Sign up to save your podcasts
Or
Share Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations
Episode Summary
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
Cole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies.
Timestamps00:59 - Kat’s background and founding Flame Tree Cyber
03:10 - Defining mission-driven organisations
04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP)
05:41 - Compliance vs meaningful security improvement
06:51 - How threat modelling with MITRE ATT&CK helps allocate resources
07:35 - Balancing foundational cybersecurity and advanced threat intelligence
08:52 - Incident response and the value of understanding threat actors
11:46 - Allocating budget and demonstrating security value to executives
16:31 - How to effectively request security funding from the board
20:00 - Relevance of Essential Eight in modern SaaS environments
29:21 - Kat’s role with AISA and building the cybersecurity community in Queensland
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
View all episodes
By Galah CyberEpisode Summary
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
Cole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies.
Timestamps00:59 - Kat’s background and founding Flame Tree Cyber
03:10 - Defining mission-driven organisations
04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP)
05:41 - Compliance vs meaningful security improvement
06:51 - How threat modelling with MITRE ATT&CK helps allocate resources
07:35 - Balancing foundational cybersecurity and advanced threat intelligence
08:52 - Incident response and the value of understanding threat actors
11:46 - Allocating budget and demonstrating security value to executives
16:31 - How to effectively request security funding from the board
20:00 - Relevance of Essential Eight in modern SaaS environments
29:21 - Kat’s role with AISA and building the cybersecurity community in Queensland
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/