November 23, 2025 • 48 mins
A pen test won’t save your business if the cleaner unplugs your backup server. We dig into Purple Resilience with Aris Zinc Group's Lizzie Christiansen and Michelle Carn to show how true operational strength blends cyber defense with people, process, and supply chain readiness. From tailgating and propped warehouse doors to vendor failover and business continuity drills, we share the simple fixes and smarter tests that keep small and medium enterprises running when things go wrong.
We talk through real scenarios that reveal where risk hides: friendly staff who hold doors open, outdated binders no one reads, third‑party providers that pass audits but fail under pressure. You’ll hear how to coordinate red and blue teams through a neutral “green” layer, why independent testing matters, and how to convert findings into clear playbooks your team can actually use. We also unpack ESG as everyday behavior—safety, inclusion, and ethics that reduce exposure and build trust—not a buzzword or a dusty policy.
AI takes center stage too, but with nuance. Lizzie argues AI should be an and, not an or: great for formatting policies, compliance monitoring, and surfacing signals, but never a replacement for professional judgment or local context. We examine pitfalls like automated CV floods and contract drafting without legal review, then outline where AI can genuinely help SMEs gain time without taking on new risk. Along the way, we explore regulatory shifts such as Fair Work and AML obligations, plus lessons from major outages, and why Australian SMEs can compete globally by tightening culture, process, and supplier assurance.
Walk away with a punch list: schedule short scenario drills, verify vendor failovers, enforce badges and no tailgating, modernize contracts, and adopt two tools that save time and shrink exposure. If this conversation helps you spot even one blind spot, share it with a peer who could use a stronger safety net. Follow, rate, and leave a review to help more business owners build resilience that actually works.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_03 (00:17):
Hello and welcome to the Canberra Business Podcast.
I'm Greg Harford from theCanberra Business Chamber, and
today I'm delighted to be joinedby uh Lizzie Christensen, who's
the global partner and chieftechnology officer for Aris Zinc
Group, and Michelle Khan, therisk practitioner, a partner to
Aris Zinc.
So uh, ladies, welcome to thepodcast.
SPEAKER_01 (00:35):
Thank you for having us.
SPEAKER_03 (00:37):
Now, in this episode, uh, we're going to dive
into Purple Resilience, which isa pioneering approach to
operational resilience and cyberpreparedness uh led by Strategic
Executive Solutions, a divisionof Aras Zync Group.
Um perhaps though, Lizzie, justto start, um, for those of our
audience who might not befamiliar with Arasync, um, what
(00:57):
is it that your business doesand um how long have you been
going for?
SPEAKER_01 (01:00):
So uh this year we hit 25 years as Arasync group
with our subsidiary umcomponents.
So we have two main subsidiarybusinesses.
One is Arasync People Solutionsthat does payroll, recruitment,
um, workforce planning, uhconsulting, where we benchmark
(01:22):
people for industry.
And then we have strategicexecutive solutions, and it is
what it is, it helps businessesprovide solutions, answers
questions that they might noteven know the question to ask in
the first place.
Um, and we wrap solutions,particularly we focus on our
government sector, and then wehave a small-medium enterprise
(01:44):
sector.
Um, and that sector is reallyyour your listeners, your people
who who perhaps um are a bitoverwhelmed with what's going on
in industry, and we try to helpthem prepare and protect their
businesses where they can.
SPEAKER_03 (02:00):
Excellent.
And how how big is the business?
How big is your team here inCanberra?
SPEAKER_01 (02:03):
Um, so we're quite nimble.
We only have 10 employees in ourbusiness, but we have about 200
consultants nationally, mainlyin uh government and defence
enterprise.
Um, and then we have a smallNIMBO NIMBLE team here of two,
of which uh Michelle is one ofthem, um, where we, as I say,
(02:25):
support local uh business.
SPEAKER_03 (02:28):
Fantastic.
So um you're you're the CTO forAris Sync Group and the operator
of uh Strategic ExecutiveSolutions.
How did how did it all begin andwhat inspired you to begin
working on operationalresilience issues?
