In this episode, we explore one of the most overlooked vulnerabilities in today’s organisations: the way familiarity, comfort and trust can blind leaders to emerging insider-related risks.
Drawing on recent NPSA research and Pentagram Advisory’s insights, we unpack why insider threat often feels “unlikely,” how the psychological contract shapes behaviour long before policies do, and why point-in-time checks provide only the illusion of safety.
We examine the cultural resistance to insider threat programs, the language barriers that shape organisational acceptance, and the leadership blind spots that allow early warning signs to go unnoticed.
Most importantly, we discuss how shifting from blind trust to informed trust can strengthen culture, governance and accountability — and what it takes to build a truly trusted workforce in an evolving threat landscape.
If your organisation is reassessing its people-related risks, workforce suitability, or insider threat maturity, this episode provides a clear, practical lens to recalibrate assumptions and enhance preparedness.
In this episode, we unpack one of the most critical challenges facing Australia’s essential services: understanding and managing the risks hidden within complex supply chains.
Modern critical infrastructure depends on long, interconnected, and often opaque networks of suppliers — and under the Security of Critical Infrastructure Act 2018, these dependencies are now a regulated security obligation.
Drawing on Pentagram Advisory’s Eight-Step Risk-Based Supply Chain Mapping and Categorisation Framework, we explore how organisations can move beyond tick-box compliance and build a defensible, intelligence-led approach to supplier assurance.
From governance and threat analysis to mapping, tiering, and continuous monitoring, this episode breaks down each step in practical terms for boards, senior executives, and security practitioners.
You’ll hear how the right framework can transform supplier oversight from a procurement activity into a core protective security function — strengthening resilience, reducing over-reliance, and giving decision-makers a clear line of sight into vulnerabilities across every tier of the supply chain.
Whether you work in energy, water, transport, telecommunications, or any sector covered by the SOCI Act, this episode provides essential insights for building assurance in an increasingly interconnected and risk-exposed environment.
A supply chain is only as strong as the weakest link you can see.
Tune in to learn how to make those links visible, verifiable, and secure.
Welcome to another podcast in Pentagram Advisory’s ‘In the National Interest’ series, a series in which we explore geostrategic issues relevant to the security of Australia’s critical infrastructure.
In this episode we will explore the subject of the China’s waging of cognitive warfare against Australia and other Western democracies. We will explore the relevance of the threat of cognitive warfare Australia's critical infrastructure and consider mitigations that critical infrastructure owners and operators may take.
Across Australia’s critical infrastructure sectors, one of the most persistent challenges under the Security of Critical Infrastructure Act 2018 is identifying and managing critical workers — those individuals whose absence, compromise, or misconduct could disrupt essential services.
In this episode, Pentagram Advisory introduces the Seven-Step Critical Worker Identification and Risk Management Framework — a practical, regulator-aligned approach that helps organisations move from compliance to confidence.
Tim and Marina unpack the legislative foundations, share insights from industry engagements, and outline how clear governance, operational mapping, and proportionate assurance measures can transform workforce compliance into lasting capability and assurance.
Whether you are a security or risk professional, HR leader, or executive responsible for essential services, this episode will help you strengthen your organisation’s resilience and meet the intent of the SOCI framework with clarity and purpose.
🔗 For more insights, visit Pentagram Advisory or follow us on LinkedIn.
Why do employees sometimes go above and beyond to protect their organisation — and other times bend rules, ignore policies, or disengage from security altogether?
In this episode, Pentagram Advisory explores the role of the psychological contract — the unwritten expectations of trust and fairness between employer and employee — and how its breakdown fuels insider threats.
Drawing on research from the University of Warwick, we unpack why technical controls alone aren’t enough, how to recognise early signs of a breach, and what leaders can do to repair trust before it escalates into a security risk.
For leaders, executives, and practitioners, this is a reminder that the deciding factor in insider threat is rarely opportunity — it is choice. And choice is shaped by trust.
Espionage and foreign interference are now assessed as certain threats to Australia’s critical infrastructure. In this episode, Pentagram Advisory explores how insider threat programs — guided by the Protective Security Policy Framework and aligned with SOCI Act obligations — help organisations counter these risks.
