PSPF Changes Explained for Security Leaders

The Protective Security Policy Framework is meant to guide how government manages security risk, but constant updates make it harder to implement than to understand. In this episode of Secured, Cole Cornford is joined by Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services and former senior cybersecurity leader across Australian government, to break down what actually changed in the latest PSPF update and why it matters in practice. They examine the growing focus on personnel security and foreign interference risk, the inclusion of AI guidance that adds little beyond basic risk assessment, and the long overdue recognition of Secure Service Edge and SASE as compliant gateways. The conversation also explores why deny lists and centralised risk sharing sound sensible on paper but are far harder to enforce in reality, and why most security failures still come down to behaviour, accountability, and how technology is actually used rather than what policy says. 00:00 – Intro 01:18 – What the PSPF is and why it exists 02:49 – Annual updates, directives, and policy advisories 04:19 – What actually changed in the 2025 PSPF update 05:36 – AI in the PSPF and why it adds little value 08:14 – Tool hype vs implementation risk 10:32 – The AI policy advisory and trusted vendors 14:25 – Directive 3 and clearance disclosure risks 17:21 – Personnel security and enforcement reality 19:41 – Secure Service Edge and SASE recognition 23:39 – Commonwealth Technology Management directive 25:28 – Deny lists, transparency, and security through obscurity 28:05 – Centralised risk sharing and assessment overload 29:52 – Policy wonk or policy gronk 31:12 – Final takeaways and closing 🐙 Secured is grateful to be sponsored and supported by Chainguard. Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Get your free CVE Reduction Assessment at dayone.fm/chainguard and start shipping software with confidence.