SPEAKER_01 (02:42):
I think it was Michelle that really inspired
me.
We've known each other for20-something years, and my
background is in mergers andacquisitions and emerging
technology, and we kept bumpinginto each other as you do uh
from contract to contract.
And uh we were chatting one day,and we said, you know, the
(03:02):
biggest problem we're finding inindustry is big things happen,
um, and the ripple effect tosmall medium enterprise is huge.
Um, big companies can pivot andbring in big uh cyber companies
that to help them, but smallmedium enterprises sometimes get
lost.
And there's while there's um uhsecurity companies that say they
(03:25):
can help, they're expensivesometimes.
So, what we're trying to do iscreate something that makes you
resilient as a business, whetherthat's train upskilling your
people, preparing for AIintegration, um, looking at
payroll services, when tooutsource, when to not
outsource, is it working foryou?
(03:46):
So it's not just about security,it's being resilient and future
ready so that you can navigatethrough those things that
happen.
I mean, would you say, Michelle?
SPEAKER_02 (03:56):
Absolutely, and I think the value of looking at
resilience is basicallyminimizing your overall
exposure.
You know, people look at theirrisk profile or they look at um
what they're doing from a uhplanning perspective, but they
don't really marry up everythingthat needs to be married in
order to create a fullyresilient organization, and
(04:18):
that's irrespective of the sizeof the organization.
You know, most people can't, youknow, when when I go into a
business and talk to them, mostpeople can't really articulate
what their key exposures are andhow they're minimizing that
exposure by either managingtheir risk or understanding
their operational resilience andbuilding that kind of um
(04:41):
building that kind of I want tosay resilience, and I think
another word for resilience, um,building that uh strength within
their operational area to beable to overcome these events.
SPEAKER_03 (04:52):
And and is that that's looking both at the risk
but also the opportunity side ofthe ledger as well?
SPEAKER_02 (04:57):
Absolutely, and I think you know, businesses um
want to grow, but it's aboutbeing able to prepare for that
growth as well.
How do they how do they get intothe points that they want to get
into while keeping theirexposure at a minimum?
SPEAKER_03 (05:16):
So tell us tell us about purple resilience, which
sounds um sounds very grand butalso very secretive.
What what what is that all aboutand what's what's going on
there?
SPEAKER_01 (05:26):
So there is this thing called purple teaming
that's been around for a littlewhile with uh that came out of
large companies um understandingwhat a pen test was.
Um and it sort of came aboutfrom external companies which we
call red teams, who try andpenetrate the building and try
(05:48):
and penetrate the cybersecuritythat has been set up, while the
blue team sits with the customerand points out the
vulnerabilities in the system.
And the idea is you then gettogether after an ethical hack
and say, okay, these are yourvulnerabilities, this is how you
plug it.
Purple resilience came out froma conversation with Michelle and
(06:12):
I saying that's not enough.
Because you've got to look atthe supply chain.
So what we do is depending onthe business and depending on
the appetite of the board, wemight go to a board and say we
want to do a full-scale attack.
That might be hiring actors toget into parts of the building
(06:33):
that they shouldn't be able toget in, taking pictures of
someone sitting in a chair thatthey shouldn't be sitting in, or
getting holding a picture of adocument that they shouldn't be
able to get hold of.
So for government buildings,obviously, that's that's um
important, but also medical uhpeople and medical businesses,
legal businesses, accountingfirms.
(06:55):
Um, but is it affordable?
So um a lot of what we saw inthe market, people were talking
about red team attacks, which istraditional pen testing, but
they weren't talking about thewhole piece.
Um, is the workforce resilientenough to understand when they
are uh being fished, forinstance?
(07:15):
So there are lots of trainingcourses and whatever, and again,
they're expensive.
And nine times out of ten, whatwe've found is that it's people
who let the company down.
They prop open a door when thecleaner's there, or they're
having a cigarette in the backalley with the security guard,
and someone just walks in behindthem through tailgating.
(07:38):
And it's those kind of practicesthat affect a business.
