• Strong, hands‑on experience in incident response, threat hunting and security event analysis
• Solid capability across SIEM, XDR, endpoint, WAF and cloud security controls
• Experience working in large, regulated enterprise environments
• Practical knowledge of frameworks such as MITRE ATT&CK, NIST and cyber kill chains
• A calm, analytical approach and the ability to perform well in fast‑paced situations

Geopolitics has become a direct and material technology risk, and it now firmly belongs on the CISO’s agenda. 🌐 Trade disputes, sanctions, cyber espionage, and digital sovereignty are reshaping where data lives, who can access it, and how resilient our platforms really are.

Our dependence on globally distributed supply chains and a small number of predominantly US-based ☁️ cloud providers has concentrated high‑value data and critical services in a few strategic locations. In a heightened geopolitical environment, cloud data centres are now strategic infrastructure, and disruptions—malicious or not—can quickly become systemic business events.

In this article, I explore why technology is uniquely exposed to geopolitical shocks and what CISOs and technology leaders should be doing now to factor geopolitics into cloud, availability, and resilience planning.

Modern software is assembled from countless third‑party and open‑source components. And if you can’t see them, you can’t secure them. 🔎🔐

This article explains why SBOMs (Software Bills of Materials) are becoming essential for managing supply‑chain risk, strengthening incident response, and meeting rising security and compliance expectations.

If you want faster visibility, better control, and fewer surprises in your software stack, this one’s for you.

Agentic AI — autonomous 🤖 agents that can perceive, decide, and act — are entering business workflows fast. But as these non-human “digital workers” multiply, 🫆 identity has become the hidden challenge.

Most enterprises haven’t extended authentication and access controls to these agents, creating ungoverned digital personas operating at machine speed: a serious security risk.

This article explores why identity is the new frontier of AI security, and how cybersecurity leaders can govern agentic AI safely through strong authentication, lifecycle management, and accountability.

Quantum computing promises breakthroughs in science, medicine, and technology — but it also poses one of the biggest challenges yet to our digital security.
This article explores why organisations should be preparing now for a post-quantum world — not out of panic, but prudence.
Because when the flood comes, you don’t want to be halfway across the bridge.

• 🔒 What happens when quantum computers can break today’s encryption?
• 🧭 Why “harvest now, decrypt later” makes this a present-day risk?
• 🛠️ And how can organisations start planning for the transition?

• ✨ Enhance security by enabling Multi-Factor Authentication (MFA) and transitioning to passwordless solutions.
• 🔑 Simplify password management with tools like 1Password, Microsoft Wallet, Google Password Manager and iCloud Passwords to handle complex and unique passwords effortlessly.
• 🔍 Stay vigilant by checking for data breaches using Have I Been Pwned and promptly updating compromised passwords.
• 🤔 Exercise caution before clicking on links and maintain awareness of your online activities to protect your digital footprint.

Cyber risk monitoring isn’t just a technical task—it’s the backbone of staying resilient in a fast-changing digital landscape. From protecting critical assets to navigating strict security frameworks like NIST or ISO/IEC 27001, it’s about building a shield that adapts as threats evolve.
Discover how tailored strategies, real-time insights, and cutting-edge tools like AI and big data analytics are redefining risk management. Learn why collaboration, workforce upskilling, and flexible frameworks are the keys to thriving in this era of complex challenges.

Learn about the importance of risk management in technology, particularly in mitigating cybersecurity threats, preventing system outages, and building trust with stakeholders.
This article covers the risk management process, including risk identification, assessment, treatment, and monitoring, as well as the significance of controls in information security.
Additionally, it introduces the concept of a quantitative risk model for assessing and managing risks using numerical data and metrics to enhance control effectiveness and resilience against cybersecurity threats.

Get Certified in Cybersecurity - Part 6 of 6
🔐 Security Operations
Learn key elements of data security, including data handling, classification, logging, encryption, system hardening, configuration management, security policies, and social engineering defence through security awareness training.

Get Certified in Cybersecurity - Part 5 of 6
🔐 Network Security
Delves into common threats and best practices for securing computer networks. It explores the array of network threats, from malware and ransomware to insider threats, and understand how network professionals mitigate these risks.

Get Certified in Cybersecurity - Part 4 of 6
🔐 Network Concepts
Discover the intricate world of computer networks. This article covers topics such as network types, essential devices, IP addresses, DHCP, network ports, and key network terms. It also explores the OSI and TCP/IP models, showcasing their role in network communication. Furthermore, the article touches upon cloud computing, highlighting different service and deployment models.

