Episode Summary

Cole Cornford speaks with Kat McCrabb, founder of Flame Tree Cyber, about navigating cybersecurity compliance and risk, particularly within education, government, and mission-driven organisations. Kat shares insights from her experience in federal government and as CISO at Brisbane Catholic Education, highlighting the strengths and weaknesses of compliance frameworks like Australia's Essential Eight and MITRE ATT&CK. The conversation covers how to effectively communicate cyber risks to stakeholders, align security with organisational priorities, and why prevention beats incident response every time. Kat also discusses strategies for meaningful conversations around funding and shares her perspective on the evolving landscape of security in the age of SaaS and cloud technologies.

Timestamps

00:59 - Kat’s background and founding Flame Tree Cyber

03:10 - Defining mission-driven organisations

04:29 - Challenges of prescriptive compliance frameworks (ISM, Essential Eight, DISP)

05:41 - Compliance vs meaningful security improvement

06:51 - How threat modelling with MITRE ATT&CK helps allocate resources

07:35 - Balancing foundational cybersecurity and advanced threat intelligence

08:52 - Incident response and the value of understanding threat actors

11:46 - Allocating budget and demonstrating security value to executives

16:31 - How to effectively request security funding from the board

20:00 - Relevance of Essential Eight in modern SaaS environments

29:21 - Kat’s role with AISA and building the cybersecurity community in Queensland

Mentioned in this episode:

Call for Feedback