Um, so purple resilience islooking at all aspects, not just
what's happening in the marketand being operationally ready,
but looking at what's happeningfrom an IT stack point of view,
an HR point of view, a financepoint of view.
And obviously, when you blendthe red and blue team, you get
(08:02):
purple.
And purple resilience to us isis something that we are
advocating becomes a standard.
SPEAKER_03 (08:10):
So I'm interested just to unpack the um your point
about people often being kind ofthe weak spot in a business or
an organization.
Um, I mean, I I think it'sprobably true that most people
are not intending to createsecurity weaknesses by leaving
the door open when they whenthey pop out for a cigarette or
what have you.
But do you think that's becausepeople don't realise the the
(08:32):
potential consequences or theseriousness of of what might
happen?
SPEAKER_01 (08:36):
Yeah, I think I think you're exactly right.
I think what I've certainly seenand what Michelle and I have
shared from working with alldifferent shapes and sizes of
organizations is um they'realways like, oh my goodness, I
didn't realise.
I'm so sorry.
Um we had a situation uhrecently where a cleaner was
(08:58):
unplugging a critical machine toplug her hoover in at night.
What that meant was backupwasn't happening.
Now no one could figure out whybackup was failing.
They'd had all these expensivetechnology companies come in and
said you need to upgrade, youneed to do that.
No, what it was is locking thedoor so the cleaner couldn't use
(09:20):
the plug to plug her hoover in.
And that's the difference.
That's what we're saying, andthat that is just you know um an
assessment of a process, notnecessarily anyone's particular
uh fault or being malicious.
And it's it's being aware thatif someone's behind you um, you
(09:43):
know, and they're not wearing atag, being confident enough to
say, in this building you needto wear a tag.
I'm sorry, I I I'm gonna have toshut the door.
Oh no, it's okay, I work in soand so.
If you it's you're not being abad person by saying, I'm sorry,
I I can't let you in.
Now we penetrate buildings usingthat very tactic, and I have to
(10:06):
say, 100% successful, becauseeverybody wants to be nice.
SPEAKER_00 (10:10):
Right.
SPEAKER_01 (10:11):
Um, and and security isn't necessarily, sadly, about
being nice.
SPEAKER_03 (10:15):
Yeah, and I guess that that flies in the face of
of a generally polite way ofbehaving that that everyone
would would like to to be,right?
SPEAKER_02 (10:24):
Absolutely, yeah, absolutely.
And I think you know, peopledon't really comprehend
unintended consequences untilthose consequences occur and
there is there is a follow-onfrom that.
So, you know, you know, someoneletting someone else in without
the appropriate security checkshas a ripple effect to the rest
of the business.
Um, you know, right down towhere they can get, what they
(10:47):
can see, but also, you know, whothey are and whether they have a
reasonable intent, good intent,or um malicious intent.
There is still an intent behindthat.
SPEAKER_01 (10:58):
That's very true because another example, and
this probably goes to some ofyour your listeners as well, is
that one of the examples we hadin uh Fishwick, there's a number
of warehouse places there, andin the summer it gets quite hot,
and not all these places haveproper air con, so they prop
open the back door.
(11:19):
Um and we had a situation wheremoney went missing, uh, people's
belongings have gone missingbecause the door's propped open.
So it doesn't have to be uh amajor security event for a
company, but what we're sayingis everybody had the rights to
an inclusive safe space, and ofcourse we want to be polite, but
(11:40):
we also want to be resilient, wewant to protect our business
because that protects our jobs.
So um having the rightprocedures and practices and the
right awareness for the scale ofbusiness and the and the
businesses you're supporting,your customers that you're
supporting is important.
And we found that one solutiondoes not fit many.
(12:01):
Every solution we tailorspecific to who their market is,
what the activities they'redoing, and the type of people
they have working for them.
SPEAKER_03 (12:12):
So, um what kind of organizations do you support and
what industries are you workingacross?
SPEAKER_01 (12:19):
Um so so predominantly, as I said, we
have one half of the businessthat's in public sector, that we
work on defence contracts, um,government agencies, large,
medium, small.
