This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront.
This engaging Brand Story episode comes to you from AISA CyberCon 2024, in Melbourne, where Sean Martin and Marco Ciappelli explore with Jade Wilkie how ThreatLocker empowers organizations to achieve Zero Trust security and Essential Eight compliance through innovative tools and real-time adaptability. Learn how industry insights from the conference are shaping the future of cybersecurity solutions while keeping human-centric strategies at the forefront.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Note: This story contains promotional content. Learn more.
Guests:
Jade Wilkie, Account Executive APAC, ThreatLocker [@ThreatLocker]
On LinkedIn | https://www.linkedin.com/in/jade-wilkie-salesprofessional/
Resources
Essential Eight: https://itspm.ag/threatq55q
Zero Trust World: https://itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-florida
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
View all of our AISA Cyber Con 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Building Cyber Resilience Through Global Innovation, Local Community Feedback, and Regional Partnerships | A Brand Story Conversation From AISA Cyber Con 2024 in Melbourne | A ThreatLocker Story with Jade Wilkie
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Marco. Sean. Are you laughing at me?
Marco Ciappelli: I don't know. I don't know. I, I never know what to expect from you. Even, even after so many podcasts in these days and in the past 10 years, we've done together.
Sean Martin: To throw the tomato at you. You still.
Marco Ciappelli: You still surprise me sometimes, but I've learned how to react quickly, so.
Sean Martin: You've done well at responding with my weirdness. I throw stuff at you. But here we are. We're at CyberCon in Melbourne. Hosted by Isa. It's been a fabulous three days. We're going to learn about some of the stuff that Jade and the team at ThreatLocker heard this week. We've heard a lot about Sessions.
We've had some conversations from some of the speakers ourselves. Um, I'd love to hear about some of the things that you heard this week, Jade. So, maybe you want to share kind of how the last few days have gone?
Jade Wilkie: Very busy.
Sean Martin: That's good. Um,
Jade Wilkie: A [00:01:00] lot of people, a lot of different companies. There's been so many different industries here as well, which is great to see.
Um, a lot of government departments as well. Um, but yeah, look, overall, the last three days have been nonstop. I was just saying we ran out of swag on the first day and we got another load today that we ran out of. So There's been so many people coming by the booth, which obviously we're very happy about.
Um, and heaps of different conversations as well. I think I mentioned when we had a chat the other day around the Essential 8, and I think it's a thing that catches everyone's eye on our stand. We have a big sign saying Essential 8, and people are walking past and saying, Oh, Essential 8, how do we do that?
And it's such a talking point. Point in the industry in Australia. So, um, it's been drumming up a lot of interest for people to come over and have a chat and see how we do it.
Marco Ciappelli: Yeah. Tell, tell us a little bit more about that.
Jade Wilkie: Yeah, so I guess, um, with our focus in on a Zero trust mentality, it just really aligns extremely well with the Essential eight being a, a f.
That is really standardized across Australia, um, and a lot of [00:02:00] companies are kind of starting to implement it. Some are saying, Oh, I need to get to, there's three different maturity levels for those that aren't as across the essential aid. So some are like, Oh, we're just hitting maturity level one, but we want to see how we can standardize.
getting across to maturity level two or three, um, and, or if they can consolidate their tools down, because a lot of the time when you're trying to do these frameworks, it's how many tools do we need to get to these frameworks? So if there is a tool that can centralize it all a little bit more, which ThreatLocker does quite well, we don't cover to maturity level three in the, in everything in the essential eight, but we have a.
foot in every part of the Essential 8, so we can really help companies consolidate their tools down if they are looking to aim towards something like Essential 8 maturity.
Sean Martin: And from my understanding, because I'm not familiar with, uh, Essential 8, is it a certification or is it a Is it a, uh, you self report on your maturity level, how does that work?
Jade Wilkie: They have to go through, my understanding is, and look, I'm not so much on the technical side of [00:03:00] things, but talking to my clients is they will get like external auditors that come in and they will audit where they're sitting in their maturity level. For some industries, some government industries, it's becoming mandated and it's quite a common thing now.
