"Startups die when people stop believing," says Vaughan Shanks, Co-Founder and CEO of Cydarm Technologies. In the engaging latest of Future Secured, hosted by Tom Finnigan and Jason Murrell, Vaughan opens up about the lessons he’s learned navigating the complex cyber security startup landscape. From the early days of fascination with public key cryptography to leading one of Australia’s most innovative cyber security companies, Vaughan shares his insights into resilience, growth, and the belief that sustains startups.

Key discussion points include:
- Resilience in entrepreneurship: "It’s often darkest before the dawn."
Scaling with strategy: Delivering value instead of just adding headcount.
- Navigating today’s funding dynamics: What’s changed in the post-COVID landscape.
- Political impact on cybersecurity: How regulations and government support shape the industry.
- Cydarm’s vision for 2025: Growth focused on expanding the customer base and refining their mission.
- Whether you’re a cyber security professional, an entrepreneur, or someone interested in the intersection of technology and resilience, this episode is full of actionable advice and industry insights.

Takeaways:
- Vaughan’s early fascination with public key cryptography set the course for his career.
- Transitioning from government to entrepreneurship shaped his unique leadership perspective.
- Startups thrive on resilience and belief—both internal and from stakeholders.
- Scaling a startup means prioritising value over just increasing headcount.
Post-COVID funding dynamics have reshaped opportunities in cybersecurity.
- The political landscape significantly impacts cybersecurity startups in Australia.
- Cydarm’s focus for 2025 is sustainable growth and expanding its customer base.

Sound Bites:
"Startups die when people stop believing."
"It’s often darkest before the dawn."
"Scaling isn’t about headcount—it’s about delivering value."
"We need more support from government to compete globally."
"Resilience isn’t optional—it’s foundational for entrepreneurs."
Chapters:
00:00 Introduction to Vaughan Shanks & Cydarm Technologies
02:53 Early Inspirations in Cybersecurity
05:56 Professional Experience and Transition to Entrepreneurship
08:59 Founding Cydarm: Lessons Learned
12:03 Resilience, Belief, and the Lifeblood of Startups
15:01 Sales, Marketing, and Building a Brand
17:54 Scaling Smartly: Growth Beyond Headcount
22:34 The Importance of Commitment and Mental Resilience
27:32 Sidearm’s Growth and Market Positioning
33:22 Cybersecurity’s Political Landscape and Funding Challenges
39:32 Strategic Goals for Cydarm in 2025

In this episode of Future Secured, hosts Tom Finnigan and Jason Murrell are joined by Kylie Watson, Head of Security – APJ MEA (Asia Pacific, Japan, Middle East and Africa) DXC Technology's, to explore the human side of cyber security and incident response. With over 30 years of experience spanning military service and consulting, Kylie shares her unique perspective on managing high-pressure incidents, addressing biases in decision-making, and fortifying critical infrastructure in the face of cyber warfare. From the challenges faced by SMEs to the pressing need for diversity in cybersecurity, this episode offers actionable insights for navigating the ever-changing digital landscape.

Takeaways:
Kylie Watson’s journey: Military background and decades of cyber security expertise.
Human factors: Understanding biases and their impact on decision-making in cyber incidents.
Foundations of cyber security: Basic practices are still under-implemented across industries.
Critical threats: Cybercrime and warfare demand protection of critical infrastructure.
SME focus: Practical guidance for small and medium businesses to build resilience.
VUCA model: Leveraging frameworks for decision-making under pressure.
Diversity matters: Female representation enriches cyber security perspectives.
Awareness is key: Training and preparation are essential to prevent and respond effectively.

Sound Bites:
"Cyber is a war game."
"Human biases play a huge role in how we handle cyber incidents."
"Small businesses often underestimate the real impact of cyber threats."

