In this special solo episode, host Cole Cornford reflects on the journey of the Secured podcast over the past two years. He shares behind-the-scenes insights, from the unexpected challenges of cicada season disrupting recordings to the podcast’s growth, hitting 45 episodes and over 7,000 downloads. Cole discusses listener feedback, format changes, and his plans to expand the show, including moving to weekly episodes, introducing video content, and diversifying guest profiles. He also highlights listener engagement stats, the importance of audience reviews, and the future direction of Secured with a focus on delivering more valuable and dynamic cybersecurity content.

00:20 – The impact of cicada season on recording and production

01:10 – Hitting 45 episodes: reflections on the podcast’s growth

01:54 – Asking for listener feedback and reviews to support the show

02:51 – Plans to move to weekly episodes and potential sponsorships

03:51 – The possibility of introducing video content and its challenges

04:35 – Listener engagement stats: unique listeners, downloads, and demographics

08:05 – Most downloaded and highest engagement episodes revealed

10:55 – Diversity in guests and topics: striving for representation

13:48 – Changes in podcast format: cutting certain segments for better engagement

17:03 – The shift towards professional development-focused content

19:50 – Future goals: more international guests and sharper conversations

Mentioned in this episode:

Call for Feedback

Madhuri Nandi is the Head of Security at Till Payments and a trailblazer in the Australian cybersecurity industry. As co-chair of the Australian Women’s Security Network, she brings decades of experience to the table, breaking barriers for women in tech and redefining what leadership looks like in cybersecurity. Madhuri shares how a love for gaming and cheat codes sparked her journey into application security and the cultural challenges she overcame to thrive in a male-dominated industry. They explore the realities of leading security functions in scaling FinTechs, why compliance doesn’t equate to security, and the critical role of aligning cybersecurity strategies with business objectives.

01:13 Cheat Codes Ignite a Cybersecurity Path

02:26 From Database Admin to Security Professional

05:09 Lessons from Gaming & Early Misperceptions

07:29 The Jump into Executive Leadership

10:53 Compliance vs. True Risk Management

18:45 Overcoming Cultural & Workplace Hurdles

31:55 Diversity, Women in Tech & Final Reflection

Mentioned in this episode:

Call for Feedback

In this episode of Secured, host Cole Cornford chats with Neha Malik, Head of Product Security at REA Group, about building and scaling effective application security (AppSec) programs. They delve into the importance of empathy, communication, and relationship-building between security teams and developers. Neha shares her journey from a Microsoft graduate program, through external consulting at KPMG, and into her current leadership role. They discuss making security easy for engineers, managing security champions programs with realistic expectations, and learning from other disciplines—like psychology and marketing—to better influence and engage stakeholders. Neha and Cole also highlight how tailoring approach and tooling can differ for startups and large enterprises, and emphasise that collaboration, not confrontation, leads to long-term AppSec success.

00:20 - Neha’s Role at REA Group and Positive AppSec Outcomes

01:30 - Starting a Career in Security at Microsoft’s Grad Program

05:45 - Building an AppSec Program from Scratch at REA

10:00 - Startups: Embedding Security in Tools Over Heavy Process

14:40 - Security Champions Programs: Value, Expectations, and Incentives

20:25 - Learning from Other Disciplines (e.g., Psychology) to Influence Teams

Mentioned in this episode:

Call for Feedback

In this special christmas episode of Secured, Cole Cornford does something a little different to usual and answers listener questions. Lots of topics are covered, including new years resolutions, cybersecurity trends of 2024, career and life advice, and plenty more.

A huge thank you to everyone who sent in questions! We had so many responses that we weren't able to get to all of them. Let us know if you enjoy this format and we may do it again in the future.

1:00 - Cole's thoughts on new year's resolutions

3:00 - Cole's experiences working in large organisations

13:30 - Critical cybersecurity steps for organisations in 2025

20:30 - Using security tools to protect APIs

26:20 - Protecting against supply chain attacks

36:20 - Cole's perspective on DevSecOps

40:50 - Trends of 2024

50:40 - Diversity in the cybersecurity industry

1:01:02 - ASPM tools

1:13:20 - Why Cole enjoys making the podcast

1:21:00 - Life advice that has stayed with Cole

Mentioned in this episode:

Call for Feedback

Episode Summary

Elizabeth Stephens is CEO of DBS Cyber, where her team deliver IT solutions for clients in various industries. A retired Marine Corps Major and author of the book Building a Resilient Digital Future: A Comprehensive Guide to Cyber Risk Monitoring, Elizabeth draws from her diverse experience in her work. In her conversation with Cole Cornford, they discuss leveraging AI to be helpful and not harmful the politics and nuance of cybersecurity, lessons from Elizabeth's military experience that she applies to her current role, and plenty more.

