Peter Cooper

Peter Cooper is the Group Information Risk Manager with Woolworths Ltd, a role he took up in October, 2007. His role includes security, change management, project risk and quality, PCI compliance, IT Project Governance and risk awareness.

Woolworths is a premier Australia company, which is pre-eminent in the retail market. With over 190,000 staff in more 3,000 locations around Australia, New Zealand, China & India, it faces significant challenges in managing security in a timely, consistent & cost-effective manner.

Whilst traditionally a grocery chain, it is now also a dominant force in general retail, consumer electronics, liquor, petrol and most recently in the home improvements sector. By any measure it is one of the largest companies in Australia: it takes 11% of credit card transactions each year; & is on the Attorney General's list of critical national infrastructure.

In 2008, it made its entrance into financial services by launching the Every Day Money credit card and the Every Day Rewards loyalty program, followed last year by the launch of the a frequent flyer program, as a joint venture with Qantas, and also introduced the Everyday mobile phone.

Prior to Woolworths, Peter spent 10 years as the Senior Manager, System Security at the Reserve Bank. His role there encompassed IT security, change management, project office and IT governance.

His earlier career included long stints at the Commonwealth Bank, Chase AMP Bank, and lastly Macquarie Bank.

He has worked in IT in the finance sector for over 30 years covering a range of areas including programming, systems analysis, systems programming, and IT audit.

AusCERT2012 Executive Program Presentation

Cyber Crime Investigation and Prosecution Case Study

In December, 2008, Woolworths operations at its primary distribution centre in NSW were paralysed for more than 12 hours, when the main system controlling its inventory and stock distribution was subject to on-going data corruption.

Susbequent investigation revealed that the corruption was caused by unauthorised code in an enquiry program, which was triggered to execute only after a certain date.

This began a 2 year investigation and ultimately successful prosecution of an ex-employee who had left a "time bomb" in the system, timed to activate after he had left the company.