エピソード

  • Navigating the PSPF 2024 Updates: Expert Insights with Kat McCrabb and Toby Amodio
    2024/11/20
    Episode Summary

    In this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.

    Timestamps

    01:27 - What is the PSPF? Toby explains the framework

    03:07 - Kat discusses the biggest changes in the PSPF 2024 updates

    04:20 - Challenges with IRAP assessments: time, cost, and limited assessors

    06:18 - When are IRAP assessments required? Clarifications

    08:13 - Changes in PSPF domains: splitting information and technology

    10:08 - Implications of the changes for reporting and governance

    12:15 - Comparison with NIST framework and governance considerations

    13:38 - Issues with self-attestation and insights from ANAO reports

    15:09 - Strategies for improving reporting and assessments in agencies

    17:36 - Managing legacy IT systems under the new PSPF requirements

    18:52 - Key takeaways and final thoughts from Kat and Toby

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    21 分
  • Securing the API Frontier: Insights from Anand Rai on Modern Cybersecurity Challenges
    2024/11/06
    Episode Summary

    In this episode, Cole Cornford speaks with Anand, an API security expert at Traceable AI with over 18 years of experience in crafting innovative IT solutions. Anand's expertise spans API design, microservices architecture, cloud technologies like Kubernetes and AWS, and security architecture including IAM and OAuth. Together, they delve into the critical importance of API security in today's digital landscape, discussing why traditional web security measures are insufficient, lessons learned from incidents like the Optus breach, the challenges of managing API inventories, and how AI and machine learning can enhance security practices. Anand also shares his experience writing a book during the pandemic and the value of continuous learning. This episode is packed with insights on modern application development, cybersecurity, and plenty more.

    Timestamps

    4:20 - Understanding API security challenges

    9:30 - The role of AI in API security

    16:55 - The importance of API inventory management

    24:00 - The business impact of API security

    28:00 - Cole & Anand discuss books & writing

    34:00 - Current state of API security in Australia

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    40 分
  • Secure Robotics: Exploring Safety, Trust, and Cybersecurity with Prof. Damith Herath and Adam Haskard
    2024/10/23
    Episode Summary

    In this episode, Cole Cornford speaks to two guests on the topic of robotics: Damith Herath, a Professor at the University of Canberra, and Adam Haskard, co-founder and Director of Bluerydge, a Canberra-based cybersecurity and technology firm. Together, Damith and Adam are conducting research into Secure Robotics, an emerging field of study that addresses the intersection of robotic safety, trust, and cybersecurity. In their conversation with Cole, they discuss the growth opportunities for robotics, how someone interested in the field could pursue a career in robotics, potential risks of the common household vacuum robots, and plenty more.

    Timestamps

    2:00 - Robotics: definitions & applications

    8:45 - The intersection of robotics & cybersecurity

    10:00 - Trust & safety in robotics & cyber

    15:00 - Emerging risks in robotics

    18:40 - The role of cybersecurity in robotics

    20:30 - Regulation and innovation in robotics

    40:00 - Growth opportunities for robotics

    29:00 - Future of robotics & AI

    32:00 - Career pathways into robotics

    39:00 - Rapid fire questions

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    46 分
  • Open-Source Software: Balancing Innovation and Security with Ilkka Turunen, CTO of Sonatype
    2024/10/09
    Episode Summary

    Ilkka Turunen is the CTO at Sonatype, a company that helps millions of software developers use open-source software while minimising security risk. In this conversation, Ilkka chats with Cole Cornford about the benefits and risk of using open-source software, how Maven helped standardise software development processes, the different approaches to AppSec regulation in Australia and Europe, and plenty more.

    Timestamps

    1:33 - Ilkka's career background

    4:00 - Varying quality of open-source software

    6:10 - How Maven helped standardise software development processes

    13:00 - The balance between speed of delivery & quality

    17:00 - Importance of environment parity in software dev

    21:40 - Risk of using 3rd party code in software

    25:10 - Regulation of AppSec in Australia vs Europe

    32:10 - How new European software security regulations will be enforced

    35:00 - Recommendations for compliance with European regulations

    39:00 - Rapid fire questions

    Mentioned in this episode:

    Call for Feedback

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    46 分
  • Building Cybersecurity Culture: Marketing, Awareness, and Diversity with Daisy Wong
    2024/10/02

    Summary

    Daisy Wong is the Head of Security Awareness at Medibank, as well as a disability advocate. Originally from a marketing background, Daisy gained experience in the cybersecurity industry working as part of penetration teams, before making her way into the security culture and awareness space.

