Security Operations — Cosive Blog

Australia’s New Gateway Security Guidance: What Leaders & SOC Teams Should Know

On 24 July 2025, the Australian Department of Home Affairs released a major update to its Protective Security Policy Framework (PSPF) as part of the Commonwealth Uplift Reforms, overhauling how government agencies secure their internet gateways. Gateways are the boundary systems controlling traffic between an organisation and the outside world. This update replaces the old Gateway Security Policy with a new, mandatory Gateway Security Standard, which sets minimum security standards that Commonwealth entities must apply for gateway capabilities. In tandem, the Australian Signals Directorate’s Cyber Security Centre (ASD’s ACSC) published updated guidance to align with the new standard and reflect modern security practices. As someone immersed in the challenges of government gateway security at Verizon for over 14 years, I believe the recent advice marks a dramatic shift in approach.

SOC Maturity Assessment in Australia: Our Approach

Day-to-day firefighting in SOCs (Security Operations Centres) can make it hard to see the bigger picture. A steady drum-beat of alerts and incidents can blur your focus. That’s why it’s so important to step back, breathe, and look at the current state of your SOC with a fresh set of eyes.Whether it's via an internal SOC maturity assessment with a popular model like SIM3, or an external consultant with deep SOC expertise, a new perspective can help uncover blind spots you might have missed in the rush to keep on top of the day-to-day demands of security operations.

Building Production-worthy Software in SecOps Teams: An Impossible Challenge?

Before jointly founding Cosive with Kayne Naughton and Terry MacDonald, Chris Horsley (Cosive’s CTO) spent many years working in national CSIRTs in both Australia and Japan, as well as doing freelance secure software development for operations teams. In this interview Chris Horsley (CTO at Cosive) talks about the challenges of building software and doing development in SecOps teams.