Why Basics Beat Buzzwords with Edward Farrell

In this episode of Future Secured, Tom Finnigan and Jason Murrell sit down with Edward Farrell, CEO of Mercury Information Security Services, to talk about why cyber security has lost its way—and what it will take to fix it.

Known for his no-nonsense perspective, Edward argues that the industry is obsessed with brain surgeons when what it really needs are more good GPs. We explore how hype, inflated job titles, and obsession with advanced tools are pulling focus from the practical, day-to-day security work that actually reduces risk.

With experience spanning governance, pen testing, and training, Edward shares war stories from the field, exposes the hidden dangers of motivated amateurs, and explains why apprenticeship models—not certifications—might be the real fix for our cyber talent shortage.

If you're a founder, CISO, engineer or just trying to make sense of this confusing industry, Edward’s take will help you separate the meaningful from the meaningless in cyber security today.

🎧 Key Takeaways:
Stop chasing shiny tools. Focus on basics that protect your business.
Cyber security needs apprentices, not just experts.
Human bias is a bigger threat than hackers.
Too many businesses are ‘going full cyber’—and getting burned.
Insider threats are the biggest risk no one talks about.
It’s not about a silver bullet—it’s about trade-offs.

🗣️ Soundbites:
"Never go full cyber."
"A motivated idiot is a dangerous thing."
"We’re obsessed with brain surgeons and ignore the GPs."
"Startups catch fire before they secure the house."
"We reward enthusiasm over expertise—and that’s a problem."

⏱️ Chapters:
00:00 – Why You Should Never Go Full Cyber
04:54 – Redundancy, Risk and the State of Cyber
10:05 – The Hype Cycle vs Real Problems
14:59 – Apprenticeship Models in Cyber
19:56 – Clarity in Roles, Titles and Tools
24:03 – Danger of Enthusiasts Without Experience
26:58 – Why Storytelling Still Wins in Cyber
30:42 – Australian Culture vs Silicon Valley Speed
34:46 – Basic Security Wins, Always
39:25 – Insider Threats: The Silent Killer
45:00 – Cyber Drills and Missing Basics

In this episode, Tom Finnigan and Jason Murrell sit down with Rupert Taylor-Price, CEO of Vault Cloud, to dive into what it takes to build sovereign cloud infrastructure that doesn’t just host data, it protects national secrets. Rupert shares his journey from developer to hyperscale cloud builder, the decision to own source code, and why Vault refuses to compromise on security.

The conversation explores the future of AUKUS Pillar Two, how government funding is shaping sovereign tech, and why “building a vault, not a front door” isn’t just a metaphor, it’s an engineering blueprint. Rupert also unpacks the intersection of AI, national security and trust and why Australia is uniquely positioned to lead in a shifting geopolitical landscape.

Takeaways
Owning the source code is foundational to true cloud security.

Vault Cloud’s strict, non-negotiable controls are designed for secrets, not convenience.

Usability and security are always in tension and Vault leans toward protection.

Sovereign capability is becoming a national security imperative.

AI brings both risk and opportunity to secure infrastructure.

Vault Cloud has had zero customer breaches, a rare feat.

AUKUS opens a trillion-dollar pathway for tech collaboration across three nations.

Pillar 1 is about military capability; Pillar 2 is about technology interoperability.

Engineering a truly sovereign, multi-nation cloud is complex but critical.

Australia’s agility makes it well-positioned in the AI and cyber arms race.

Interoperability between nations requires aligned standards, not just alliances.

Government investment is essential to enable secure sovereign tech.

Different sectors demand different security levels, there is no one-size-fits-all.

Critical infrastructure and defence require zero-trust, high-bar security controls.

Cloud built for convenience will never meet the bar for classified systems.

Secret cloud environments come with trade-offs, but for some, they’re necessary.

Psychological data, social records, and defence systems need maximum protection.

Global shifts in AI and trade are creating competitive openings for Australia.

Vault Cloud’s strategy is built around foresight, not just compliance.

Titles
This Isn’t a Front Door. It’s a Vault.