But the other side um we'refinding more and more we're
supporting um accounting firms,law firms, manufacturing firms
(12:41):
who who really um need to havethese ticks in the box.
The other aspect to our businessis we have an environmental
social governance part of ourbusiness where certainly in
these days we need to all bedoing better with our
environmental practices.
And that's part of resilience aswell, being prepared for the
(13:02):
future.
So, again, for us, ESG is verymuch part of that.
And introducing ESG intosmall-medium enterprise, people
are confused by it.
They assume it meanssustainability.
It doesn't, it actually meansinclusive behaviours, there's
elements of um diversity andinclusion in there and um other
(13:24):
aspects.
Absolutely.
SPEAKER_02 (13:26):
Um certainly from a doing the right thing
perspective, generallythroughout the organization, in
terms of what that looks likefor the individuals, their
teams, and the organization as awhole.
And you know, from anoperational resilience
perspective and from a purpleresilience perspective, we
certainly look at what thatmeans.
(13:46):
And as Lucy pointed out earlier,and I think it's worth
repeating, this is not abouthaving a thick document that
sits on a shelf.
It's about having people who areready for the things that are
coming at them and the speed ofbusiness in today's, you know,
in today's environment.
Things are changing thick andfast.
We're getting new legislation,we're getting updates, we're
(14:09):
getting new technologies, andwe're getting people who can get
around those new technologiesand legislations.
So small, you know, allbusinesses at any level, small,
medium, or large for thatmatter, need to be prepared for
this.
And as said earlier, uh largecompanies have the deep enough
pockets to pull in largecompanies that can look after
(14:32):
that.
But where the economy sits,though, is in the small medium
enterprise.
You know, that's where jobs aregenerated, that is where um
money is generated for all kindsof purposes uh to be put back
into the economy, and it'sreally important that that be
protected.
So from a purple resilienceperspective, that's what really
(14:56):
we're looking at the theprotection and the ability for
small-medium enterprise to havethat opportunity to grow, to
have that opportunity tocontribute.
SPEAKER_01 (15:07):
But equally, right?
I mean, on an equal footing.
Australian businesses have tocompete with overseas businesses
more.
Absolutely.
Absolutely.
And and having that not justreadiness, but also that pivot
to be able to say, well, I'm anAustralian business, I mean,
we're an Australian-owned andoperated business, and we
(15:29):
compete every day with companiesthat are not.
Um, and what frustrates us isgovernment always says, oh yes,
we support small mediumenterprise.
Not what we're saying at all.
They don't.
Um, so what we want to do iscreate a consortium, a
community, if you like, where wehelp each other.
(15:50):
We're a small medium enterprise,we need help.
That's why we're here.
We need to promote our business.
Um, but equally we want to workwith other companies and promote
them.
So we do that.
SPEAKER_03 (16:01):
So on that resilience journey, I mean you
make an interesting point aboutinternational competition.
I think all Aussie businessesare are facing um global
competitors essentially almostevery day.
Um how do you think we as acountry stack up on that
operational resilience uhjourney compared to um uh
(16:23):
jurisdictions overseas?
SPEAKER_01 (16:25):
I think we do it better, um to be really honest
with you.
Um I think Australian businessesdo a lot of things very, very
well, especially at the smallmedium enterprise, because we've
had to.
We've had to roll up our sleevesand take on international
business.
Um, there's a lot ofinternational business here in
(16:46):
Canberra.
Um I mean, you have the big fourconsulting firms that are now
glorified recruitmentconsultancies, they're just body
shops, they don't add valueanymore, they add big documents.
I mean, uh we had a situationthe other day where a company
was given a document written byAI that made the news, right?
Um so we always say, you know,if you look at ethical
(17:10):
practices, Australia does itbetter.
Now, I bring in AI because AI isobviously going to have an
impact, particularly on smalland medium enterprise.
People will say, Well, I don'tneed that anymore.
I don't need uh an accountant,bookkeeper, lawyer in the
future.
I can get out AI to do it.
