From the blog
Practical security, governance and AI content for Australian businesses — no hype, no vendor pitch.
The 'Session Cookie' Hijack: Why MFA Can't Always Save You
MFA stops most attacks — but not pass-the-cookie. Here's what session token theft looks like, why it bypasses multi-factor authentication entirely, and what you can do about it.
Read article →The 'Legacy Debt' Audit: The 3 Oldest Risks in Your Server Room
End-of-life software, unpatched systems, and forgotten remote access are the most exploited vulnerabilities in Australian SMB environments. Here's how to find them.
Read article →The 'Backup Exit' Strategy: Can You Move Your Data Without the Vendor?
Most businesses test whether their backup works. Almost none test whether they can leave the vendor. Here's why data portability should be part of your backup strategy — and how to check where you stand.
Read article →Micro-SaaS Vetting: The 5-Minute Security Check for Browser Add-ons
Browser extensions sit inside your browser session with access to everything you do. Here's a fast, repeatable process for deciding whether to trust one.
Read article →LinkedIn Social Engineering: Protecting Your Staff from Fake Recruitment Scams
Fake recruiters on LinkedIn are running sophisticated social engineering campaigns. Here's what they look like and how to help your team recognise them.
Read article →"Clean Desk" 2.0: Securing Your Home Office from Physical Data Leaks
The clean desk policy was designed for offices. In 2026, most sensitive work happens at home — and the risks have changed significantly.
Read article →The Essential Checklist for Securing Company Laptops at Home
Home environments create security risks that offices don't. This checklist covers the fundamentals — what to configure, what to enforce, and what to never allow.
Read article →The 2026 Guide to Uncovering Unsanctioned Cloud Apps
Most businesses underestimate their cloud app footprint by an order of magnitude. Here's how to find what's actually running and decide what to do about it.
Read article →Stop Ransomware in Its Tracks: A 5-Step Proactive Defence Plan
Ransomware rarely arrives as a sudden encryption event. It's a multi-stage process with detection opportunities at every step — if you've built the right foundations.
Read article →How to Run a Shadow AI Audit Without Slowing Down Your Team
Your staff are already using AI tools you don't know about. Here's how to find out what's running, understand the actual risk, and build governance that sticks.
Read article →Security and governance in your inbox
Short, practical, no-nonsense. The Ninja Brief lands when there's something worth saying — not on a schedule for the sake of it.