Secured is the podcast for software security enthusiasts. Host Cole Cornford sits down with Australia's top software security experts to uncover their unconvent...
Navigating the PSPF 2024 Updates: Expert Insights with Kat McCrabb and Toby Amodio
Episode SummaryIn this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.Timestamps01:27 - What is the PSPF? Toby explains the framework03:07 - Kat discusses the biggest changes in the PSPF 2024 updates04:20 - Challenges with IRAP assessments: time, cost, and limited assessors06:18 - When are IRAP assessments required? Clarifications08:13 - Changes in PSPF domains: splitting information and technology10:08 - Implications of the changes for reporting and governance12:15 - Comparison with NIST framework and governance considerations13:38 - Issues with self-attestation and insights from ANAO reports15:09 - Strategies for improving reporting and assessments in agencies17:36 - Managing legacy IT systems under the new PSPF requirements18:52 - Key takeaways and final thoughts from Kat and TobyMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
21:29
Securing the API Frontier: Insights from Anand Rai on Modern Cybersecurity Challenges
Episode SummaryIn this episode, Cole Cornford speaks with Anand, an API security expert at Traceable AI with over 18 years of experience in crafting innovative IT solutions. Anand's expertise spans API design, microservices architecture, cloud technologies like Kubernetes and AWS, and security architecture including IAM and OAuth. Together, they delve into the critical importance of API security in today's digital landscape, discussing why traditional web security measures are insufficient, lessons learned from incidents like the Optus breach, the challenges of managing API inventories, and how AI and machine learning can enhance security practices. Anand also shares his experience writing a book during the pandemic and the value of continuous learning. This episode is packed with insights on modern application development, cybersecurity, and plenty more.Timestamps4:20 - Understanding API security challenges9:30 - The role of AI in API security16:55 - The importance of API inventory management24:00 - The business impact of API security28:00 - Cole & Anand discuss books & writing34:00 - Current state of API security in AustraliaMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
40:12
Secure Robotics: Exploring Safety, Trust, and Cybersecurity with Prof. Damith Herath and Adam Haskard
Episode SummaryIn this episode, Cole Cornford speaks to two guests on the topic of robotics: Damith Herath, a Professor at the University of Canberra, and Adam Haskard, co-founder and Director of Bluerydge, a Canberra-based cybersecurity and technology firm. Together, Damith and Adam are conducting research into Secure Robotics, an emerging field of study that addresses the intersection of robotic safety, trust, and cybersecurity. In their conversation with Cole, they discuss the growth opportunities for robotics, how someone interested in the field could pursue a career in robotics, potential risks of the common household vacuum robots, and plenty more.Timestamps2:00 - Robotics: definitions & applications8:45 - The intersection of robotics & cybersecurity10:00 - Trust & safety in robotics & cyber15:00 - Emerging risks in robotics18:40 - The role of cybersecurity in robotics20:30 - Regulation and innovation in robotics40:00 - Growth opportunities for robotics29:00 - Future of robotics & AI32:00 - Career pathways into robotics39:00 - Rapid fire questionsMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
46:10
Open-Source Software: Balancing Innovation and Security with Ilkka Turunen, CTO of Sonatype
Episode SummaryIlkka Turunen is the CTO at Sonatype, a company that helps millions of software developers use open-source software while minimising security risk. In this conversation, Ilkka chats with Cole Cornford about the benefits and risk of using open-source software, how Maven helped standardise software development processes, the different approaches to AppSec regulation in Australia and Europe, and plenty more.Timestamps1:33 - Ilkka's career background4:00 - Varying quality of open-source software6:10 - How Maven helped standardise software development processes13:00 - The balance between speed of delivery & quality17:00 - Importance of environment parity in software dev21:40 - Risk of using 3rd party code in software25:10 - Regulation of AppSec in Australia vs Europe32:10 - How new European software security regulations will be enforced35:00 - Recommendations for compliance with European regulations39:00 - Rapid fire questionsMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
--------
46:27
Building Cybersecurity Culture: Marketing, Awareness, and Diversity with Daisy Wong
SummaryDaisy Wong is the Head of Security Awareness at Medibank, as well as a disability advocate. Originally from a marketing background, Daisy gained experience in the cybersecurity industry working as part of penetration teams, before making her way into the security culture and awareness space. In her conversation with Cole Cornford, Daisy discusses using the tools of marketing to educate people on cybersecurity, what are the hallmarks of a good security culture and awareness program, and the importance of diversity in cybersecurity.Timestamps4:00 - Daisy's transition from marketing to cybersecurity8:10 - The importance of security culture and awareness11:00 - Building effective security awareness programs14:15 - The role of diversity in cybersecurity17:00 - Strategies for inclusive hiring practices19:40 - The power of communication in security awareness23:20 - Creative approaches to security awareness campaigns31:45 - Daisy's personal perspective on the importance of diversity43:40 - Rapid fire questionsMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
Secured is the podcast for software security enthusiasts. Host Cole Cornford sits down with Australia's top software security experts to uncover their unconventional career paths and the challenges they faced along the way.
Listen in as they share their insights on the diverse approaches to AppSec, company by company, and how each organisation's security needs are distinct and require personalised solutions.
Gain insider access to the masterminds behind some of Australia's most successful Software security teams on Secured by Galah Cyber.
This podcast uses the following third-party services for analysis:
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
Australia