Some insurance companies, even like cyber insurance companies, will kind of lean towards companies needing essential aid to not bump up their insurance costs. So, it's just But it's just kind of something that's been standardized, yeah, across the region there but, yeah, it's more so their goal is to get auditors come in and say, yep, you've reached this maturity level.
And you can kind of start aiming for the next.
Sean Martin: So, Mark, I'll let you go in a second, but the, so you mentioned a lot of different industries. Do you, do you see somewhere, I mean, you guys, your team covers a lot of capabilities from endpoint networking and what not, um, are there different focus areas based on different industries, uh, different maturity levels of industries or?[00:04:00]
different capabilities that the business requires, different sets of protections, uh, from TELA. I don't know if you can kind of paint a picture of what you're hearing and seeing.
Jade Wilkie: No, definitely. I feel like conversations, as soon as it becomes, like, government focused, they're getting pinned for a bit of a higher maturity level.
They want to make sure they've got solid frameworks. So they want to be at the level two, level three maturity levels. Um, but in most cases in the conversation I'm having a key focus for a lot of them is that application control side of things, which obviously we do very, very well. Um, so that's where even some of the smaller players are really just coming in there.
Like we want to reach at least maturity level one and we want to have a focus in on application control if we can. And two of the main parts of the essential aid is the application control Hardening. So they're both things we do really well with our allowancing and our ring fencing models. So we're able to really help companies, no matter how small or big in what level they're wanting to [00:05:00] achieve, kind of start looking towards getting there.
Marco Ciappelli: So I have a question for you because as soon as I make a joke,
we
Oftentimes at the conference, we spend a lot of time not on the floor, and we have to cut ourselves a little bit of extra time to just go and say hi to people that we know. Well, you, you spend the three days in this case or any other event, which, you know, ThreatLocker is everywhere, right?
Everywhere, all the time. And, and, and, so, I want to know a little bit of what you heard from maybe other vendors or the topic. I don't know if you had a chance, probably not because you were there to listen to some keynotes or, or presentation, but also the function of, for you guys to be on the floor and then maybe learn new things.
things, get a feedback, go back to marketing, go back to development and the C level and say, Hey guys, this is the new thing [00:06:00] on the street. Maybe we can meet some of these requests. Maybe there is something new that you guys bring. Bring back to the company and then put it into the product.
Jade Wilkie: No, definitely.
Definitely. And I guess these events isn't, I mean, that's the benefit of them. It's not all about just getting people looking at ThreatLocker in particular. It's us learning off people. Okay. What's something that people are coming up and asking us for? What's the next thing that people need and they're pushing for?
And that's one thing I've coming into ThreatLocker, I've been in a few different tech spaces before different kinds of industries. And one thing I find ThreatLocker does really well is listening to people. and constantly improving. Um, and being able to take them thoughts on board and seeing where we can grow next and it's constantly evolving.
And yeah, being on the floor the whole time for three days and it's been a busy conference. I've been, some of my conversations with some of the delegates is how are you picking what you're going to watch because there's so much on. I think I think some of the sessions, there's over like 20 sessions on or something at a time in [00:07:00] some situations, so I'm like, I don't know how they're picking what they're watching, but, um, we're having, yeah, some good conversations in that front, and even just talking to the other vendors and seeing what else is out there, obviously.
A lot of vendors come here and they've got big signs of their new big fun tools kind of going on to get the conversations going there so we can kind of get an idea of what's happening in the space and what the clients want to start seeing as well.
Marco Ciappelli: Any buzz word that you heard more than other? We always make fun of, you know, sometimes it used to be like zero trust.
And then resilience and then one thing, anything that this, this event kind of stuck in your mind?
Jade Wilkie: I mean, I haven't left the ThreatLocker booth. I don't think it's been that busy. So I mean, our buzzwords is always people will pass it like, Oh, zero trust, it is still very much a buzzword. Oh, it is still.