(17:32):
I'm in technology, but I willtell you, I'm not an advocate
for AI in its strongest sense.
I think AI for me is always anand, not an or.
So it sits to the side and ithelps us shape our concepts.
We use it uh in our organizationwhere we will write things, we
(17:53):
will put policies together, andthen ask the AI to say, put that
in a nice construct so it's easyfor this customer to understand.
But we're still tweaking it andit's our content and it's our
thoughts realized.
And I think overseas there aredifferent regulations, um,
different barriers, and in someinstances less barriers.
(18:17):
So we do have minimum wage here,for instance.
We do have other constraintsover technology here that other
countries don't have.
So I think what it should be isit's a choice.
I think Australian businessesshould choose Australian
businesses in the same way thatwe make a choice to procure
through First Nationsorganizations.
(18:39):
Wherever possible ourprocurement is through that, but
as part of our reconciliationplan.
Um we choose to be a uh adiverse organization so we
represent all aspects of localcommunity, and that includes um
immigration, you know, peoplecoming here on four, five, seven
(18:59):
visas.
We we have internship programswhere we're working with the
local universities, we have uhveterans and first responders
who have now decided totransition into another journey
and another career.
And when you look at overseascompanies, they don't have that,
(19:20):
they don't have that mateshipthat we have in Australian
businesses.
And what's missing for me is themateship in Canberra needs to be
better, and that's why we'resitting here today because for
us, business chambers representsmateship of local community and
local businesses workingtogether.
SPEAKER_03 (19:39):
Yeah, absolutely, and and that's ultimately the
core of the chamber andeverything that we do, right?
SPEAKER_01 (19:45):
Yeah, and and it should be about we should be
more uh steadfast in as localbusinesses appointing a local
business.
I mean, uh I'll use the theCanberra Light Railway as a
classic where we're all prettyappalled that it went to a
foreign company.
If you look at what they did inMelbourne, um, they made sure
(20:07):
that all that money and thetechnology and and was derived
here in Australia.
We could do this.
We're Australians, we're reallyclever people.
We've invented a lot of things,um, but we're very easy uh
leaning into uh overseas or whatthe American uh businesses, and
(20:29):
we really as Australians rightnow need to be more resilient.
Uh if I can use that term again.
SPEAKER_02 (20:36):
I think you totally can, and I think the the reason
for that is because not only dowe need to be actually
resilient, but from a purpleresilience perspective, I think
that ties back into the strengthof supply chain and making sure
that um all of those, thehandoffs between businesses are
(20:57):
appropriately supported andappropriately rigorous so that
we don't um have a higher riskprofile than is necessary when
dealing with with otherbusinesses.
We can keep um manuf, you know,we can keep whatever we need to
produce locally or withcomponent parts much more um
(21:18):
closely closely managed than wedo if we are looking at uh
potentially remotely produced.
SPEAKER_03 (21:26):
And I think that was the lesson through COVID, right?
Absolutely if you've gotdispersed supply chains, global
supply chains, that can causecan cause challenges.
Absolutely.
SPEAKER_02 (21:35):
And I think that's that was a salient lesson for
resilience for a number oforganizations.
SPEAKER_03 (21:42):
Absolutely.
Um just to kind of bring this tolife for our listeners, can you
share a scenario whereresilience planning has made the
difference between disruptionand continuity?
SPEAKER_01 (21:52):
Yeah, so disruption can come in many forms, okay?
So it can come from uh aregulation change, um, and I'll
use fair work, good old fairwork, um has helped and hindered
small business um horribly insome instances.
(22:12):
Um, it's very much for theemployee.
Now they may come onto yourpodcast now, and I'd love a
debate, by the way, just puttingit out there uh with fair work.
Um but uh if you look at some ofthe legislation they've had, it
really is against small mediumenterprise in a lot of
instances.
We've had experiences workingwith companies where they've
(22:35):
said, hang on, we've done theright thing, we've employed
these people, market conditionshave hurt us, an overseas player
has come in, we've we're gonnahave to downsize, we're gonna
have to lose five people.