Building Australia’s Secret Cloud

Engineering Sovereignty at Hyperscale

AUKUS, AI & the Vault Standard

From Source Code to National Security

Sound Bites
"We build vault doors in the physical analogy."

"Vault has never had a customer breach of its system."

"You don’t turn MFA off. There is no switch."

"We wanted to own the source code of this platform."

"Sovereignty isn’t a feature, it’s a foundation."

"It’s quite a feat to get three countries aligned."

"This is about building infrastructure that nation-states can trust."

"There’s an opportunity to blend AI models for better outcomes."

"Every time you see these changes, it creates opportunity."

Chapters
00:00 – Introduction to Vault Cloud & Sovereign Infrastructure
01:17 – Rupert’s Journey: From Developer to National Cloud Provider
04:28 – Building Secure Systems for Government Use
06:00 – Balancing Protection vs. Usability in Cloud Architecture
11:19 – The Case for Sovereign Capability in Tech
14:40 – AI, Security & the Real-World Risks Emerging
21:13 – Demystifying AUKUS Pillar Two
24:02 – Cross-Nation Tech Collaboration Challenges
27:31 – Inside Government Investment in Sovereign Cloud
30:33 – Building a Classified Cloud for AUKUS
33:31 – What “Secret Cloud” Really Means in Practice

39:59 – Chaos, Geopolitics & Why Australia Has the Advantage

In this episode, Casey Ellis, founder of Bugcrowd and a pioneer of the crowdsourced cyber security movement, shares the hard-earned lessons from building a category-defining company. Casey pulls back the curtain on the real startup grind: from bootstrapping Bugcrowd into a global force to navigating leadership pressures, health crises and building resilient teams.

He lays bare the hidden truths of entrepreneurship, scaling cyber security innovation, and why humanising hackers is essential to the future of digital defence.

Whether you're a CISO, a cyber founder, or a leader preparing for the next wave of cyber security threats, Casey's insights will resonate deeply and possibly change the way you think about trust, leadership, and resilience.

🛡️ Core Themes and Big Takeaways
Crowdsourcing Cyber Defense: Why tapping global ethical hackers outpaces traditional security models.

Entrepreneurial Resilience: 17+ years to "overnight success" — Casey's brutal honesty on what it really takes.

Leadership Evolution: From "doing everything" to mastering the art of delegation and trust.

Health and Hustle: Ignoring health nearly cost Casey his life and he’s not holding back on lessons learned.

Culture Over Everything: Building trust-first teams that scale cybersecurity innovation.

The Human Side of Hackers: Why reframing the hacker narrative is essential for modern security strategies.

🧠 Soundbites You Can’t Miss
🔥 "You don't get a pass on your health, no matter how 'busy' you are."

🔥 "Building a company is finding where your Venn diagrams overlap, not forcing them."

🔥 "Double down on your strengths. Delegate the rest without guilt."

🔥 "If you're working on your one weakest skill, you're ignoring your ten strongest."

🔥 "Founders should be irrationally passionate about the problem they're solving, it has to look crazy to others at first."

🔥 "Humanising hackers isn't optional. It’s critical if we want cybersecurity to evolve."

🔥 "There’s no such thing as 100% secure, the question is, how do you stay ahead?"

⏱️ Chapters
00:00 - Intro to Casey Ellis and Bugcrowd’s origins
02:08 - How the idea for crowdsourced security was born
06:04 - Entrepreneurial lessons from the GFC, COVID, and everything in between
10:01 - The CEO’s real job: doing less, leading more
14:00 - Ignoring health almost cost everything
18:05 - Timing your scale-up: when, not if
22:05 - How to build and trust a world-class cyber team
28:14 - Why delegation makes or breaks startups
32:45 - Strengths vs Weaknesses: play to your natural edge
34:50 - Capital raising and the "midpoint" you need to find
39:47 - Why culture beats strategy every time
43:39 - Changing perceptions: Hackers as allies
46:35 - The defender’s dilemma — and how to win
51:50 - What's next for cybersecurity in a chaotic world

In this hard hitting episode of Future Secured, Jason Murrell and Tom Finnigan sit down with Matt Wilcox, Founder and CEO of FIFTH DOMAIN, to unpack what it really takes to train and equip the cyber warriors of today.