Get Certified in Cybersecurity - Part 3 of 6
🔐 Access Control
Delves into the importance of access control, covering concepts encompassing defence in depth, least privilege, segregation of duty, two-person integrity, passwords, multi-factor authentication, privileged access management, account provisioning, log management, physical access control, biometric access control, and logical access control.

Get Certified in Cybersecurity - Part 2 of 6
🔐 Incident Response, Business Continuity and Disaster Recovery
Explore the crucial aspects of cybersecurity incident response, business continuity, and disaster recover. We will talk about the importance of incident response plans, business impact analysis, recovery strategies, and crisis management in ensuring the resilience and continuity of organisations in the face of cyber threats and disruptive events.

Get Certified in Cybersecurity - Part 1 of 6
🔐 Key Security Principles
Discover the essentials of safeguarding sensitive data and protecting against cyber threats. From the CIA Triad to Risk Management and Privacy, this article breaks down key principles in an accessible way.

🚀 Unlock your path to a career in cybersecurity with the ISC2 Certified in Cybersecurity (CC)!
As part of Cyber Awareness Month 2023, I'll be sharing a series of articles throughout October covering the all the knowledge needed to prepare for the ISC2 Certified in Cybersecurity (CC).
Ideal for IT professionals, career changers, executives, and recent grads, this entry-level certification offers free exam and online training for a limited time, making it more accessible than ever.
Find out more about the ISC2 CC Certification. Your cybersecurity journey starts here!

As our interconnected world amplifies cyber risks in the supply chain, the indispensable role of vendor managers in protecting valuable assets cannot be overlooked. With their unique insights and strategic position, they are instrumental in identifying and mitigating potential vulnerabilities.

This article provides vendor managers with invaluable guidance on elevating their role in safeguarding the supply chain. From selecting secure vendors to establishing robust contractual agreements, they will find actionable steps to fortify their organisation's cybersecurity posture.

If you have been using ChatGPT, you probably feel now that nothing will never be the same. It is the same feeling you had when you used the internet for the first time, when you touched your first iPhone. There will be a before and an after Artificial Intelligence, and the tipping point is now.

It is hard to predict what a world supported by AI will look like. Some think it will be a scary place, some see a lot of exciting opportunities. But regardless what your views are, there is no denying that the cybersecurity industry will be - and already is - particularly affected. Tools like ChatGPT are a new set of capabilities, with both new opportunities and new challenges for security professionals.

As Cyber Awareness Month is coming to an end and Halloween is almost upon us, I thought it would be a great time to share a few real cyber-horror stories, and how to protect yourself from them.

A short article explaining what the CIA Triad is, or how Security is focusing on key concepts: Confidentiality, Integrity and Availability.
It's not always easy for non-security people to understand the challenges and endless efforts spent by security staff, so hopefully you will now have a better idea of why, and how, we do it.

A short article explaining what is Vulnerability Management - one of the key areas of Information Security.
It's not always easy for non-security people to understand the challenges and endless efforts spent by security staff trying to remediate vulnerabilities, so hopefully you will now have a better idea of why, and how, we do it

Avenue is building a dedicated business bank that finds new, flexible ways to free up cash flow for its customers. Whether you want to grow your business, buy some time, or simply have some breathing space, we'll free up cash with new options that other banks don't offer.

Avenue isn't a bank (yet), but we're on our way. Find out more at https://www.avenue.net.au

Check out the full video on GoToStage.

"Defence in depth", sometime also called “layering” is a central concept in information security. It relates to the idea that security components should be designed so they provide redundancy in the event one of them was to fail.

This article explores the concept of defence in depth, and how it applies to modern technology stacks and in the cloud.

Time to go through the concepts of Digital Identity and Authentication, and how they are generally implemented in IT environments to automate access to websites, services and applications.

While this article does not require any specific technical knowledge, it is not a trivial topic, and I have purposely tried to not oversimplify some of the concepts. I have done my best to keep it easy to read, but feel free to send some feedback if some parts are too complex and you would like further clarifications.

With Christmas coming fast, it is a great time to remember identity crime is a critical threat to the everyone. A short beginner guide on how to protect yourself against identity theft and what to do if your identity get stollen.

Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.

It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation.