So they go through their rightprocesses, uh, they make sure
that they do all the rightthings, being resilient against
fair work regulation, makingsure that they've um give these
(22:58):
people that they're going to letgo the right opportunities, um,
go through all the checklists,do all those things, and do all
the right things.
And then they're forced downthis path of going to fair work
anyway, because those fivepeople go to fair work and say,
I want more money.
And we've been told time andtime again that oh, just offer
(23:19):
them more money and they'll goaway.
But as a small business, thathurts.
It you know, um a payout offive, ten, fifteen thousand
dollars might hurt.
So uh the legislation doesn'twork, it's broken.
So what we look at doing isworking with organizations at
their workforce planning, attheir resilience planning.
(23:41):
Um, do all the employees need tobe on certain types of
contracts?
Can they be on casual-basedcontracts?
Still giving them all thebenefits that you should give as
an employer where possible, butlooking in detail at the
contracts, how resilient arethey?
Um, a lot of contracts now arewritten on AI tools or uh by um
(24:06):
legal firms, large legal firms,and then people have copied and
pasted and you know, smallbusinesses, we do what we can,
we end up with our standardcontracts.
And how many people arelistening now who haven't looked
at their employment contract forsome time?
Um, and has it been adjusted tomeet current conditions, current
(24:26):
regulations?
Um, I suspect not.
And it's been weaponized againstsmall business.
So we've had multiple clients inthat situation where we have
gone in and amended contractsand made sure that again people
are supply chain.
I know that sounds mercenary,but people are your biggest
(24:50):
asset in your organization, aswell as the technology that's
there and the tools that thatthey're doing.
Absolutely.
SPEAKER_03 (24:56):
And to be clear, right, most employers are
wanting to do the best for theirpeople and they want to reward
them and help them grow andlearn and keep them in the
business.
SPEAKER_01 (25:05):
But it should be symbiotic, it should be uh a yin
and a yang.
It shouldn't be just one way.
SPEAKER_03 (25:11):
Like that, the yin and yang of employment
relationships.
SPEAKER_01 (25:14):
It's so true then.
SPEAKER_03 (25:15):
Absolutely.
Michelle, let's let's come toyou and talk a little bit more
about the purple resilienceconcept.
Um, how does it combine, as Iunderstand it, it combines cyber
defense, crisis management, andoperational readiness.
What does that mean in practice?
How do you bring those together?
SPEAKER_02 (25:31):
I think in practice we're really talking about
forming a protective structurearound an organization that
brings together all of thesiloed elements.
You know, people often, youknow, we talked about pen
testing earlier, people oftentreat that as a specific thing
that they need to do to makesure their technology can't be
(25:52):
hacked.
But they don't think about howthat marries to their processes
or how that might look from abusiness continuity perspective.
So if they are attacked and theyare suddenly without a system,
how do they then manage aroundthat system?
What processes do they bringinto play?
(26:13):
And how confident are they thatthat will work?
Because again, you know, peoplewill dust off a manual that they
wrote 17 years ago and say, oh,we've got you know our business
continuity planning.
But things have changed sincethey wrote it.
It's not, you know, they haven'ttreated it as a um something
(26:36):
they need to continuously engagewith throughout their, you know,
throughout the life of thebusiness.
SPEAKER_03 (26:41):
Yeah, so have you got it have you got a tip on
that for small business owners,though?
Because there's plenty of peoplewho do, as you say, think about
business continuity and thenplan goes on the shelf.
How do people keep that at frontof mind?
What what what's the thing theyneed to do?
SPEAKER_02 (26:54):
I think from a small business perspective, they need
to allow time.
And I know that is in smallbusiness, that is one of the
hardest things.
The commodity of time is one ofthe hardest things to manage and
uh assign to things that areperceived as less important.
And that's the thing about umabout resilience until you go
(27:19):
through it, you don't understandhow valuable it is to have
something that that strengthensit for you.
And I think, you know, so thethe tip would be allow enough
time to manage the things thatlimit your exposure, that allow
you to focus on protecting yourbusiness.