We unpack why people are both the first line of defence and the most attractive target.
ESG is one of the most decisive forces shaping corporate strategy and investment worldwide. But while environmental and governance issues dominate the headlines, the social dimension — the human factor — is often overlooked.
In this episode, Pentagram Advisory explores why personnel security is the missing link in many ESG programs. We examine the risks posed by workforce vulnerabilities, insider threats, and supply chain exposures, and why boards and executives must integrate personnel security into ESG strategy to build resilience, protect value, and maintain stakeholder trust.
Join us as we uncover how the people side of ESG could be the decisive factor in safeguarding purpose, performance, and profitability for organisations managing critical assets.
In August 2025, the Australian Government announced it had evidence that the Iranian Government had directed violent criminal activities in Australia. The activities were cited as the attacks on two Jewish sites in Australia in 2024. In response to this evidence, the Australian Government expelled the Iranian ambassador and senior diplomatic staff, and will proscribe Iran’s Islamic Revolutionary Guard Corps (IRGC) as a terrorist group in Australia.
This podcast argues that Iranian activity in Australia meets the definition of foreign interference, explores the significance of these acts, and the possible risks that may be relevant to people and employers from acts of foreign interference, be they from Iran or other hostile states.
Foreign interference is no longer a distant problem — it is happening here in Australia, today.
In this episode, Pentagram Advisory explores the growing threat of Chinese foreign interference and its impact not only on Australia’s national security but also on everyday workplaces. Drawing on recent cases and real examples, we examine how interference targets individuals, communities, and institutions, and why no workplace is immune.
From political asylum cases like Ted Hui and Kevin Yam, to the covert collection of information from community groups, this episode highlights how interference can affect colleagues, threaten trust, and undermine social cohesion. We also outline practical steps workplaces can take — from recognising warning signs to building a culture of safe reporting and resilience.
Join Pentagram Advisory’s Tim Slattery and Marina Shteinberg as they unpack the risks, share insights from recent reports, and provide guidance for boards, executives, and employees on staying alert without fuelling bias.
This episode explores the risk posed to an enterprise from the actions of trusted insiders, also known as third-parties, in the enterprise's supply chain.
Two years on from the introduction of the Critical Infrastructure Risk Management Program (CIRMP) under the SOCI Act, what have we learned — and where do we go next?
In this episode, Pentagram Advisory explores how organisations can use the annual CIRMP review and Board-approved report to strengthen governance, integrate SOCI-related security risks into their Enterprise Risk Management Framework, and build resilience that goes beyond compliance.
We discuss practical steps for improving Board oversight, closing the gap between operational insights and strategic decisions, and embedding CIRMP into everyday risk management. Whether you’re a security leader, risk manager, or Board member, this conversation offers actionable insights to ensure your CIRMP drives value for your organisation.
As organisations implement return-to-office (RTO) policies, the focus is often on productivity, collaboration, and culture. But there's another critical dimension to this shift: security.
In this episode, Pentagram Advisory explores the human risks associated with organisational transitions and how poorly managed RTO directives can lead to disengagement, disgruntlement, and increased insider threat risk. Drawing on insights from our article “Returning to the Office – Managing Insider Threats During Organisational Transition”, we unpack the psychological contract between employers and employees, discuss the drivers of insider threats, and outline practical strategies for rebuilding trust, strengthening reporting culture, and supporting managers through change.
This episode is essential listening for leaders, security professionals, and HR teams navigating the intersection of people, culture, and protective security.
What does it take to build a trusted workforce — one that is resilient, high-performing, and secure?
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory explore the invisible but critical psychological contract between organisations and their people.
Based on their article Building a Trusted Workforce – Managing Human Risk with Purpose, this episode examines how trust is formed (and broken), the role of pre-employment screening and ongoing assessments, and how organisations can move beyond compliance to create a culture of security and care.
Listen now to learn practical strategies for managing people risk with empathy, structure, and purpose.
Explore how a security maturity model can strengthen your organisation’s Critical Infrastructure Risk Management Program (CIRMP) under Australia’s Security of Critical Infrastructure Act 2018 (SOCI Act).