Chapters:

00:00 - Introduction to Cyber Security and Kylie's Journey
09:24 - High-Pressure Incident Response in Cyber Security
14:30 - Foundational Cybersecurity Practices
18:04 - The Fifth Frontier of War: Cybersecurity and National Security
23:32 - Human Biases in Cyber Incident Management
23:59 - Understanding Cybersecurity Threats for SMEs
24:56 - Decision-Making Under Pressure: The VUCA Model
30:25 - Increasing Female Representation in Cybersecurity
39:49 - Practical Cyber Security Tips for Small Businesses

LTGEN Michelle McGuinness, Australia’s National Cyber Security Coordinator, joins hosts Tom Finnigan and Jason Murrell and reflects on her first year in the role, sharing insights on the evolving cyber threat landscape, major legislative changes, and government-industry collaboration to strengthen Australia’s cyber defences.

The conversation highlights the importance of culture in cyber security, the challenges of engaging small and medium businesses, and why information sharing and national coordination must improve. McGuinness also discusses the Cyber Security Act, the need for practical support for businesses, and how building a resilient workforce with diverse talent is key to long-term national security.

With cyber threats evolving rapidly, the message is clear—Australia must move from playing catch-up to leading the charge.

Takeaways:
✔️ Cyber security is a national priority, not just an IT issue.
✔️ The Cyber Security Act is a major step forward in Australia’s cyber defences.
✔️ Cultural change is needed—cyber security must be as instinctive as workplace safety.
✔️ Small businesses are highly targeted—they need better tools and education.
✔️ Information sharing between sectors must improve to reduce national risk.
✔️ Workforce shortages are a growing challenge—diverse talent is key to solving them.
✔️ Public awareness campaigns are crucial—without engagement, policies won’t work.
✔️ Cyber security must be integrated into business decisions, not just compliance checklists.
✔️ Future strategies must focus on equipping businesses with real, actionable resources.

Sound Bites:
📢 “Cyber security is not just an IT problem—it’s a national security issue.”
📢 “The Cyber Security Act is a game-changer for Australia’s resilience.”
📢 “A vulnerability to one is a threat to all—we must act together.”
📢 “Small businesses are on the frontlines, and they need better support.”
📢 “We need to build a cyber security culture as strong as workplace safety.”
📢 “Diversity in cyber isn’t just about fairness—it’s about capability.”

Chapters:
00:00 – Introduction: Australia’s Cyber Security Landscape
02:35 – A Year in the Role: What’s Changed?
06:12 – The Cyber Security Act: Why It Matters
09:08 – From Awareness to Action: Changing the Culture
12:45 – Challenges for Small Businesses in Cyber Defence
15:30 – Why Information Sharing Must Improve
18:22 – Addressing the Workforce Shortage in Cyber Security
21:15 – Diversity in Cyber Security: More Than a Buzzword
24:30 – Looking Ahead: Priorities for Australia’s Cyber Future
27:10 – Final Thoughts: What Needs to Happen Next

In episode 10 of Future Secured, hosts Tom Finnigan and Jason Murrell sit down with Mark Jones, Senior Partner at Tesserent, to delve into the intricate world of cyber security and the challenges businesses face today.

They kick off by discussing the merger between Tesserent and Thales, which has opened up new avenues for cyber security initiatives in Australia.

Mark shares his expert insights on the Australian Cyber Security Strategy, highlighting the importance of collaboration between government and industry, and the pressing need for standardisation in cyber security practices.

One of the key focuses of the conversation is the vital support required for small and medium-sized businesses (SMEs) in their cyber security efforts.

Mark emphasises the need for SMEs to understand their cyber security risks and implement appropriate controls, shedding light on the profound impact a cyber attack can have on SMEs and the broader ecosystem.

The discussion explores the role of AI in cyber security. Mark outlines Tesserent's comprehensive approach to AI, including advisory services, secure design and implementation, and assurance.

He also stresses the critical importance of rehearsing incident response plans and the necessity of ongoing training and awareness.

Finally, Mark provides a glimpse into the future of cybersecurity, touching on supply chain risk, compliance, and the innovative projects in the pipeline for Tesserent and Thales.

Key Insights:
- The Merger's Impact: Discover how the merger between Tesserent and Thales is transforming Australia's cybersecurity landscape.
- Strategic Collaboration: Learn why collaboration between government and industry is crucial for tackling cybersecurity challenges.
- Standardisation Needs: Understand the importance of standardising cybersecurity practices to help businesses prioritise their efforts.
- SME Cybersecurity: Explore the unique challenges faced by SMEs and why supporting them is essential for a robust cybersecurity ecosystem.
- AI in Cybersecurity: Get insights into how AI is revolutionising cybersecurity and Tesserent's strategic approach to harnessing its power.
- Incident Response: Learn why rehearsing incident response plans and continuous training are key to effective cybersecurity.
- Future Trends: Uncover the upcoming trends in cybersecurity, including supply chain risk and compliance.

