Sign in

Real Name: Logan. Chief Sentence Officer (CSO). Aspiring CIO. Cybersecurity Entertainer, Writer & Presenter. Humanity, not machinery. Empathetic & altruistic.

On July 12, 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cybersecurity Incidents Maturity Model to keep pace with the current threat landscape. The new model is thorough in addressing omissions from previous versions. While the eight strategies remained the same with minor tweaks to names (like changing ‘Daily Backups’ to ‘Regular Backups’ and previously changing ‘Application Whitelisting’ to ‘Application Control’), the controls are more granular, covering more ground.

Overall, I am quite chuffed with the changes and look forward to helping your business implement the Essential Eight to keep pace (and maybe even…


Keeping you applications up to date is a great way to secure your investments

On July 12, 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cybersecurity Incidents Maturity Model to keep pace with the current threat landscape. The new model is more cohesive, thorough and addresses many key omissions from previous versions. As further proof that stagnation equals vulnerability, I am delighted with the changes, and I think you will find tremendous value in implementing the Essential Eight in your organisation.

We were inevitably following a path of mandatory implementation of the Essential Eight, especially if you conduct business with the government, particularly at the federal level, in…


The Australian Cyber Security Centre has updated its Essential Eight Maturity Model

It’s hard to argue against my passion for cybersecurity and by extension, how much respect and appreciation I have for the Australian Cyber Security Centre (ACSC). I have long sought their advice and counsel on matters ranging from the mundane to the critical and all points in between. When the ACSC updated their long-standing “ASD Top 4” to the “Essential Eight” back in 2017, I was delighted to have a foundation upon which to build a wholly Australian cybersecurity framework.

Indeed, while not a behemoth like the NIST Cybersecurity Framework, or universally known as ISO 27001, the ACSC Strategies to…


Image Source: Pexels

System monitoring is something we all do, but something few of us do well. Whether it’s the sheer volume of systems we’re responsible for, the unrelenting flood of data systems generate, or the ability to “separate the wheat from the chaff”, monitoring your systems is a frightening element of IT operations.

Sometimes, it is a lack of “eyes on glass” reviewing and interpreting findings, but often it’s the overwhelming amount of security event information organisations face. Just five minutes by an average user logging on, opening their email, browsing the web, and editing a file can generate hundreds if not…


Photo by Christine Roy on Unsplash

These three terms confuse businesses and individuals alike, and often their very mention is akin to being challenged to a duel between those seeking a service and those wishing to fill that requirement. Unfortunately, unlike olden times, a winner rarely emerges from the inevitable verbal sparring that ensues. The global, always-on economy underpinned by many “as a service” (or XaaS) offerings that traverse traditional air, sea, and land borders further fuel this debate, leading to some heated exchanges.

I think it is fair to say that the three terms become interchanged so much that their individual and true meanings are…


Photo by bert brrr on Unsplash

No matter how much money and time you spend on trying to avoid and prevent a cybersecurity incident, it is inevitable that one will occur. Our mindset must be “when” and not “if” because it really is just a matter of time before something happens, whether it is our fault or not. When I was learning to ride motorcycles, I learned that there are only two types of riders: those that have crashed and those that are going to crash.

The difference is preparedness, and we tend to spend too much time and money focusing on the “before” of an…


Photo by Michael Dziedzic on Unsplash

We hear endlessly about how we must keep our systems up to date with the latest, stable versions of applications and the most current security patches available. Indeed, nearly every security framework, standard, and set of mitigation strategies mention patching and updating in some format. Some businesses exist solely to provide patch management solutions and procedures, and these are often cornerstones in managed services offerings.

Even the Australian Cyber Security Centre (ACSC) Essential Eight includes two strategies that revolve around patching, including operating systems and applications. …


Photo by Greg Bulla on Unsplash

It is not a secret that I’m not a fan of Social Media of any description, but the one platform I used daily for 15 years was the professional networking site LinkedIn. Initially signing up in 2006 and, over time, cultivating my profile and connections like a well-manicured garden, I felt LinkedIn was a solid foundation upon which to build my online presence.

Over the past few years and the last 12 months, that well-manicured garden has all but died. My virtual plants are in a state of despair despite my best efforts to maintain them. …

Digitally Vicarious

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store