With a unique background, Matt brings a rare perspective to cyber training, focusing on human performance, immersive learning, and the adversarial mindset needed to win in the fifth domain: cyber warfare.

This is more than a conversation about SOCs and startups. It’s a deep dive into how Australia must rethink capability, build sovereign resilience, and move beyond tick box security into real, live-fire readiness.

From government to legal, defence to finance, if your organisation holds sensitive data or critical infrastructure, this is essential listening.

🧠 Key Takeaways:
🎥 Matt’s unconventional journey from creative industries to cyber security
🧠 Cyber is a human problem before it’s a tech problem
🎯 Understanding your adversary is the key to effective defence
🛡️ Cyber warfare is real and most organisations are not prepared
👩‍💻 Hidden talent exists inside every company, if you know how to find it
🧪 Capture-the-Flag and experiential learning outperform traditional training
💥 Failures in business and ops offer the best growth opportunities
💼 Authenticity attracts the right team, camouflage leads to culture failure
🔐 Legal firms are highly vulnerable due to legacy behaviours and secrecy
🇦🇺 Australia’s startup ecosystem lacks the support to turn innovation into impact
🛰️ Sovereign capability isn’t optional, it's a national security imperative
⚠️ The next major cyber attack could be devastating and it’s not “if”, but “when”

🗣️ Sound Bites
"Cyber exists because there is an adversary."
"You don’t need 100 people—you need 5 good ones with the right mindset."
"Authenticity attracts talent. Camouflage repels it."
"You can’t outsource risk."
"It’s not business as usual anymore."
"Cyber warfare is a wake-up call to society."
"We need to back our own businesses or we’ll keep losing them overseas."

⏱️ Chapters
00:00 — Introduction to Cyber Warfare Training
09:12 — Human Capability vs. Tech Dependency
16:30 — Cyber Warfare: Thinking Like Your Adversary
20:54 — Finding Hidden Talent Through Real-World Testing
24:39 — The Startup Reality: Lessons from the Frontline
29:39 — Hiring for Mission, Not Just Skill
31:15 — Building Functional SOCs Across Diverse Industries
36:00 — The Importance of Certainty and Clarity in Operations
40:07 — Rising Geopolitical Threats and What They Mean for Australia
44:05 — Where Australia’s Cyber Ecosystem Must Step Up
48:00 — Final Thoughts: Innovation, Sovereignty, and the Call to Action

🔗 Resources
🌐 FIFTH DOMAIN Website - www.fifthdomain.pro

In this special episode of Future Secured, Tom Finnigan and Jason Murrell unpack the newly released Australian Cyber Network State of the Industry 2024 report, a landmark deep dive into the shape, size and urgency of Australia’s cyber security sector.

📥 Download the full ACN report:
https://stateoftheindustry.auscybernetwork.au

Jason, who also chairs the Australian Cyber Network, walks through the key insights: the eye-watering rise in ransomware, the growing, but still under-resourced, cyber workforce, gender diversity gaps, sovereign capability challenges, and the widening disconnect between government strategy and ground truth.

More than just numbers, this conversation is a candid, behind-the-scenes look at what’s working, what’s broken, and where Australia must act now to avoid being left behind.

🧠 Key Takeaways
🛑 69% of Australian businesses were hit by ransomware in 2024, and 84% paid
💰 The average ransom paid was $1.35 million
👥 The cyber workforce hit 137,000 people, but demand still far outpaces supply
👩‍💻 Female participation jumped from 17% to 25%—a promising trend
🎓 Security science enrolments surged 186%, but readiness remains unclear
🇦🇺 97% of Australian cyber companies are locally owned, yet most startup funding comes from overseas
📉 Regional gaps remain: WA generated $500M in cyber GVA but has only 17 local firms
📢 Cyber security strategy lacks transparency, inclusion, and public engagement
🧯 Cyber readiness must become as normalised as OH&S or fire safety in every workplace

🗣️ Sound Bites
"Cybersecurity isn’t just a tech issue. It’s a kitchen table issue."
"You wouldn’t trust a pilot who’s never flown a sim. But we do in cyber."
"Culture eats strategy for breakfast—especially when it’s hidden behind closed doors."
"The ecosystem is fragile. Founders don’t want handouts—they want a fair shot."
"We can’t secure the nation in secret. We need public benchmarks and open engagement."