Corporate reality is that there is a growing interest from employees to use their personal devices for work. This can have a very positive impact on business – choosing which device is best for them and when, empowers workers and makes them more productive – but it also raises many security concerns for the enterprise – especially around access, confidentiality of information, compliance, security and privacy.

In order to define how employees will be able to interact with the corporate resources, the Bring-Your-Own-Device (BYOD) strategy is a critical part of your journey toward BYOD. It is there to define the capabilities your organisation offers to employees to use their personal laptops, smartphones or tablets for work.

To assist you in your journey, this article covers how to answer these questions and what are the options available for you in order to create a secure BYOD strategy.

More than ever, financial institutions in Australia and New Zealand are moving toward public cloud computing as a way to benefit from easy to use, flexible, cost effective and reliable infrastructures and services. Despite its substantial benefits, cloud computing also creates a complex new environment for financial institutions to navigate. Regulators in Australia and New Zealand are evolving their requirements and guidelines. It results in a growing expectation that financial institutions have a robust governance over their outsourcing process and ensure a high level of oversight of their cloud service providers. This article discusses the regulatory requirements around usage of Cloud Services in Australia and New Zealand and how to satisfy them.

The Australian Prudential Regulation Authority (APRA) just published the final version of the Prudential Standard CPS 234 (Information Security), that will be enforceable by 1 July 2019. Have you assessed your readiness? This article reviews the main expectations from the regulator and provides some guidance on how to ensure timely compliance.

You are regularly being reminded by your security team that sharing sensitive information by email is not safe. But why? Well, good question. Here are some answers

As an executive or senior manager, what should I know and what should my company be doing about Meltdown and Spectre?
If you are not an IT Security specialist and you have been trying to understand what all the fuss is about - you are probably struggling to find articles that are not overly technical or too generic. Hopefully, this one will be answer your questions.

This year again, our team will run the City2Surf race and raise money for Doctors Without Borders/Medecins Sans Frontières!
Support our team by visiting our fundraising page http://www.fundraise.city2surf.com.au/jbbres and by donating to a good cause

Action(s) 1.1.8 contains minor bug corrections. Find all the details regarding this release in the release notes page.

or

This is due to the fact that our current certificate has expired and is currently being renewed. It will be updated in a few days and the message will not appear anymore.

In the meantime, we suggest useds to select the "Allow trust content from this publisher" option or the "Allow all applications from app.jbbres.com with this signature" option and click on the "Run" or "Allow" button.

Sorry for the inconvenience

Action(s) 1.1.7 contains minor bug corrections. Find all the details regarding this release in the release notes page.

Action(s) 1.1.6 contains minor bug corrections. Find all the details regarding this release in the release notes page.

• Send files via FTP. (yep, a lot of you have been waiting for this one since a very long time!)
• Convert a text into a QR code (you know, those square bar codes that you find a little bit everywhere now)
• Produce the MD5 hash of a file

If you ask customers what is the most important thing that has changed with the usage of computers, we believe that in many cases the answer will be: "Now it is possible to do many tasks and routines much faster and with more efficiently than before." A statement with which we entirely agree. Nevertheless, the degree of automation depends on the capabilities of your tools. If you have to perform a set of actions and steps, and nobody has ever written a program with such a purpose, you’re left with not some many solutions.

Action(s) 1.1.5 contains minor bug corrections. Find all the details regarding this release in the release notes page.

Action(s) 1.1.4 contains minor bug corrections. Find all the details regarding this release in the release notes page.

Especially, using the add date mode, you can add a date to the file name using various date formats. By default, Rename Files provides 7 formats:

Date and Time Format	Example
dd MMMMM yyyy	29 March 2011
dd-MM-yy	29-03-11
MM-dd-yy	03-29-11
yyyyMMdd	20110329
dd-MM-yy hh.mm.ss	29-03-11 17.42.12
h.mm a	5.42 pm
hh.mm	17.42

But you can also create your own format if the ones provided does not answer your need. It is very easy. Action(s) interprets different letters as date and time codes and replaces them by their values. You can combine the codes to create your own format.
Here are the available iddentifiers:

