Blog

2026-06-10

PSPF, ISM, Essential Eight. I finally got these three straight.

Three Australian government cyber frameworks that are easy to run together. What each one is, how they differ and how they stack, without the jargon.

2026-06-05

Risk management is risk management

I have spent most of my career managing risk on delivering projects and products. When I built a security risk assessment and register for cirmp AI, the SOCI Act tool I am building, it was the same structure, with more rigour and higher stakes. Here is what carries over, what is different, and a blank template you can use either way.

2026-06-04

Start with the basics. Australia's 6 Cyber Security Principles.

In delivery, the big problems almost always trace back to skipped basics. Cyber security is no different. I keep coming back to Australia's six cyber security principles, so here they are in plain English.

2026-06-02

Compliance once a year, or always on?

Most CIRMP compliance is a once-a-year scramble. A consultancy parachutes in around June, builds the annual report by hand, the board signs it, and it goes quiet until next year. But the obligation was never the report. It was the program underneath it. Here's what the report actually has to say, and why continuous beats the scramble.

2026-05-28

I asked the wrong question about supply chain under SOCI.

I thought supply chain meant our IT vendors. The usual suspects, Snowflake, Okta, AWS, the SaaS list. WRONG. It's anyone whose failure could break the asset. Same hospital, much wider attack surface. Here's how I found out.

2026-05-25

I asked the wrong question about the SOCI Act.

I thought one company sat in one SOCI sector. I had it wrong. The Act scopes each asset a company runs, not the company, so one hospital can sit in two sectors at once. Here's how I found out.

2026-05-11

AI-enabled agile delivery: twenty agents, ready to fork.

From the daily standup to the leadership table. The repo has every build spec. The hard half is the culture honest enough to use them.

2026-05-06

Taj Khatoon. The Crown Lady.

My mother. Taj Khatoon. 1956 to 2023. What I learned the day I carried her to her grave, and what I want to beg you while you still have yours.

2026-05-04

I have never called myself a Cybersecurity person. But I keep coming back to it.

Australia's SOCI Act covers eleven sectors that keep this country running, and CIRMP is the regime that lands on every Group CISO who runs one of them. I have been reading about this for a while now, and here is what is in it.

2026-05-02

Make your standup a planning event again

The Daily Scrum was supposed to be a planning event focused on the Sprint Goal, not a round-the-room status meeting. Two agents and a little discipline give a team back the meeting the Scrum Guide actually describes.

2026-04-30

A team I keep dreaming about

A high-performing, AI-native delivery team is buildable today. The shift that matters is AI in the operating model and a culture honest enough to use it.

2024-06-02

Your future best mate - AGI?

What is AGI, are we there yet, and how far off we are from a future where your best friend might be an algorithm, without the sci-fi panic.

2024-05-28

Gemini apps activity

What Google's Gemini Apps Activity setting does, why human review of prompts matters, and how to think about turning it off.

2024-05-23

Men don't cry (Mental health)

Toughen up, mate, and so Jake did. A short story of invisible illness, rural Australia, and the cost of silence.

2024-05-21

Improve model for everyone

What ChatGPT's Improve model for everyone setting actually does, why privacy still matters if you think you have nothing to hide, and how to disable it.

2024-05-14

A soul's journey

From the realm of souls to eternity, exploring stages of a human soul's journey and guidance on Heaven as an eternal home.