Knowledge & Intelligence

Insights &
Resources

Practical write-ups and guidance from the field, built for CISOs, small security teams, and executives who need straight answers. New material is added as we publish it.

In Preparation

Australian Essential
Eight Field Guide

A practical guide we're putting together for Australian organisations - drawing on public ACSC guidance, industry incident data, and our own engagement experience. Plain-English, vendor-neutral, and focused on what moves the needle. Register your interest and we'll send it when it's ready.

  • The two or three Essential Eight controls most organisations get stuck on
  • Business Email Compromise: still the most common initial vector
  • What a realistic uplift roadmap looks like (and what it costs)
  • The human factor: why people remain the primary target
  • Where to start if you're a small team with a big mandate
Register Your Interest
RTCS · FIELD GUIDE
ESSENTIAL
EIGHT
FIELD GUIDE
FIRST EDITION · COMING 2026
FormatPractical guide
Based onACSC + field
StatusIn preparation
Latest Articles

From the Founder

THREAT INTEL · MAR 2026
Business Email Compromise: Why It's Still Winning

BEC remains the most common initial access vector in Australian incidents. We break down why it persists, what defenders get wrong, and how to reduce your exposure.

Available in the 2026 Threat Report
Request a Copy →
ADVISORY · FEB 2026
Essential Eight Uplift: Where Organisations Are Still Failing

After years of guidance, most Australian organisations still struggle with the same two or three Essential Eight controls. RTCS shares what we see most often, and how to fix it.

Available in the 2026 Threat Report
Request a Copy →
INCIDENT RESPONSE · FEB 2026
Ransomware Response: The First 48 Hours

The decisions made in the first two days of a ransomware incident determine the outcome. Based on our incident response engagements, here is the playbook that matters.

Available in the 2026 Threat Report
Request a Copy →
COMPLIANCE · JAN 2026
Privacy Act Reforms: What Australian Businesses Need to Do Now

The Privacy Act amendments are here. RTCS's privacy advisory team walks through the key changes, who they apply to, and the practical steps organisations need to take.

Available in the 2026 Threat Report
Request a Copy →
RED TEAM · JAN 2026
What We Find in Every Red Team Engagement

Across red team engagements targeting Australian enterprises and government environments, certain weaknesses appear consistently. Here is what we always find, and what it means for your defences.

Available in the 2026 Threat Report
Request a Copy →
LEADERSHIP · DEC 2025
The CISO in 2026: Managing Up When the Board Doesn't Speak Cyber

Security leaders are increasingly expected to present risk in business terms. Our vCISO practice shares strategies for communicating cyber risk to boards who didn't grow up in security.

Available in the 2026 Threat Report
Request a Copy →
Whitepapers & Guides

Technical Resources

WHITEPAPER
Essential Eight Maturity Assessment Guide

A practical guide to measuring your Essential Eight maturity level across all eight mitigations - with assessment criteria, evidence requirements, and uplift recommendations.

Download
GUIDE
Incident Response Readiness Checklist

Is your organisation actually ready for a cyber incident? This checklist covers the 40 key indicators of IR readiness - from playbooks and retainers to communications and regulatory obligations.

Download
WHITEPAPER
Zero Trust in Australian Enterprise: A Practical Roadmap

Zero Trust is widely misunderstood and often mis-sold. This paper explains what it actually means, what a practical adoption roadmap looks like, and the common pitfalls Australian organisations encounter.

Download
GUIDE
Board Cyber Risk Reporting: A Template for CISOs

A ready-to-use framework for presenting cyber risk to your board - covering what to include, what to leave out, how to express risk in business terms, and sample report structures.

Download
Webinars & Events

Upcoming & On-Demand

ON DEMAND · APR 2026
Ransomware Readiness: Are You Actually Prepared?

A practical webinar covering the key elements of ransomware preparedness: backups, IR plans, comms, and the decisions that matter most in the first 24 hours.

Request Recording
ON DEMAND · MAR 2026
Privacy Act Reforms: Practical Steps for Compliance

RTCS's privacy advisory walks through the 2026 Privacy Act changes and what Australian organisations need to do to meet their new obligations.

Request Recording
ON DEMAND · FEB 2026
Essential Eight ML3: What It Takes and Where to Start

Breaking down what Maturity Level 3 requires in practice across all eight controls, and the path to achieving it in a real enterprise environment.

Request Recording
Stay Informed

Get the RTCS Threat Briefing

Monthly intelligence for Australian security leaders. Short, specific, and worth your inbox.

Subscribe