Sound Bites:
"This has been one of the best mergers, transitions, acquisitions that I've been part of."
"Building up plans and playbooks and exercising those has been something that's got a lot of interest."
"The offensive side of things around maturing that capability from just vulnerability scanning right up to much more adversary simulations and red teaming activities is something that's always there."
"They've got the same problems as big companies do just at a smaller scale."
"The knock on effect of a business going out of business has all their partners and other people in the crosshairs as well."
"Focus on the technology and the changes that are happening there and understand if that, the old confidentiality, integrity, availability equation if that was kind of impacted relative to the technology that's supporting your business and the business processes, what does that look like?"

Chapters:
00:00 - Introduction and Background
02:38 - The Merger Between Tesserent and Thales
08:31 - The Australian Cybersecurity Strategy
10:36 - Collaboration Between Government and Industry
21:19 - Supporting Small and Medium-Sized Businesses
23:04 - Challenges and Support for SMEs in Cybersecurity
24:22 - The Impact of Cyber Attacks on SMEs and the Broader Ecosystem
26:15 - The Role of AI in Cybersecurity
29:48 - Tesserent's Approach to AI in Cybersecurity
35:33 - The Importance of Rehearsing Incident Response Plans

"Deleting protects you. Reporting protects everyone." - Daisy Wong, Security Culture Expert.

In episode nine of Future Secured, hosts Tom Finnigan and Jason Murrell sit down with Daisy Wong, Security Culture and Awareness Lead at Flybuys, to uncover the often-overlooked human side of cyber security.

🌟 Daisy shares her insights on creating a great culture within cyber security organisations, emphasising the importance of diversity and inclusion.

This conversation is packed with actionable strategies and powerful anecdotes to help you transform your cyber security approach.

In episode nine of Future Secured, hosts Tom Finnigan and Jason Murrell sit down with Daisy Wong, Security Culture and Awareness Lead at Flybuys, to uncover the often-overlooked human side of cyber security.

🌟 Daisy shares her insights on creating a great culture within cyber security organisations, emphasising the importance of diversity and inclusion.

This conversation is packed with actionable strategies and powerful anecdotes to help you transform your cybersecurity approach.

Daisy Wong discusses her background and experiences in the cyber industry, sharing her passion for helping people understand cyber security.

She highlights the benefits of using storytelling and case studies to drive behavioural change, creating a positive cybersecurity culture. The episode delves into the challenges of diversity and culture in the cybersecurity field, exploring the need for collaboration between the security team and other departments. Daisy emphasises the significance of focusing on human risk management in cybersecurity, stressing that humans can be the strongest asset if given the time, effort, and investment.

Key Insights:
- Culture Eats Strategy for Breakfast: Learn why integrating organisational culture is crucial for effective cyber security.
- The Power of Storytelling: Discover how narratives and case studies can drive behavioural change and strengthen your security posture.
- Red Flags in Office Culture: Identify warning signs that could be compromising your organisation's cybersecurity efforts.
- Human Risk Management: Explore why investing in people might be your strongest cyber security asset.
- Balancing Act: Uncover the secret to effectively allocating resources between technology, processes, and people.
- Diversity in Cyber Security: Learn why creating an inclusive environment is essential for industry growth and innovation.
- Making Security Relatable: Master the art of using analogies to make cybersecurity concepts accessible to all.

Sound Bites:
"Culture eats strategy for breakfast."
"Humans are the weakest link. I actually think if you put the time, effort, and investment, they can be your strongest asset."
"Don't put all your eggs in one basket. Security isn't just about investing in your SOC or the latest technology; it's also about the basics and the people who run your business."
"Investing in human risk management is crucial in cybersecurity; humans can be the strongest asset in protecting organisations."

