransomware and cybercrime to state actor intrusions.
  • Designing and executing cyber due diligence engagements to identify red flag cyber security risks and issues at M&A targets.
  • Seconding into a Big Four bank's security team, David helped develop a four-year information security strategy, created board-level reporting, developed a NIST CSF aligned maturity model, and worked on methods to quantify the risk reduction impact of security investments. He also helped with the management of the security investment slate (security projects and initiatives).
  • Designed, developed, and facilitated lifelike cyber security crisis simulations for dozens of executive teams and boards, including multiple ASX20 companies.
  • Leading the successful effort to obtain security accreditation for a major project at a large federal government department, demonstrating compliance with hundreds of ISM controls linked to thousands of requirements and tests.
  • Development of post-incident reviews into major cyber security crises, including several that have been the subject of significant public media reporting.
  • Cyber security uplift roadmaps, costing, and initiative development - in the public and private sector.
  • Coordination of crisis response teams consisting of more than 80 people across technology, communications, business continuity, legal/privacy response, and victim support.
  • Security engineering roles focused on the implementation of cyber security products and capability (including 14 months in one financial services institution).
  • Delivering a new security detection and intelligence correlation platform and perform threat hunting using the new technology at major global conglomerate.
  • Work at dozens of organisations, including an issuing bank, to assess credit card security across business processes and PCI DSS compliance.
  • Leadership of dozens of other projects - from security strategies to detection & response capability development.

Education and certifications

  • Artificial Intelligence Governance Professional (AIGP), IAPP
  • GIAC Certified Incident Handler (GCIH), SANS
  • Certified Information Systems Security Professional (CISSP), ISC2
  • Certified Information Systems Auditor (CISA), ISACA (Expired)
  • SABSA Chartered Security Architect - Foundation, SABSA Institute
  • Microsoft Sentinel Level 400
  • Bachelor of Computer Science, Monash University
  • Bachelor of Arts (Hons 1A)

Conference participation

  • BSides Las Vegas (Presenter) 2023 (Attendee) 2016, 2017, 2018, 2019, 2022, 2024
  • AISA CyberCon Melbourne (Presenter) 2023, 2024 (Attendee) 2018, 2019, 2022
  • AISA CyberCon Canberra (Presenter) 2025
  • DEFCON (Attendee) 2016, 2017, 2018, 2019, 2022, 2023, 2024
About UsServicesInsightsCareers
TwitterInstagramLinkedIn
© Germane Advisory Pty Ltd. All rights reserved.Privacy PolicyTerms and Conditions