Receive occasional news and new articles from Cosive.

Thanks for subscribing to our newsletter
Oops! Something went wrong
February 21, 2024

Australia’s New Gateway Security Guidance: What Leaders & SOC Teams Should Know

On 24 July 2025, the Australian Department of Home Affairs released a major update to its Protective Security Policy Framework (PSPF) as part of the Commonwealth Uplift Reforms, overhauling how government agencies secure their internet gateways. Gateways are the boundary systems controlling traffic between an organisation and the outside world. This update replaces the old Gateway Security Policy with a new, mandatory Gateway Security Standard, which sets minimum security standards that Commonwealth entities must apply for gateway capabilities. In tandem, the Australian Signals Directorate’s Cyber Security Centre (ASD’s ACSC) published updated guidance to align with the new standard and reflect modern security practices. As someone immersed in the challenges of government gateway security at Verizon for over 14 years, I believe the recent advice marks a dramatic shift in approach.

February 21, 2024

Creating CTI Like a Journalist

I'm going to argue that as CTI analysts, we often get lost in the middle of these technical woods and forget about the ultimate purpose of threat intel: our outputs. These are commonly called threat intelligence products; the reports, alerts, or briefings we send to help others make decisions and take action. So how do we stay focused on the real purpose of CTI: producing useful, actionable outputs? Consider the lessons from an occupation we’ve had lifelong exposure to: journalism.

February 21, 2024

Episode #009 - Threat Sharing Communities with Prescott Pym

Cosive Principal Consultant and CTI expert Prescott Pym discusses the how and why of threat sharing communities, including CTIS, the Australian Signals Directorate's national threat sharing program. You'll learn how to get involved in your first threat sharing community, and why you might consider joining a national threat sharing program like CTIS.

February 21, 2024

My Washing Machine Refreshed My Thinking on Software Effort Estimation

I recently had a saga with a washing machine that reminded me why one of the most feared and hated tasks for software developers starts with the question: “So how long will it take you to build that?”

February 21, 2024

SOC Maturity Assessment in Australia: Our Approach

Day-to-day firefighting in SOCs (Security Operations Centres) can make it hard to see the bigger picture. A steady drum-beat of alerts and incidents can blur your focus. That’s why it’s so important to step back, breathe, and look at the current state of your SOC with a fresh set of eyes.Whether it's via an internal SOC maturity assessment with a popular model like SIM3, or an external consultant with deep SOC expertise, a new perspective can help uncover blind spots you might have missed in the rush to keep on top of the day-to-day demands of security operations.