Code	Date or Time Component	Examples
G	Era designator	AD
yy	Year (2 digits)	96
yyyy	Year (4 digits)	1996
MM	Month in year (2 digits)	07
MMM	Month in year (3 letters)	Jul
MMMM	Month in year (full)	July
w	Week in year	27
W	Week in month	2
D	Day in year	189
d	Day in month (1 or 2 digits)	5 ; 23
dd	Day in month (2 digits)	05 ; 23
F	Day of week in month	2
EEE	Day in week (3 letters)	Tue
EEEE	Day in week (full)	Tuesday
a	Am/pm marker	PM
H	Hour in day (0-23) (1 or 2 digits)	0 ; 14
HH	Hour in day (0-23) (2 digits)	00 ; 14
h	Hour in am/pm (1-12) (1 or 2 digits)	12 ; 3
hh	Hour in am/pm (1-12) (2 digits)	12 ; 03
k	Hour in day (1-24) (1 or 2 digits)	24 ; 3
kk	Hour in day (1-24) (2 digits)	24 ; 03
K	Hour in am/pm (0-11) (1 or 2 digits)	0 ; 11
K	Hour in am/pm (0-11) (2 digits)	00 ; 11
m	Minute in hour (1 or 2 digits)	30 ; 5
mm	Minute in hour (2 digits)	30 ; 05
s	Second in minute (1 or 2 digits)	55 ; 8
ss	Second in minute (2 digits)	55 ; 08
S	Millisecond (1, 2 or 3 digits)	978 ; 78 ; 9
SSS	Millisecond (3 digits)	978 ; 078 ; 009
zzz	Time zone (short name if available or GMT based)	PST ; GMT-08:00
zzzz	Time zone (full name if available or GMT based)	Pacific Standard Time ; GMT-08:00
Z	Time zone (RFC 822 format)	-0800

Text can be quoted using single quotes (') to avoid interpretation. '' (2 quotes) represents a single quote.
All characters which are not letters (from 'A' to 'Z' and from 'a' to 'z') are not interpreted and so do not need to be put between quotes.

The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 4 July 2001 at 12:08:56 local time in the U.S. Pacific Time time zone.

Date and Time Format	Result
yyyy.MM.dd G 'at' HH:mm:ss z	2001.07.04 AD at 12:08:56 PDT
EEE, MMM d, ''yy	Wed, Jul 4, '01
h:mm a	12:08 PM
hh 'o''clock' a, zzzz	12 o'clock PM, Pacific Daylight Time
K:mm a, z	0:08 PM, PDT
yyyy.MMMM.dd GGG hh:mm aaa	2001.July.04 AD 12:08 PM
EEE, d MMM yyyy HH:mm:ss Z	Wed, 4 Jul 2001 12:08:56 -0700
yyMMddHHmmssZ	010704120856-0700

Action(s) 1.1.3 contains minor bug corrections. Find all the details regarding this release in the release notes page.

You asked, we listened: Action(s) 1.1 contains next to a 100 new functionalities, improvements and bug corrections, including:

• 9 new actions to efficiently manage email messages. Compatible with Gmail, Yahoo! Mail, Live Mail and more.
• 3 new actions to improve the dynamic of your workflows: Condition, Loop and Dispense items incrementally.
• Execute scripts within your workflow, using JavaScript or AppleScript*.
• Variable edition
• Improved security. Application signed with a 2048 bit certificate.

So what’s new in version 1.1? Well, it contains next to a 100 new functionalities, improvements and bug corrections, including:

• 9 new actions to efficiently manage email messages. Compatible with Gmail, Yahoo! Mail, Live Mail and more.
• 3 new actions to improve the dynamic of your workflows: Condition, Loop and Dispense items incrementally.
• Execute scripts within your workflow, using JavaScript or AppleScript*.
• Variable edition
• Improved security. Application signed with a 2048 bit certificate.

For a change, let’s talk about technologies…
Have you heard about Java? No? Well, even if you don’t know it, you are probably using Java everyday: On your computer, your mobile phone, your TV and more. Action(s) is made with Java, and it is the reason why you can run it indifferently on Windows, Linux or Mac OS X.

Apple made recently two big announcements regarding Java:

• The creation of a Mac App Store where Java applications will not be accepted
• The end of Apple’s support of Java on Mac OS X

The Convert to JPEG action is for you. It converts any picture into a JPEG file with the quality rate indicated. Download it right now from the More Actions webpage or by clicking on "Get more actions..." in the "Help" menu of Action(s).

