In this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.

01:27 - What is the PSPF? Toby explains the framework

03:07 - Kat discusses the biggest changes in the PSPF 2024 updates

04:20 - Challenges with IRAP assessments: time, cost, and limited assessors

06:18 - When are IRAP assessments required? Clarifications

08:13 - Changes in PSPF domains: splitting information and technology

10:08 - Implications of the changes for reporting and governance

12:15 - Comparison with NIST framework and governance considerations

13:38 - Issues with self-attestation and insights from ANAO reports

15:09 - Strategies for improving reporting and assessments in agencies

17:36 - Managing legacy IT systems under the new PSPF requirements

18:52 - Key takeaways and final thoughts from Kat and Toby

Mentioned in this episode:

Call for Feedback

In this episode, Cole Cornford speaks with Anand, an API security expert at Traceable AI with over 18 years of experience in crafting innovative IT solutions. Anand's expertise spans API design, microservices architecture, cloud technologies like Kubernetes and AWS, and security architecture including IAM and OAuth. Together, they delve into the critical importance of API security in today's digital landscape, discussing why traditional web security measures are insufficient, lessons learned from incidents like the Optus breach, the challenges of managing API inventories, and how AI and machine learning can enhance security practices. Anand also shares his experience writing a book during the pandemic and the value of continuous learning. This episode is packed with insights on modern application development, cybersecurity, and plenty more.

4:20 - Understanding API security challenges

9:30 - The role of AI in API security

16:55 - The importance of API inventory management

24:00 - The business impact of API security

28:00 - Cole & Anand discuss books & writing

34:00 - Current state of API security in Australia

Mentioned in this episode:

Call for Feedback

In this episode, Cole Cornford speaks to two guests on the topic of robotics: Damith Herath, a Professor at the University of Canberra, and Adam Haskard, co-founder and Director of Bluerydge, a Canberra-based cybersecurity and technology firm. Together, Damith and Adam are conducting research into Secure Robotics, an emerging field of study that addresses the intersection of robotic safety, trust, and cybersecurity. In their conversation with Cole, they discuss the growth opportunities for robotics, how someone interested in the field could pursue a career in robotics, potential risks of the common household vacuum robots, and plenty more.

2:00 - Robotics: definitions & applications

8:45 - The intersection of robotics & cybersecurity

10:00 - Trust & safety in robotics & cyber

15:00 - Emerging risks in robotics

18:40 - The role of cybersecurity in robotics

20:30 - Regulation and innovation in robotics

40:00 - Growth opportunities for robotics

29:00 - Future of robotics & AI

32:00 - Career pathways into robotics

39:00 - Rapid fire questions

Mentioned in this episode:

Call for Feedback