This week, I took part in a roundtable discussion hosted by Home Affairs on uplifting the cyber workforce.
One idea that came up several times was that the industry could benefit from a clear Cyber Skills Framework that employers, universities, TAFEs, graduates, and professionals could all align on.
Continue reading →
This week, I joined a roundtable discussion on Active Defense - a topic I’ve explored before and even wrote a paper about back in 2016. It’s been some time since I revisited it, so I decided to spend a couple of hours mapping out my current mental model and sharing my thoughts publicly.
Continue reading →
Everyone says Australia’s cybersecurity education system is broken. It isn’t — it’s doing exactly what it was built to do.
It absorbs public money, recycles empty promises of “shortages,” and rewards those who protect the illusion, not those who produce talent. I’ve spent a decade inside this system - meeting with universities, TAFEs, and government-funded organizations - and have watched ideas that could have lifted national capability disappear into bureaucracy or self-interest.
The Real is that this isn’t failure; it’s function. The system was never designed to create world-class practitioners. It was designed to sustain itself.
Continue reading →
Imagine you are part of a cybercriminal gang, deciding which region of the world to target next. Australia has always been lucrative, but now there’s talk of a new national cybersecurity strategy. Could this change the game? You start digging. The documents are public, so you read them closely, asking: does this strategy raise the risks for us, push us elsewhere, or reassure us that Australia is still open for business?
Continue reading →
Nothing says “we’re here to help small businesses” quite like charging $95 to read the rules - and threatening to sue if you share them. This is the story of how one closed standard gave birth to an open-source revolt that refuses to play by its rules.
Continue reading →
ACN’s State of the Industry 2024 report states that “69 per cent of businesses have experienced a ransomware attack” (p. 21 and 27).
This is obviously an error – 1,837,468 Australian businesses were not hit by ransomware in 2024 or ever. Yet, this error is now ironically being repeated:
The Information Age writes “Of the 69 per cent of businesses hit by ransomware in the past five years, the ACN observed a staggering 84 per cent opted to pay the ransom” and “the average ransom payment climb to $1.35 million” omitting to think this would have cost the Australian economy upwards of 2 trillion dollars and no one noticed.
Tech Business News writes “69% of businesses hit by ransomware in 2024” failing to conclude that this would amount to 5034 ransomware incidents per day.
Marty McCarthy from LinkedIn writes “69% of businesses hit by ransomware last year”.
Jason Murrell writes “69% of Australian businesses hit by ransomware[.] 84% paid… average payment? $1.35M!”
Continue reading →