Action(s) 1.0.1 release content:

• "Copy file" action: Now prevent from coping a folder into itself or one of its sub-folders. Prior to this release, Action(s) was generating an infinite number of sub-folders within the destination folder.
• "Get URL" action: Selected lines backgrounds were white instead of using the system colors.
• "Show notification in tray bar" action: Mac OS X - The notification windows is now using the system colors.
• Variable selection combo box: Selected lines backgrounds were white instead of using the system colors.
• Some actions were displaying an incorrect version number (1.1 instead of 1.0.1)
• "Split files" additional actions: An error message was displayed when adding one of the actions in the workflow. Users of the "Split files" additional actions can download the latest version at http://app.jbbres.com/actions/more
• Action(s) plug-in folder now support jar file as well as actc files
• New version of the Action(s) API (v1.0.1) available. Users of the API can download the latest version at http://app.jbbres.com/developers/libraries/actions/

Action(s) has been selected freewaregenuis pick by the famous freewaregenuis.com blog. As we are reading this website since a long time at app.jbbres.com, and loving what these guys are doing, you can imagine that this has been a great surprise for all of us.

A few selected lines:
« The range of options that Actions supports, I will say, is truly impressive »
« What can this program do for you? Most anything you can think of. »
« Very user friendly and goes a long way towards making this application accessible and easy to learn »
« There’s no syntax to learn and no libraries or functions to deal with; the experience is closer to building a Lego than writing code. »
And my personal favorite :D: « I’ve been playing with this software for a couple of days and I just love it. The developers have done an astounding job making this software both powerful and accessible. »

Read the full article at http://www.freewaregenius.com/2010/10/13/actions-automate-all-kinds-of-tasks-via-drag-and-drop-without-writing-a-line-of-code.

If you were already using the beta or release candidate version of Action(s), the update will download automatically next time you will start Action(s) from your desktop or by clicking on this the launch button below:

Yep, you can now search the library of actions. That’s a very useful function, so we hope you will like it.

Plus, this version is tagged RC. This means that, except for major issue, this will be the last version before the final 1.0. We are very excited about that!

So, as always, the update will download automatically next time you will start Action(s) from your desktop or by clicking on this the launch button below:

• Presentation: 350 over 400 possible points
• Function: 300 over 300 possible points
• Originality: 300 over 300 possible points

• The first collection gives you control over the mouse and keyboard of the computer: the 9 actions included into this pack allows you to move the mouse over the screen, click a mouse button, press a combination of keys etc.
• The second one is a little action that might be a great help for HTML developers: it converts the received text into the ISO 8859-1 charset for HTML: with this action, no more problem of accents and special characters in your web pages!

Action(s) provides a lot of built-in actions to work with files, images, Internet... but depending on what you want to do, this might not be enough. Fortunatly, Action(s) is also made to support additional actions, which means that anybody with some knowledge in computer programing can create new actions and add them into Action(s).
In order to help you find new actions, we have create a dedicated webpage where all extentions for Action(s) are available. You can access it by clicking on the "Get more actions..." menu in Action(s) or simply by following this link.
One on the webpage, simply download the new actions you are interrested in, open the actc file and and the new actions will be instantly available within Action(s). Et voila.

But wait, that’s not all: today we are providing the very first extention for Action(s). We named it Split Files because it’s a set of actions to split big files in smaller files. It is very usefull if you want to sent files via the Internet but have a size limitation. We’re sure you gonna love it! It is available in the Get more actions webpage.

If you are a developper and you want to know how to create your own actions, remember that everything you need - API, documentation, tutorial and much more - are available in the Resources for developpers webpage.

Among all the new functionalities and bug corrections of this new beta version, there is one that we are very proud and that we would like to present you: in Action(s), you might have noticed that a lot of the actions need to receive input to work properly. For example, if you add an “Add Border to Image” action into your workflow, it requires to receive image files to work on, otherwise the action will have no effect.
Well now, if you add such an action at the beginning of your workflow, Action(s) knows that it will have no effect and suggests you to add a matching action in front of it.

Creating your workflow and automation has never been easier.
And more than ever, continue to send us your comments and feedbacks!

• Easy-to-use interface: Action(s) comes with a library of dozens of actions that users can browse or search to find exactly what they need. Actions are dragged and dropped from the library to create workflows.
• Complete control: the pre-installed actions allow manipulation of files and folders, image cropping, scaling, conversion, and adjustment, command line execution, variable storage and access and much more.
• Extendable architecture: Developers can easily create and share their own actions.
• Re-usable: Display controls allow action parameters to be customized each time a workflow is executed; encapsulated flow design enables workflows to be used within other workflows.
• Portable: Java and XML format used by Action(s) ensure that workflows can be shared with others, whatever their operating system is.

Simply click on the launch button. Action(s) will download and start.