Chapters:
00:00 - Introduction: The Critical Role of Integrating Organisational Culture into Cybersecurity
04:27 - Creating a Great Culture within Cybersecurity Organizations
06:21 - Using Storytelling and Case Studies to Drive Behavioral Change 09:49 - Identifying Red Flags in Office Culture
24:31 - The Importance of Human Risk Management
26:30 - Balancing Investments: Technology, Processes, and People
29:12 - Creating an Inclusive and Accessible Cybersecurity Industry
31:17 - Making Cybersecurity Approachable Through Storytelling
32:47 - The Importance of Understanding Human Behavior in Cybersecurity

Takeaways:
- Integrating organisational culture is crucial for effective cybersecurity.
Creating a great culture within cy

Are you ready to peek behind the curtain of one of Australia's largest retail giants and discover how they're battling cyber threats daily?

In this explosive episode of Future Secured, Jason and I interview Nigel Hedges, the mastermind behind Chemist Warehouse's cyber security strategy.

Ever wondered how industry leaders stay one step ahead of cyber criminals?

Curious about AI's role in cyber security? Nigel has surprising insights on the tech that's reshaping our digital defences.

And if you've ever grappled with the tug-of-war between ironclad security and seamless customer experience, Nigel's practical wisdom is delivered through enganging stories.

Whether you're a seasoned CISO or an aspiring cyber security leader, this episode is packed with actionable strategies to fortify your organisation's digital serfaces.

Don't miss this chance to arm yourself with insider knowledge from one of Australia's top cybersecurity minds.

Tune in now and future-proof your leadership skills in an increasingly volatile digital landscape.

Takeaways:
Leadership plays a crucial role in shaping a secure digital future.
Collaboration among CISOs is essential for sharing knowledge and experiences.
Sovereign capability in cyber security involves bringing infrastructure and data back in-house.
Australian startups should focus on areas like GRC to provide innovative solutions.
AI has the potential to automate certain cyber security tasks, but a human-in-the-loop approach is still necessary.
A risk-driven approach is more effective than a compliance-driven approach in cyber security.
Balancing compliance and customer experience is a challenge in cyber security.
Practicality and minimal friction are important in the customer experience.
Vulnerability management is crucial in addressing cyber attacks.
Cyber Security awareness and education should be emphasised, especially in schools.
Building relationships with vendors and using their insights can inform cyber security strategies.
Analogies related to house security and cyber risk quantification can help convey cyber security concepts.
Focusing on the fundamentals, integrating security controls, and building resiliency are key in addressing cyber threats.


Introduction and Background (00:00) Nigel Hedges, the CISO at Chemist Warehouse, opens up about his career in the IT industry, highlighting his experiences and the lessons learned along the way.

Collaboration Among CISOs (03:12) "Collaboration among CISOs is essential for sharing knowledge and experiences," says Nigel, emphasising the power of collective intelligence in enhancing cybersecurity strategies.

Sovereign Capability in Cybersecurity (06:03) Nigel discusses the concept of sovereign capability, advocating for Australian startups to bring infrastructure and data management back in-house. He believes this focus on Governance, Risk, and Compliance (GRC) will drive innovation and security.

Focus on GRC in Australian Startups (09:28) "Australian startups should focus on areas like GRC to provide innovative solutions," Nigel asserts, outlining the potential for local firms to lead the way in cyber security.

The Impact of AI in Cyber Security (13:47) "AI has the potential to automate certain cyber security tasks, but a human-in-the-loop approach is still necessary," Nigel notes, discussing the balance between automation and human oversight.

Balancing Compliance and Customer Experience ( 20:52) Nigel touches on the challenge of balancing compliance requirements with delivering a seamless customer experience. He advocates for a risk-driven approach over a compliance-first mentality.

Sound Bites:
"Cybersecurity controls and processes are like brakes on a car where it's not designed specifically to slow the car down, but to give confidence to go faster.

In episode 2, co-hosts Tom Finnigan and Jason Murrell, along with special guest Andrew Robinson, Co-Founder and CISO at 6Clicks, delve into the critical role of Governance, Risk, and Compliance (GRC) in shaping Australia's cyber security posture. The conversation focuses on how GRC principles guide businesses and citizens to fortify their defences against increasing cyber threats.

