In Australia’s National Interest - Security of Critical Infrastructure

Pentagram Advisory

What comprises Australia’s national interest, and how does the rise of insider threat activity in Australia’s critical infrastructure connect to Australia’s national interest? I expect this topic was not the first thing on your mind when you woke this morning ready for breakfast and a hot shower, however the topic is relevant because it is fundamental to you having breakfast, a wash, and getting on with you day. Let me explain.

  1. Jul 9

    The Enhanced CIRMP Rules 2026: Looking Beyond the Legislative Amendments

    The Enhanced CIRMP Rules 2026 introduce the most significant expansion of Australia's Critical Infrastructure Risk Management Program (CIRMP) framework since its inception. But beyond the additional legislative obligations lies a more important question: what do these changes reveal about the future direction of Australia's critical infrastructure regulation? In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory examine how the Enhanced CIRMP Rules 2026 signal a shift from demonstrating compliance to demonstrating organisational security capability. They discuss why Boards and senior executives should view the implementation period as a strategic opportunity to strengthen governance, build integrated security capability and prepare for future assurance obligations—not simply another compliance exercise. Drawing on Pentagram Advisory's detailed analysis of the Baseline and Enhanced CIRMP frameworks, this episode explores the key implementation timeframes, the evolving regulatory expectations, and why organisational readiness has become just as important as organisational maturity. This is the first episode in a new series examining the Enhanced CIRMP Rules 2026. Future episodes will explore the enhanced personnel security, supply chain security, cyber and information security, and physical security requirements, together with practical approaches to implementation. For more information, visit https://pentagramadvisory.com.au/

  2. Jun 15

    "Not In My Organisation": The Leadership Blind Spot Behind Insider Threat Complacency

    Why do so many capable and experienced leaders underestimate insider threat within their own organisations? In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory explore the psychology behind the "Not In My Organisation" (NIMO) mindset—a common but often overlooked leadership blind spot that can prevent organisations from recognising and addressing insider risk. Drawing on research from the UK National Protective Security Authority (NPSA) and Dr Michael Robinson's analysis of real-world insider threat cases, the discussion examines why insider threat is frequently viewed as a problem that happens elsewhere, despite evidence demonstrating that it affects organisations of all sizes, sectors and levels of seniority. The episode explores seven psychological drivers that contribute to insider threat complacency, including optimism bias, availability bias, the trust heuristic, identity protection, assumptions about the psychological contract, the trust-versus-mistrust fallacy, and overconfidence in existing controls. Tim and Marina also discuss the meaning of trust in organisations, the relationship between trust and assurance, and why effective insider threat and trusted workforce programs are not built on suspicion, but on a mature understanding of human behaviour, changing circumstances and organisational resilience. Most importantly, the episode provides practical guidance for leaders seeking to move beyond the NIMO mindset, including:• Reframing insider threat as a human risk issue• Balancing trust with assurance• Treating workforce security as a leadership responsibility• Building multidisciplinary governance• Adopting a trusted, risk-based and proportionate workforce approach Whether you are a Board member, senior executive, security leader, risk professional or critical infrastructure practitioner, this episode offers a fresh perspective on one of the most misunderstood aspects of organisational security. Learn more about Pentagram Advisory:🌐 https://pentagramadvisory.com.au/ Watch our videos and subscribe to our channel:▶️ https://www.youtube.com/channel/UCrzs0YCDpPwNzqytwF7uoSg #InsiderThreat #HumanRisk #TrustedWorkforce #CriticalInfrastructure #PersonnelSecurity #RiskManagement #SecurityCulture #Leadership #InsiderRisk

  3. May 18

    The Dark Arts of Insider Threat: What Harry Potter Teaches Us About Human Nature, Trust and Protective Security

    If you are fascinated by Harry Potter, psychology, human behaviour, and the complex realities of protective security — this episode is for you. What do Harry Potter and insider threat have in common? More than you might think. In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory explores the surprisingly sophisticated insider threat lessons hidden within the world of Hogwarts — from coercion and radicalisation to manipulation, identity compromise, disgruntlement, behavioural change, and the psychology of trust. Through characters such as Professor Quirrell, Ginny Weasley, Draco Malfoy, Kreacher, Barty Crouch Jr, Madam Rosmerta, Peter Pettigrew, and Severus Snape, we examine how human vulnerability, emotional pressure, ideology, coercion, and organisational culture can quietly undermine even the most protected environments. This is not simply a conversation about fiction. It is a discussion about modern protective security, insider threat, human behaviour, workforce resilience, and the growing importance of psychologically informed security programs in today’s critical infrastructure and organisational environments. Whether you are a Harry Potter fan, security professional, risk practitioner, psychologist, HR leader, or simply fascinated by human nature, this episode offers a unique and thought-provoking lens on one of the most complex challenges facing organisations today: the human factor. Because beneath the magic, J.K. Rowling was never really writing about spells. She was writing about us.

About

What comprises Australia’s national interest, and how does the rise of insider threat activity in Australia’s critical infrastructure connect to Australia’s national interest? I expect this topic was not the first thing on your mind when you woke this morning ready for breakfast and a hot shower, however the topic is relevant because it is fundamental to you having breakfast, a wash, and getting on with you day. Let me explain.