CultureCategory

As a manager or an employee, no matter what company you are in, I am sure you have experienced poor processes which are also not followed. People often go off and do their own thing – but why does this happen? I will explore why companies have poor process, also… Continue Reading Poor process, also not followed

Here is an interesting perspective to apply to your employees’ acceptance of AI in their work – consider AI is a junior work colleague that every employee has at their disposal. With the roll-out of new AI capabilities and agents, there is often push-back from employees who fear that their… Continue Reading AI is a junior colleague

This article outlines a strategic roadmap for organisations beginning on their digital transformation journey. It walks through the key phases – assessment, goal setting, pilot testing, scaling and covering cultural change and compliance – offering insights into aligning technology adoption with long-term business objectives. It emphasises change management and stakeholder… Continue Reading Digital Transformation Roadmap: From Legacy to Innovation

In my recent theme of breaking common cybersecurity myths, I have been revealing some commonly held beliefs that even cybersecurity professionals will stand by. Today, I will look at the “most common passwords” and challenge whether they really are as common as we are told. Most common passwords A quick… Continue Reading Cybersecurity Myths – people use bad passwords

For anyone working in Cybersecurity, it can be hard to convince your board to understand the issues, and to invest money or focus on Cyber Security issues. I have presented Cyber issues to multiple Boards, and here is my advice on how to get Boards to understand Cybersecurity issues –… Continue Reading Cybersecurity for boards – analogy to Health & Safety

Creation of good policies and procedures is an art that can be helped with some core advice. Policies are the backbone of how a business tells their employees how to act and react, and ensures consistency and productivity. A great company culture, a consistent vision and values, and compliance with… Continue Reading Creating good policies and procedures

On International Women’s Day, I am reminded of the need for diversity in the workforce, and want to pose the question of what does diversity mean to you? Diversity is not just the inclusion of other races, genders and backgrounds. More than just a blind quota of non-white, non cisgender,… Continue Reading What does diversity mean to you?

Terminology around privacy and security often will use the term “PII” – to refer to “Personally Identifiable Information”. However, PII in Australia is not a valid term – the definition by the OAIC is “personal information”, and it differs from the US term (from NIST) and the legal obligations around… Continue Reading PII in Australia and personal information

I have posted a few articles about different security standards and frameworks, such as PCI-DSS, The Essential 8, ISO27001, NIST and others – and in my experience, there are some organisations that focus on compliance instead of security. People desperately chase the dogma of maturity levels or complying with every… Continue Reading Focus on Compliance or Security?

As the world becomes more aware of cybersecurity risks and issues, company boards need to become more aware of the issues that cybersecurity poses for their businesses. However, it can be difficult for non-technical people to learn the new terminologies and concepts. The question still remains on how we educate… Continue Reading Educate Boards in Cybersecurity

It is a well-known adage in cybersecurity that there is a balance between usability and security – if you increase the security and control, you decrease usability. Conversely, to make a system user-friendly and easy to use, it has to be done at the cost of lowering security. This has… Continue Reading Challenging the balance between security and usability

Often misunderstood, but the concept of “design for failure” is now common in the lexicon of system design and business operations. When you design for failure, it is not because you want to fail – instead it is with the understanding that failures can and do happen, but you want… Continue Reading How to design for failures

There are many projects I have been involved with, where the product design or implementation has been driven by the need for reporting, analysis or compliance, but backend effectiveness does not equate to customer satisfaction, and businesses should be more aware of this in their product releases. A key example… Continue Reading Backend effectiveness does not equate to customer satisfaction

People have asked me about my leadership style, and as it is such a common question, I have decided to post it here. People recognise that I am passionate, and I lead through inspiration and desire to achieve the strategic goals. I am a positive and passionate person who motivates… Continue Reading My leadership style

Solving problems often takes a completely new viewpoint over what the problem actually is. There have been many recent studies and trials of working weeks durations, including a successful trial at Microsoft for a 4-day week that increased productivity. However, I have a different idea to solve the problem: changing… Continue Reading The new week – 5 on, 5 off

Issues arose with using VPN servers when workforces expanded and scaled up. VPNs were built around a model where IT administrators distributed the devices employees used so they knew the network, device, and person. But remote work changed everything.    As the workforce expanded globally and added contractors along with… Continue Reading VPNs and Zero Trust

It is human nature to try and avoid mistakes and the embarrassment of failure, after all, it is educated in to use to avoid mistakes through “operant conditioning“, but it is important to take a policy of embracing mistakes in cybersecurity, to avoid people trying to hide times when they… Continue Reading Embracing mistakes in cybersecurity