⏱️ Chapters
00:00 — Welcome & Intro
01:37 — What the 2024 ACN Report Reveals
03:00 — Ransomware Stats & SME Underreporting
07:35 — Cyber Workforce Growth & Diversity Breakdown
11:57 — Education, Enrolment & Skills Readiness
13:22 — Startups, Funding & Sovereign Capability
15:49 — State-by-State Capacity & WA's Undersupply
17:57 — Policy, Strategy & Transparency Gaps
22:29 — The Path Forward: Culture, Urgency, and Basic Hygiene
27:00 — Download the Full Report + Call to Action

🔗 Resources
📥 Download the full ACN report:
https://stateoftheindustry.auscybernetwork.au

Guest: Ikram Akbar, Founder & CEO, Hackers Jack
Hosts: Tom Finnigan & Jason Murrell

In this episode of Future Secured, we sit down with Ikram Akbar, the visionary founder of Hackersjack, an edtech platform combining cyber security, psychology, and pedagogy to teach kids how to stay safe online. From rejecting a PhD to building a mission-driven startup, Ikram shares the human story behind his purpose: protecting children through proactive digital education.

🔐 He reveals why most cyber education efforts fail by working in silos and how his spiral curriculum, structured from kindergarten to Year 12, creates long-term resilience in kids.

🇺🇸🇦🇺 Ikram also unpacks the startup grind, why Australia needs cultural reform to support cyber innovation and why the US market became essential for traction.

From AI threats and deepfakes to the emotional toll of internet exposure, this episode is a powerful call to action for parents, educators, and cybersecurity founders alike.

🔑 Key Takeaways
Hackersjack was born from a personal parenting moment and scaled through deep research across tech, education, and psychology.

Cyber education must be age-specific, emotionally aware, and rooted in practical engagement.

The stigma around cyber security makes it unappealing to kids – Hackersjack flips that by making it fun and relatable.

Parents must become co-educators in digital safety – starting with open conversations, not control.

Australia’s startup ecosystem is risk-averse – US investors are more culturally aligned to back cyber education innovation.

Cultural awareness and mental health are deeply intertwined with digital safety.

The ultimate goal: build a cyber-resilient generation by embedding digital hygiene early in schools.

🗣️ Sound Bites
“Kids spend so much time online.”

“Cybersecurity suffers from a stigma.”

“Start talking to your kids.”

“You need to think about the USA from day one.”

“Culture eats strategy for breakfast.”

🕰️ Chapters
00:00 — Introduction to Hackersjack
02:10 — The Genesis of Hackersjack
05:55 — Challenges in Cyber Education
09:35 — Parental Guidance in Cyber Safety
14:15 — The Role of Community in Cyber Education
17:13 — Navigating the US Market
22:16 — Lessons for Australian Entrepreneurs
24:35 — Navigating Cybersecurity Challenges in Australia
26:02 — Cultural Shifts and Mental Health Awareness
27:37 — Addressing Cyberbullying and Digital Safety in Schools
30:11 — Building Cybersecurity Awareness from a Young Age
33:34 — The Role of AI in Cybersecurity Education
36:29 — Fostering Open Communication Between Parents and Children
39:09 — Creating a Safe Digital Environment for Kids
42:07 — Bridging Generational Gaps in Digital Literacy

👤 About the Guest
Ikram Akbar is the founder and CEO of Hackersjack, a platform revolutionising child-focused cyber security education. With a background in mathematics, statistics, and computing, Ikram’s work spans startups, AI, and blockchain, but his mission remains rooted in one goal: equipping children to thrive safely in a digital world.