1:00 - Elizabeth's background

7:30 - How we can leverage AI to be useful not harmful

14:30 - Using AI to help with parenting

20:30 - The politics & nuance of cybersecurity

23:30 - Roblox & cybersecurity for kids

27:00 - Lessons from the military Elizabeth applies to cybersecurity

30:30 - Elizabeth's journey as an author

36:30 - Cybersecurity for small business

Mentioned in this episode:

Call for Feedback

In this episode, Cole Cornford is joined by cybersecurity experts and IRAP assessors, Kat McCrabb and Toby Amodio, to unpack the latest updates to the Protective Security Policy Framework (PSPF) for 2024. They explore the significant changes introduced in the PSPF, such as the heightened emphasis on IRAP assessments, the potential strain on resources due to increased demand for assessors, and the impact on government agencies' compliance efforts. The discussion delves into the restructuring of the PSPF domains, including the separation of information and technology, and the challenges this presents for reporting and governance. They also address issues with self-attestation in agencies, insights from ANAO reports, and the critical importance of managing legacy IT systems. Kat and Toby offer valuable perspectives and practical advice for organisations navigating these new requirements, highlighting the need for proactive planning and adaptation in the evolving cybersecurity landscape.

01:27 - What is the PSPF? Toby explains the framework

03:07 - Kat discusses the biggest changes in the PSPF 2024 updates

04:20 - Challenges with IRAP assessments: time, cost, and limited assessors

06:18 - When are IRAP assessments required? Clarifications

08:13 - Changes in PSPF domains: splitting information and technology

10:08 - Implications of the changes for reporting and governance

12:15 - Comparison with NIST framework and governance considerations

13:38 - Issues with self-attestation and insights from ANAO reports

15:09 - Strategies for improving reporting and assessments in agencies

17:36 - Managing legacy IT systems under the new PSPF requirements

18:52 - Key takeaways and final thoughts from Kat and Toby

Mentioned in this episode:

Call for Feedback

In this episode, Cole Cornford speaks with Anand, an API security expert at Traceable AI with over 18 years of experience in crafting innovative IT solutions. Anand's expertise spans API design, microservices architecture, cloud technologies like Kubernetes and AWS, and security architecture including IAM and OAuth. Together, they delve into the critical importance of API security in today's digital landscape, discussing why traditional web security measures are insufficient, lessons learned from incidents like the Optus breach, the challenges of managing API inventories, and how AI and machine learning can enhance security practices. Anand also shares his experience writing a book during the pandemic and the value of continuous learning. This episode is packed with insights on modern application development, cybersecurity, and plenty more.

4:20 - Understanding API security challenges

9:30 - The role of AI in API security

16:55 - The importance of API inventory management

24:00 - The business impact of API security

28:00 - Cole & Anand discuss books & writing

34:00 - Current state of API security in Australia

Mentioned in this episode:

Call for Feedback

In this episode, Cole Cornford speaks to two guests on the topic of robotics: Damith Herath, a Professor at the University of Canberra, and Adam Haskard, co-founder and Director of Bluerydge, a Canberra-based cybersecurity and technology firm. Together, Damith and Adam are conducting research into Secure Robotics, an emerging field of study that addresses the intersection of robotic safety, trust, and cybersecurity. In their conversation with Cole, they discuss the growth opportunities for robotics, how someone interested in the field could pursue a career in robotics, potential risks of the common household vacuum robots, and plenty more.

2:00 - Robotics: definitions & applications

8:45 - The intersection of robotics & cybersecurity

10:00 - Trust & safety in robotics & cyber

15:00 - Emerging risks in robotics

18:40 - The role of cybersecurity in robotics

20:30 - Regulation and innovation in robotics

40:00 - Growth opportunities for robotics

29:00 - Future of robotics & AI

32:00 - Career pathways into robotics

39:00 - Rapid fire questions

Mentioned in this episode:

Call for Feedback