In this episode, Tim Slattery and Marina Shteinberg from Pentagram Advisory unpack what a security maturity model is, why it matters, and how it provides Boards and executives with a clear, evidence-based view of their security posture.
To help organisations navigate this environment, Pentagram Advisory has developed a tailored CIRMP Security Maturity Model.
This model is specifically designed to reflect the unique operating context, risk environment, and sector obligations of each critical infrastructure entity.
Whether your goal is to meet increasing regulatory demands, reinforce resilience, or demonstrate transparent governance, this conversation offers practical insights to guide your journey.
For more resources on the security of critical infrastructure, insider threats, and supply chain risk, visit Pentagram Advisory or follow us on LinkedIn.
This episode is titled: Pentagram Advisory First Anniversary – Celebrating One Year of Collaboration
This episode will explore a unique and unexpected aspect of Pentagram’s first year of operation – that is Pentagram’s connecting with other service providers that bring a natural point of collaboration with Pentagram. This collaboration provides additional and complementary benefits for our clients and followers. Collaboration also provides opportunities for Pentagram to contribute to meeting the needs of collaborators’ clients.
The key message is that Pentagram has nested with other like-minded providers that share Pentagram’s values and vision to strengthen Australia’s national security by lifting up the security and resilience of Australia’s workforce and critical infrastructure.
Australian media reported in May 2025 that the leader of Australia’s Transport Workers Union (TWU) is prepared to “shut down Australian transport” in 2026 in pursuit of union claims.
In this podcast Pentagram Advisory explores the possible consequences of the TWU threat in the context of the legal obligations that came into effect on 27 March 2025 that transport sector asset owners and operators now face under the Transport Security Amendment (Security of Australia’s Transport Sector) Act 2025 (TSA Act).
Especially with regard to personnel security obligations under the TSA Act, TWU members may behave as 'insider threats' that require mitigation.
The podcast explores the role of an insider threat program in helping to mitigate these possible threats and how this approach benefits all people and organisations involved .
This episode is titled: Insider Threat – Australian Government Recognises the Need for Insider Threat Programs.
This podcast will explore the Australian Government’s efforts in recent years to mitigate insider threat in both the government and private sectors.
The key message is that there is a need for insider threat program and that need comes from recognising the potency of the insider threat to harm Australia’s national security, defence, economic wellbeing, and social coherence. In terms of security threats, the two most potent threats are from people and cyber sources.
We hope you enjoy this podcast and find it informative.
In this episode, we explore the landmark Transport Security Amendment (Security of Australia’s Transport Sector) Act 2025 — a generational shift in how Australia secures its aviation, maritime, and offshore sectors.
Join Timothy Slattery and Marina Shteinberg from Pentagram Advisory as they unpack what the TSA Act means for airports, ports, and offshore facilities. Discover how the new all-hazards approach moves beyond traditional physical security to address operational interference, insider threats, cyber risks, and personnel vulnerabilities — and why this evolution matters.
For aviation and maritime industry participants, the application of an all-hazards approach marks a clear evolution from a prescribed, compliance-based regime focused on granting access to secure zones, to a risk- and principles-based, outcomes-focused model that requires mitigation of a far broader range of risks — including cyber, personnel, and supply chain hazards.
We’ll walk through the key reforms, practical obligations, and strategic actions your organisation can take now to prepare for compliance and build operational resilience.
Whether you're a security leader, risk manager, regulator, or executive in the transport sector, this episode offers valuable insights and clear next steps for navigating Australia’s evolving threat landscape.
An insider threat incident at Canberra Hospital in May 2025, in which an employee targeted another employee ,reveals critical lessons for Critical Infrastructure Risk Management Program (CIRMP) compliance and personnel security under the Security of Critical Infrastructure Act 2018.
In this episode, the Pentagram Advisory team breaks down what directors of responsible entities need to know about their legal obligations when approving the Critical Infrastructure Risk Management Program (CIRMP) annual report.
We explore board duties under the SOCI Act and Corporations Act, the importance of ongoing oversight, and offer practical recommendations for management to support board decision-making.
Essential listening for directors and executives overseeing critical infrastructure in Australia.