Yeah. How do you do this? And it's yeah, very, very much still a buzzword for us. Um, yeah, I mean, for me as well, like, like I've [00:08:00] said, that essential aid buzzword is just constant, especially we were right next to the Victorian government booth. So there's a lot of people walking straight past there. Yeah.
Sean Martin: That's right. Yeah. Connect the two. Well, on this, on the point of zero trust, um, so certainly in the States, it, it was something that I personally, I think I've sensed that it was not achievable. It was, it was a marketing scheme to get people to look at new technologies in a different way. Yeah. I think it has some, some valid, certainly valid elements to it that, that organizations are trying to achieve.
It's subjective. Yeah. So you said you, ThreatLocker is able to help organizations on that journey to what zero trust means for them. Yeah. And I guess the other point I'll make is the definition of zero trust is different depending Um, so I don't know if you, from your perspective, [00:09:00] generally around Zero Trust and I don't know if it's slightly different from your colleagues in other areas, um, outside of Australia, but the definition of Zero Trust from Threat Locker's perspective and how that aligns with with where organizations are looking to achieve their definition of zero trust.
Jade Wilkie: No, definitely. So I guess where we come from, our definition of zero trust is we always speak back to it as a default deny approach. Traditionally, I guess, within a lot of the cyber world, it was, Let's just allow everything and deny as we need. Whereas we want to default deny, only allow as we need. So rather than taking that approach of we're going to just trust everything and hope that we catch the bad guys, we're going to trust nothing.
Um, and then only allow really actions that have to happen. So I guess that's where the zero trust mentality comes in. You only want to allow. The actions that need to happen in your environment happen, um, and then cut off [00:10:00] everything else, really.
Sean Martin: Right. And my, my own ignorance and lack of understanding would generally be, lead that with network.
Perhaps then with identity and access control. And then beyond that, organizations have zero insight and ability. Um, so what, what's your perspective on that in terms of the layers of.
Jade Wilkie: Yeah, well I mean, we cover a fair bit of it, so obviously, I guess we'll start with application control. So, on endpoints, a lot of companies give their employees a bit of free realm of what they want on there.
Um, and some of the stuff I've seen on some audit calls and applications that people have on their computers. It really makes you question how much work is getting done sometimes. But, so we're finding out what apps should run and what people need to do their day to day job. And then anything outside that, we'll block it.
Um, people can request things. But then [00:11:00] admin has a chance to go through, see if this is a necessary application for that person to do their job and approve as they need. But then from there, obviously, like you said, networks. Controlling network traffic, who needs to have access when they need access. and when ports need to be opened, et cetera.
Um, and we can go into storage access as well. Um, controlling moves, writes, deletes, USB drives. Do we want to allow USB drives? And we can also get quite granular. We can allow by a serial. So if you have set USB drives that the company wants to allow, we'll say, okay, yeah, their company approved USB drives.
We can allow them based on their serial number. So there's, can really get quite granular. granular there within each realm. Um, we do also have our elevation control, which goes into the removing the need for local admin rights and only elevating as we need and get down to the basis of only by application.
So you're not giving admin rights to the whole endpoint at the time. We're just going by what application needs it at the time. So it's really [00:12:00] about breaking apart each part, I guess. and giving what is necessary to that module, I guess, in our, our language, um, at the time.
Marco Ciappelli: It's also, I think, an issue of do it quickly, right?
Because I think one of the big fear of the zero trust was like, you're going to stop me from doing my business. You're going to disable stuff that we need, but if you can actually adjust that really quickly, then, then you overcome that issue.
Jade Wilkie: No, definitely. And yeah, through the ThreatLocker platform, pretty much anything that is a block has the ability for a request.
So, I mean, companies can be hard and they can just say something's a straight block and then that user will be told, okay, no, you can't request this, but anything like an application, if they try to download something they need for their job, a request pops up straight away, they can put in why they need it and it goes straight into our platform.
There's a portal for that admin of the portal to approve or deny on the spot if they have to. Same with elevation requests. There's just the, there's the ability straight away [00:13:00] for them to request. And that can be done if they go straight in and they know what it is, they know what they're dealing with.
