A ‘cybersecurity profession’: what are we talking about?
The importance of cybersecurity to national prosperity and security ensures that it must become a profession. The question for cybersecurity practitioners is, ‘What sort of profession should it become?’
Defence middle managers decide department priorities don’t apply to them
Leaders need a new place to begin their analysis of the reform problem.
In our digital lives, privacy is expected, but trust is earnt
How I calculate and place trust when I’m in my skin seems to be different from how I trust when I’m digitised.
There are other factors at play for Australia’s cyber security strategy
There are other factors at play for Australia’s cyber security strategy.
Defence Enterprise culture: The most important capability
The total Defence Enterprise workforce is the delicate system at the heart of Defence capability. There’s no value in elevating one part to the exclusion or diminution of the others. If one fails, it all fails.
Why quiet quitting is a cybersecurity risk
Positive cybersecurity culture is built on a thousand small interactions, decisions and actions taken daily by individuals continually calibrating their contribution to and relationship with the workplace.
Transforming Defence and defence industry
There is a need to adopt an enterprise approach to supply chain resilience that reduces the risk of interference in the development and delivery of capability but also ensures sufficient depth in Australian industry’s capabilities and skills.
We want to build nuclear submarines, but what about everything else we have to build?
Generating and sustaining a shipbuilding industry in Australia is not a challenge for the Navy, Defence, or Industry alone. It is one part of a national challenge where a skilled workforce is an increasingly rare resource.
From awareness to behaviour change: The micro-foundations of cybersecurity culture
People, culture, and behaviour remain the core risk in cyber security assessments and post-incident analyses. How well do we treat the risk of human behaviour in cyber security?
From compliance to resilience: people, culture and information security
The human is both an asset and a liability in information security. Our information security culture often views humans with deep suspicion. How can we move security from compliance to resilience?
Training is not enough: changing information security culture and behaviour
How might we approach reshaping this culture such that people are a source of strength in information security? Security training is necessary but not enough.
Information security strategy: it’s turtles all the way down
Information security strategy, not technology, determines the maturity of an organisation's information security culture and behaviour.