Topics Covered:
- Importance of GRC in Cybersecurity: Exploring how robust governance, risk management, and compliance are foundational to effective cyber security strategies.
- GRC for SMEs: Strategies for small to medium enterprises to implement strong GRC frameworks to combat cyber vulnerabilities.
- Public Education on GRC Practices: Discussing initiatives to educate Australian businesses and the public on essential GRC practices in cybersecurity.
- Collaborative Efforts in GRC Implementation: The synergy needed between the government and private sector to enhance GRC practices nationwide.
- Risk Management Techniques: Insight into risk assessment and management as key components of cyber security preparedness.
Compliance and Regulatory Frameworks: Overview of national and international compliance requirements impacting Australian businesses.

Key Takeaways:
- Critical Role of GRC: Effective governance, risk management, and compliance are crucial for protecting businesses from cyber threats.
- Need for Unified GRC Strategies: Highlighting the importance of a coordinated approach to GRC across all sectors to strengthen cyber resilience.
- Education and Awareness: Empowering businesses and individuals through knowledge of GRC practices is vital for national cybersecurity health.

Sound Bites:
"Staying up to date with GRC practices, although challenging, is essential for cybersecurity."
"Think about what GRC means for your business and how you can apply it to protect your digital assets."
"We need to build solid GRC foundations before expanding into more complex cybersecurity strategies."
Episode Chapters:
00:00 - Introduction and Overview
07:48 - The Role of GRC in Enhancing Cyber security
34:11 - Effective Risk Management for Australian SMEs
40:53 - Summary of Key GRC Strategies and Conclusion

In this premiere episode of the Future Secured Podcast, co-hosts Tom Finnigan and Jason Murrell, along with special guest Dan Maslin, discuss Australia's ambitious 2030 cyber security strategy.

The trio discusses the pivotal role of Chief Information Security Officers (CISOs) and the critical importance of cybersecurity across various organisations.

They explore essential strategy components, particularly focusing on the needs of small and medium-sized businesses, and highlight the necessity of innovation and collaborative efforts within the industry.

The conversation also examines the significant support required from the government, including incentives for startups and the vital practice of sharing cybersecurity experiences and lessons learned.

Key themes such as the integration of AI in cybersecurity, the importance of cultural openness, the imperative of early cybersecurity education, and the broader roles of government and businesses in this strategy are discussed, offering a comprehensive overview of the challenges and solutions in securing Australia's digital future.

A summary of the discussion:
- Australia has set an ambitious 2030 cyber security strategy to position itself as a global leader in the field.
- The role of a Chief Information Security Officer (CISO) varies depending on the organisation, but it generally involves leadership, strategy, and ensuring compliance with relevant legislation.
- The strategy should focus on supporting small and medium-sized businesses (SMBs) and addressing their unique cybersecurity challenges.
- Incentives and support from the government are crucial for fostering innovation and growth in the cybersecurity startup ecosystem.
- Sharing experiences and lessons learned in cybersecurity can help organisations and the industry as a whole improve their security practices. AI is being used in cybersecurity to detect and analyse patterns and behaviors in emails, saving time and increasing detection rates.
- Cultural openness and sharing can help accelerate progress in cybersecurity by encouraging collaboration and knowledge sharing.
- Early education on cybersecurity is crucial to instil good habits and behaviours from a young age.
- Implementing the cybersecurity strategy faces challenges such as enforceability and the need for governance and accountability.
- Both government and businesses have a role to play in addressing cybersecurity, with the government leading by example and businesses taking ownership and investing in cybersecurity measures.


"We need to become innovative and pick a lane to become an expert in as a country."
"Sharing war stories and lessons learned from cyber attacks can be powerful for improving cybersecurity."
"We need to leverage shareable content and social media platforms to raise awareness about cybersecurity."
"Looking at emails and actually detecting a lot more that previously would have taken manual activity from an analyst to sort of go through the history and look at behaviors within communication styles and those types of things, and really saving a lot of time and really increasing the detection rates."
"But it is actually being used in the background to reduce those manual activities."
"Do we maybe need to encourage this culture of openness and sharing to get everyone kind of moving forward a bit quicker?"