They don't have to research that tool before they approve it. It can be done within a matter of minutes. Um, and even with the ability of our 3D printers. ThreatLocker mobile app, uh, they can be approved remote as well. So admin can get a ping on their phone and approve an application remotely.
Marco Ciappelli: Can I zero trust Sean?
And then, and then we go from there, just deny everything anyway.
Sean Martin: Yeah, I reckon. You do that anyway? Well, no, I, the more I, the more I hear and the more I learn it, it's, uh, it sounds super powerful. And I think to Marco's point, um, years past, it's been difficult to get a view of the organization. And how it works to be in a position where you could deny it
all
from the start.
Jade Wilkie: It's usually quite painful. Right. And I think people just avoided the topic because in their brain it was, Oh, I don't want to do that. That's too
Sean Martin: hard. [00:14:00] Inventory, discovery, allocation of this stuff to the business. It sounds like ThreatLocker has the ability to really provide that view early on so that the policies can be applied easily early on and manage exceptions easily, which is the other point that Mark made.
Jade Wilkie: Definitely. Definitely. Danny's done a really good job at building out a tool that makes that zero trust mentality a lot easier and a lot more achievable for companies. And it gives you a lot of flexibility. going forward in the way the cyber security realm is going. It's more and more necessary to take a bit of a different approach and not trust everything anymore.
Marco Ciappelli: So, yeah. Yeah. Well, talking about Danny, we, we, we had a conversation with him. Yes. Um, there is a directory on ITSP magazine for ThreatLocker. And that's where everybody can just go and listen to the other conversation we had and the many more that we will have.
Sean Martin: Exactly. There's even a [00:15:00] link to the Essential Eight, uh, the work that you're doing and, uh, so people can access that information and see how well things align and, uh, can take their journey from one to level three.
Jade Wilkie: Yep.
Sean Martin: That's it. And, uh, What's next for you? Where are you off to?
Jade Wilkie: Where am I off to? Everywhere. Everywhere?
Sean Martin: I don't know, so many events coming up.
Jade Wilkie: Yep, yep. We're in Bali next week, I think it is. In Bali?
Sean Martin: In there?
Jade Wilkie: Not a bad place. Yeah, I've never been. Oh, that's beautiful. I'm very excited. Yeah, there, and The whole team's catching up at the end of the year as well.
So, um, in about two weeks time, we get everyone in Threadlocker together to catch up as well. But then a very action packed 2020, 2025, or 2024, um, yeah. Australia team's fully on board now as well, because most of us didn't start until February this year. So it'll be our first full year, um, within the Australia team.
region, [00:16:00] APAC region. So it'll be full on getting across to a lot of events within Australia. So there'll be heaps of opportunities to catch up with many, many more people.
Marco Ciappelli: Very cool.
Sean Martin: Well, I find super impressive is the, ultimately it's about the human, right? And when you, when you talk about business, I look at everything from an operational perspective, there's no single business model from a security perspective, you can just drop in.
And so connecting the human element on the ground, in the public. directly with the business. I think you have the winning formula for understanding what's needed to protect each business personally. And with that one on one connection on the ground is super, super impressive. So, and of course, uh, I mentioned on our previous chat, we'll, we'll be with the, the team in Orlando for Zero Trust World 2025.
Jade Wilkie: That's in
February.
Sean Martin: February. We'll be there. There's a link to that in the directory, uh, Threat Locker directory as well, so hopefully people will join us and come and say hi to everybody and [00:17:00] perhaps, uh, maybe you'll have some Australian representatives there as well, we'll see.
Jade Wilkie: We might manage to get someone over there.
Sean Martin: If you wanna, wanna see Jade in Orlando, I'll have a, have a chat with her. Alright, well thanks, uh, thank you Jade for the insights and the information and, uh, thanks everybody for listening and watching and we'll, we'll see you more. There's more stories from ThreatLocker coming your way and obviously lots more from, uh, CyberCon here throughout, from throughout the weeks.
Marco Ciappelli: And maybe we'll be back in 2025 and we'll talk again.
Sean Martin: There's that number again. Yeah. Alright, thanks everybody. What?