In Australia’s National Interest - Security of Critical Infrastructure

When employees leave, it is often treated as a process — access removed, systems closed, the relationship ended.
But for people, it is a moment of change.
A shift in identity, status and direction — shaped by how that experience is perceived.
At the same time, for organisations, this is often when risk is most concentrated. Knowledge remains. Relationships continue. And control begins to reduce.
So what really happens to trust at the point of exit?
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory explore why exit and post-employment risk are often overlooked — and why how organisations manage people at this moment can shape what happens next.

Insider threat is the misuse by a trusted person of privileged access to, or influence over, assets and operations.  The trusted person’s actions may be unintentional, or their actions may be intentional.  In either instance the harm caused can be the same.  But to become an ‘insider’ a person has to be granted admission.
Australian media reported in April 2026 that an employee of the New South Wales Treasury had been charged for allegedly downloading over five thousand government documents.
In this podcast, Pentagram recounts the public information about the case and explores insider threat issues which the case highlights.

Insider threat is the misuse by a trusted person of privileged access to assets and operations.  The trusted person’s actions may be unintentional or they may be intentional.  In either instance the harm caused can be the same.
Organisations make a choice to grant trust to a person when they decide to employ them.  But the pre-employment screening process is really a point-in-time security check which would reject candidates with any obvious security risk attributes.  However, real risk occurs once a person is employed, is inside the organisation, and is often trusted by default. If an organisation does not have appropriate measures in place to observe and evaluate employees then they maximise the risk of insider threat activity.
This risk is often exacerbated where organisations rely heavily on initial screening and trust-based models, without implementing mechanisms for continuous monitoring of behaviour and access.   In such environments, abnormal activity may go undetected because there is no established baseline against which to assess deviations.

In this podcast Pentagram Advisory explores the insider threat case of a lawyer employed by the New South Wales Director of Public Prosecutions.

In March 2026, the Commonwealth Government published the Independent Review of the Security of Critical Infrastructure Act 2018. The intent of the Review, conducted by Dr Jill Slay between November 2025 and January 2026, was to assess whether Australia's Security of Critical Infrastructure Act 2018 (SOCI Act) is achieving its intended objectives, functioning as intended, and is not producing unintended consequences.
 
In this article, Pentagram Advisory Pty Ltd (Pentagram) will provide excerpts of the Review and also comment on components of the Review that Pentagram considers to be of most interest to Pentagram’s SOCI client entities and to our Community of Practice.

The recent fire at Viva Energy’s Geelong refinery has been widely reported as an industrial incident. But what does it reveal about Australia’s broader vulnerability when disruption occurs at nationally critical assets?
In this episode, we move beyond cause and examine consequence — exploring how disruption to a single node in a highly concentrated and globally dependent system can have cascading effects across the economy.
Ukraine has shown us what sabotage and disruption of critical infrastructure really look like. In the years leading up to Russia’s full-scale invasion in 2022, fires, explosions, cyber attacks and supply chain disruptions were often treated as isolated events — many ambiguous at the time, and later attributed to acts of sabotage linked to Russian state activity.
What becomes clear, over time, is the pattern.
Disruption rarely arrives as a single, decisive event — it emerges through a series of smaller incidents that only later form a recognisable and strategically significant pattern.
Events like the Geelong refinery fire may be very different in nature — but they highlight how disruption at critical nodes can have broader consequences. Australia’s fuel system is not immune to these dynamics.
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory examine what these patterns mean for Australia’s critical infrastructure — and why organisations must shift from a compliance mindset to one focused on assurance, resilience, and understanding their true points of vulnerability.