Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations

Episode SummaryCole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies.Timestamps00:59 - Kat’s background and founding Flame Tree Cyber03:10 - Defining mission-driven organisations04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP)05:41 - Compliance vs meaningful security improvement06:51 - How threat modelling with MITRE ATT&CK helps allocate resources07:35 - Balancing foundational cybersecurity and advanced threat intelligence08:52 - Incident response and the value of understanding threat actors11:46 - Allocating budget and demonstrating security value to executives16:31 - How to effectively request security funding from the board20:00 - Relevance of Essential Eight in modern SaaS environments29:21 - Kat’s role with AISA and building the cybersecurity community in QueenslandMentioned in this episode:Call for FeedbackThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrpSpotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

There are no comments yet.

Please log in to write the first comment.