In this episode of Future Secured, Tom Finnigan and Jason Murrell sit down with Ian Yip, founder of Avertro — a platform that bridges the gap between cybersecurity operations and executive governance.

Together, they explore:

• Why cybersecurity still isn't treated as a business priority.
• The rise of “reasonable steps” as a legal standard for boards.
• How Singapore is outpacing Australia in national cyber readiness.
• What founders need to know before launching in the U.S.
• Why RSA is more than a conference — it’s a battleground for visibility.

This is a candid and insightful discussion about cyber leadership, regulation, government shortfalls, and the culture shifts needed to secure Australia’s digital future.

🔑 Key Takeaways:

• Cybersecurity is a business advantage — if it’s built from day one.
• Regulation is often the only driver of security investment.
• “Reasonable steps” is fast becoming a legal and board-level standard.
• Government funding sends cultural signals — and right now, cyber isn’t a vote-winner.
• National cyber drills (like Singapore's) show what's possible without big budgets.
• Startups must be assertive, focused, and physically present in the U.S. to win market trust.
• RSA is overwhelming — but the right prep unlocks outsized value.

📢 Sound Bites:

⏱ Chapters:

00:00 – Welcome & Ian’s Background
02:52 – Building Avertro from the Boardroom Up
06:02 – Why “Reasonable Steps” Now Matter
09:04 – Cybersecurity as Legal & Leadership Risk
14:52 – Culture, Policy & the Missing Federal Budget Signal
20:00 – What Singapore Got Right: A National Cyber Drill
26:00 – What Australia Still Gets Wrong: Siloed Government
29:30 – RSA Prep: How to Get the Most from San Francisco
36:00 – Breaking into the U.S. Market as an Aussie Startup
42:00 – Community, Credibility, and the Power of Showing Up

📌 Connect With Us:

💬 Join the conversation on LinkedIn
🎥 Subscribe to our YouTube for more insights
🌏 Learn more at murfin.au

Red teaming isn’t new, but it is still wildly misunderstood. In this episode of Future Secured, we’re joined by Remy Coll, Founder of Redacted, to unpack what red teaming really means, why most organisations still don’t use it effectively, and how it could be the difference between surviving a breach and being blindsided by one.

Despite the buzz around cyber testing, many businesses continue to rely solely on penetration testing, missing the bigger picture. Red teaming goes further—testing not just your tech, but your people, processes and response capabilities under real-world pressure.

As Remy puts it, “Every company has a red team. You just might not own yours.”

From SOC empowerment and business continuity to the growing need for cyber education in vulnerable communities, this episode challenges our assumptions about what it really takes to be cyber ready.

Key Takeaways:
Red teaming tests people, processes, and tech, not just IT systems.

Most businesses have never tested their response plans in real conditions.

Great security is found at the nexus of process, technology, and people.

Crisis response skills—like those used in medicine or defence—translate well into cyber.

Cross-skilling from diverse sectors can strengthen cyber teams.

Red teaming uncovers unnecessary spend on ineffective tools and licenses.

Every business needs to know what’s reasonable in their security obligations.

Vulnerable groups—like the elderly and survivors of abuse—need better cyber education.

Sound Bites:
💬 “Every company has a red team. You just might not own yours.”
💬 “No plan survives the first shot. So take the shot yourself.”
💬 “Protection is only part of the story—response is where you win or lose.”
💬 “The only way to know your plan works is to test it.”
💬 “We need to bring cyber down to the people who need it most.”

Chapters:
00:00 – Welcome and Introduction
03:00 – Remy’s Cyber Journey and Starting Redacted
06:30 – The Culture of Red Teaming vs. Pen Testing
10:00 – Real-World Response: Testing Plans Before an Attack
14:00 – Empowering SOCs to Act Fast
17:00 – Cross-Skilling and Crisis Skills in Cyber
21:00 – Red Teaming and Supply Chain Security
28:00 – What’s Reasonable? Cyber Accountability in the Law
34:00 – Metrics, Frameworks and the Real Gaps
43:00 – Building Red Team Capability Internally
46:00 – Protecting the Vulnerable: A Broader Cyber Mission