Insights
Helping leaders make sense of technology and risk.
Practical perspectives for leaders navigating ICT complexity, cyber risk, and technology investment in Australian organisations.
Vendor Sprawl: How Many Tools Do You Really Have — and What Is It Costing You?
Most organisations don't decide to create a complex, bloated technology environment. It just happens — one tool at a time. The cost is broader than most realise.
Do You Actually Need an ICT Governance Committee — and How Do You Make Sure It Actually Works?
Most ICT Governance Committees don't fail outright — they stall. The problem usually isn't structure. It's that no one owns the governance layer itself.
What Does "Good" Look Like for MFA in 2026 — and Where Do Most Organisations Still Get It Wrong?
MFA has been around for years. Most organisations have "enabled" it. And yet in 2026, it remains one of the most common points of failure in real world security incidents.
AI and Your Organisation: Why It Won't Take Your Clients — But a Competitor Using It Might
AI won't replace your organisation. But competitors who modernise their technology and introduce AI thoughtfully will operate more efficiently and adapt faster. Over time, that gap becomes visible.
Thinking About a Cloud Migration? What Should You Modernise First — Apps, Identity, or Data?
Cloud migration is rarely a single decision. When it goes wrong, it's usually not because of the cloud itself — it's because the wrong things were modernised first.
Essential Eight Maturity: What It Actually Means for Your Organisation
The ACSC Essential Eight is widely cited, frequently misunderstood, and inconsistently applied. Here's what maturity levels actually mean — and why the framing matters more than the score.
ICT Review vs ICT Audit: What's the Difference and Which Do You Need?
Organisations often conflate ICT reviews and audits — but they serve fundamentally different purposes. Understanding the distinction will help you commission the right engagement at the right time.
Why Security Culture Matters More Than Controls — And How to Actually Measure It
Technical controls are necessary but not sufficient. The organisations with the strongest security outcomes are those where security is embedded in how people actually work — not just what systems are deployed.
What Does a "Current State ICT Review" Uncover That Internal Teams and MSPs Usually Miss?
Systems are running, users can log in, and when something breaks, someone fixes it. So why do organisations keep asking: "How did we not see this coming?"
Newsletter
Practical thinking, when it matters.
No noise. Periodic perspectives on technology strategy and cyber security for Australian organisations.
We only use your email to send new insights. Unsubscribe anytime.