by Paul Friend, MBA | ISO Lead Auditor | Dec 13, 2025 | Blog, SOC 2
The SOC 2 audit process is the structured pathway Australian organisations follow to achieve independent attestation of their security controls. For SaaS providers, cloud platforms, and technology firms selling into enterprise and regulated markets, understanding this...
by Paul Friend, MBA | ISO Lead Auditor | Dec 7, 2025 | Blog, Managed Detection & Response, Security Resources
Australian mid-market organisations are under pressure to improve security outcomes with limited resourcing and increasing Essential Eight expectations. Many teams are exploring managed detection and response as a way to strengthen coverage, reduce operational load,...
by Paul Friend, MBA | ISO Lead Auditor | Oct 20, 2025 | Blog, Penetration Testing, Security Resources
Cyber threats continue to evolve, and so must the ways organisations defend against them. Two of the most effective, yet often confused, methods are penetration testing (pentesting / pen testing) and managed security testing. Both aim to strengthen security posture,...
by Paul Friend, MBA | ISO Lead Auditor | Oct 7, 2025 | Blog, Essential 8
An essential 8 assessment provides Australian organisations with a structured, evidence-based method to measure cyber security maturity and identify gaps across the ASD’s eight mitigation strategies. Without a formal assessment process, organisations often...
by Paul Friend, MBA | ISO Lead Auditor | Oct 2, 2025 | Blog
Cybersecurity compliance in Australia is no longer optional. Organisations across all sectors are subject to a patchwork of obligations, ranging from the Essential Eight and ISM, through to ISO/IEC 27001:2022, APRA CPS 234, the SOCI Act, and the Privacy Act Notifiable...