    In her conversation with Cole Cornford, Daisy discusses using the tools of marketing to educate people on cybersecurity, what are the hallmarks of a good security culture and awareness program, and the importance of diversity in cybersecurity.

    Timestamps

    4:00 - Daisy's transition from marketing to cybersecurity

    8:10 - The importance of security culture and awareness

    11:00 - Building effective security awareness programs

    14:15 - The role of diversity in cybersecurity

    17:00 - Strategies for inclusive hiring practices

    19:40 - The power of communication in security awareness

    23:20 - Creative approaches to security awareness campaigns

    31:45 - Daisy's personal perspective on the importance of diversity

    43:40 - Rapid fire questions

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    47 分
  • From Physics to Cybersecurity: Antonio Deliseo’s Journey from Goldmines to Telstra
    2024/09/11

    Summary

    Antonio Deliseo has been in the information security industry for decades. Currently working at Telstra, Antonio has enjoyed a long and winding career path and has plenty of stories and insights to share as a result. In this conversation with Cole Cornford, Antonio discusses how he got started in his career studying physics, overseeing cybersecurity at a goldmine, how to advocate for cybersecurity within a large organisation, and plenty more.

    Timestamps

    1:40 - Antonio's career background

    3:30 - Advantages of coming from a non technical background

    8:30 - Stories from Antonio's early career working at a goldmine

    14:00 - How Antonio moved into the GRC space

    17:30 - The role a board of directors plays in cybersecurity

    20:00 - Cybersecurity is less like IT, more like gambling or insurance

    25:30 - Calculating the cost of a breach in dollar terms

    30:30 - How to advocate for cybersecurity as a CISO

    40:00 - Cybersecurity often seen as unaffordable by small businesses

    42:30 - Pros & cons of networked technology

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    46 分
  • Security Done Right: Ben Gittins on the Case for Generalists and Long-Term Solutions
    2024/08/28
    Summary

    Ben Gittins is the Principal Security Engineer at Bugcrowd, one of the world's best bug bounty platforms. Ben has previously worked as a Senior DevSecOps Engineer at Canva, as well as DevSecOps Lead at SecureStack.

    In this conversation with Cole Cornford, Ben shares his belief that cybersecurity needs more generalists, how coding and AppSec have changed over time, whether cybersecurity qualifications are overrated, and plenty more.

    Timestamps

    3:50 - Why is Aus cybersecurity lagging behind?

    9:50 - Over-reliance on purchasing cybersecurity products

    14:40 - We ask too much of our AppSec professionals

    19:00 - How App development & cybersecurity have changed over time

    24:00 - "Greenfield projects" are often not realistic

    28:20 - How to bring new people into the AppSec industry

    32:00 - Importance of communication skills

    38:20 - Cybersecurity qualifications are overrated

    43:00 - Rapid fire questions

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    47 分
  • AI-Driven AppSec: Shan Kulkarni on Nullify, Hiring Challenges, and the Future of Cybersecurity in Australia
    2024/08/14

    Summary

    Shan Kulkarni is the co-founder and CEO of Nullify, a product designed to augment AppSec teams with AI agents capable of carrying out multiple levels of product security work autonomously. Prior to Nullify, Shan worked in roles such as Cloud Operations Lead at UNSW Redback Racing, and Cloud Security Engineer at CMD Solutions Australia.

    In this conversation with Cole Cornford, Shan discusses the challenges of starting a business, and in particular the challenges of hiring, the state of AppSec in Australia, what the future might hold for the industry, and plenty more.

    Timestamps

    1:30 - Shan's career background

    5:30 - Why AppSec is so often inefficient and expensive

    9:00 - Bigh tech has a monopoly on AppSec talent

    12:30 - Shan's journey from consultant to founding a company

    15:40 - Biggest mistakes when starting a business

    19:20 - Selling products/services to devs is extremely difficult

    25:00 - Where Shan sees AppSec going

    28:00 - Consolidation of security products

    32:00 - What security leaders are struggling with: visibility

    34:00 - Rapid fire questions

    Mentioned in this episode:

    Call for Feedback



    This podcast uses the following third-party services for analysis:

    Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
    続きを読む 一部表示
    38 分