The Protective Security Policy Framework is meant to guide how government manages security risk, but constant updates make it harder to implement than to understand. In this episode of Secured, Cole Cornford is joined by Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services and former senior cybersecurity leader across Australian government, to break down what actually changed in the latest PSPF update and why it matters in practice.
They examine the growing focus on personnel security and foreign interference risk, the inclusion of AI guidance that adds little beyond basic risk assessment, and the long overdue recognition of Secure Service Edge and SASE as compliant gateways. The conversation also explores why deny lists and centralised risk sharing sound sensible on paper but are far harder to enforce in reality, and why most security failures still come down to behaviour, accountability, and how technology is actually used rather than what policy says.
Chapters
00:00 – Intro
01:18 – What the PSPF is and why it exists
02:49 – Annual updates, directives, and policy advisories
04:19 – What actually changed in the 2025 PSPF update
05:36 – AI in the PSPF and why it adds little value
08:14 – Tool hype vs implementation risk
10:32 – The AI policy advisory and trusted vendors
14:25 – Directive 3 and clearance disclosure risks
17:21 – Personnel security and enforcement reality
19:41 – Secure Service Edge and SASE recognition
23:39 – Commonwealth Technology Management directive
25:28 – Deny lists, transparency, and security through obscurity
28:05 – Centralised risk sharing and assessment overload
29:52 – Policy wonk or policy gronk
31:12 – Final takeaways and closing
This Episode Is Brought To You By Our Partners
Click our partners below to see their unique offers
More Episodes You Might Like
Let's talk
Turn podcasting into pipeline
We help founders, funds and operators build trust, authority and deal flow with a show tailored to their market.
Win better deals and stay top‑of‑mind with founders.
Close more deals and build a category you own.
Reach founders and operators with a show they trust.
