Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – I’m not a target

Creation of good policies and procedures is an art that can be helped with some core advice. Policies are the backbone of how a business tells their employees how to act and react, and ensures consistency and productivity. A great company culture, a consistent vision and values, and compliance with… Continue Reading Creating good policies and procedures

Yesterday, there was a world-wide incident that affected computers running CrowdStrike Falcon, where there was a conflict between the vendor’s anti-malware protection and the Windows sensor, resulting in a BSOD and unresponsive computers. This is a major incident that was effectively the effective impact as we were expecting from the… Continue Reading Lessons from the CrowdStrike incident

On International Women’s Day, I am reminded of the need for diversity in the workforce, and want to pose the question of what does diversity mean to you? Diversity is not just the inclusion of other races, genders and backgrounds. More than just a blind quota of non-white, non cisgender,… Continue Reading What does diversity mean to you?

Terminology around privacy and security often will use the term “PII” – to refer to “Personally Identifiable Information”. However, PII in Australia is not a valid term – the definition by the OAIC is “personal information”, and it differs from the US term (from NIST) and the legal obligations around… Continue Reading PII in Australia and personal information

The English journalist Louis Theroux has a reputation for interviewing “difficult” and unusual people and subcultures, and getting a large amount of information and knowledge from people who otherwise do not open up to outsiders. The techniques and patterns that he uses to get people to open up are methods… Continue Reading Get information the Louis Theroux way

What is your strategy for patching and updates? Whilst it might be tempting to just leave your systems on auto-update, the alternative to manually delay updates to always be one behind the latest (also known as an N-1 update strategy), may also be a problem. Updates and patching of software… Continue Reading N-1 update strategy

With the ever-increasing levels and frequency of attacks and impact, businesses of all sizes should consider specific cyber insurance. However there are some Cyber Insurance myths that need to be dispelled. Myth #1 – My other insurance will cover me Unless your other insurance specifically covers cyber events, you are… Continue Reading Cyber Insurance myths

The Australian Cyber Security Centre, working alongside the Australian Signals Directorate (formerly Defence Signals Directorate) created a list of eight essential mitigation strategies to act as a baseline for cybersecurity. These are very much basic and essential measures, and they are an absolute minimum. As a cybersecurity professional, these are… Continue Reading What is wrong with the Essential 8?

It is a well-known adage in cybersecurity that there is a balance between usability and security – if you increase the security and control, you decrease usability. Conversely, to make a system user-friendly and easy to use, it has to be done at the cost of lowering security. This has… Continue Reading Challenging the balance between security and usability

In times where you need to run through your BCP drill, it is important to know and understand the reasons why you need to exercise your Business Continuity Plan drill, and where it fits in with the rest of your Disaster Recovery Plan (DRP or DR Plan). Your BCP Drill… Continue Reading The BCP Drill

With the hack of Optus Telecommunications on 22 September 2022, where the personal information of up to 11.5 million Australians (nearly half of all people in Australia) was stolen, this has highlighted the need for cybersecurity reform in Australia. Unlike other countries, there are no mandated fines and penalties for… Continue Reading Cybersecurity reform in Australia

For your next system development, make the systems intuitive instead of spending time up-skilling people in potentially high turnover positions. Great customer interaction should be your focus, ahead of designing a system that meets your internal needs for audit and reporting. Too often systems are designed with customer and user… Continue Reading Make your new systems intuitive

Often misunderstood, but the concept of “design for failure” is now common in the lexicon of system design and business operations. When you design for failure, it is not because you want to fail – instead it is with the understanding that failures can and do happen, but you want… Continue Reading How to design for failures

There are many projects I have been involved with, where the product design or implementation has been driven by the need for reporting, analysis or compliance, but backend effectiveness does not equate to customer satisfaction, and businesses should be more aware of this in their product releases. A key example… Continue Reading Backend effectiveness does not equate to customer satisfaction

People have asked me about my leadership style, and as it is such a common question, I have decided to post it here. People recognise that I am passionate, and I lead through inspiration and desire to achieve the strategic goals. I am a positive and passionate person who motivates… Continue Reading My leadership style

Solving problems often takes a completely new viewpoint over what the problem actually is. There have been many recent studies and trials of working weeks durations, including a successful trial at Microsoft for a 4-day week that increased productivity. However, I have a different idea to solve the problem: changing… Continue Reading The new week – 5 on, 5 off