(27:43):
Because, you know, most smallbusiness and medium or all
business owners really arefocused on let's increase our
sales, let's increase the valueof our business.
But how do you protect the valueof that business?
SPEAKER_01 (27:56):
So having regular tests as well.
Absolutely.
We we we offer ethical hack,what we call hack attacks.
So depending on the type ofbusiness you are, um, we will
agree to attack your business.
Um, whatever that may look like,it might be a physical and a
cyber attack at the same time,um, to test the plan.
(28:18):
And the reason why that'simportant is a lot of small
businesses outsource theirtechnology stack.
Um, they might have a payrollcompany, they might have an IT
company doing all their uhtechnical support, uh, they
might even have a recruitmentcompany doing all their
recruitment.
So, as a business owner, um youask for those people when you
(28:42):
sign the contract, have you gotthe right certifications?
How often do you test yourbusiness?
But where's the proof?
So we've again found in certainsituations people will sign a
five-year contract and then wefind out, well, when was the
last time your IT company did aresilience test with you to make
sure that they are doing rightby you?
And did they do the test or wasan external people?
(29:05):
So I'll give you an example ofthat.
When we do a red-blue teamattack, we don't use our
company.
We're what we call the greenteam.
So we're in the middle andmaking sure that all the things
are tested.
We purposely use two differentlocal companies.
We use a blue company that weappoint for the for the right
(29:25):
reasons, you know, the rightcategories, and then we have a
red team.
Um, we tend to use companieslike Mercury ISS, which is a
small growing uh securitybusiness.
Uh, Ed and his team arefantastic, and we tend to use
them as the red team.
And the reason why we don't useourselves and the reason why we
don't engage the IT companythat's on site is because this
(29:49):
is about doing it and asking theright questions and not um not
shaping the answers to satisfy atick.
Yes, we've done an annual test.
SPEAKER_03 (30:04):
What do you think are the most or the biggest
misconceptions that companieshave about being resilient?
SPEAKER_01 (30:12):
I think resilience always gets tagged with
security.
Um every time we talk tobusiness echo, oh yes, we we do
a pen test once a year.
Um, oh yes, we have this companythat come in and do it all.
Oh, our IT provider does that.
Um for me, resilience can't beoutsourced.
(30:36):
We supply the tools and sort ofthe hand holding, if you like,
but our advocation for this isto sit with a business and do it
with them, not for them, becausethey have to be resilient.
It's their business.
Absolutely.
And they have to own it.
SPEAKER_02 (30:53):
Absolutely.
And I think one of the one ofthe biggest myths about
resilience is that you'reresilient.
I think, you know, companies ofany, again, of any size tell
themselves that they'reresilient and are surprised to
find out they're not whensomething happens.
And I think you know, one of thebetter casing points is the um
AWS incident a few weeks ago.
You know, Amazon's, you know,AWS had a worldwide outage, and
(31:19):
it really, you know, made peoplerealize how much of the internet
goes through AWS.
You know, so you know, companieslarge and small could not access
the systems, could not makepayments, could not conduct
themselves to go about theirdaily business because they had
(31:40):
no um available systems.
Yeah.
SPEAKER_01 (31:42):
Actually, that's a good point because we talk about
OPTIS earlier and the emergencyservices.
Now I can tell you, um, havingworked for Office, uh, Optus in
a very past life, um, they arevery good at what they do.
Um but why weren't wasn't thefailover in place?
Why why did resilience not kickin?
(32:05):
Why did the business continuityplan not kick in?
Now we've seen all the Senateinquiries and all those sorts of
things that are potentiallygoing to go on.
Um, we've seen what they'vesaid.
But as small businesses, itmakes you question well, hang on
a minute.
I use Optus.
Am I resilient?
Could they do this to mybusiness?
Um so I think that misconceptionthat it's just about security is
(32:31):
the biggest blunder.
It's it's testing every aspectof your business to say, if
something happened tomorrow, canI pivot and continue to operate?
That's it.
It's that simple.
SPEAKER_03 (32:44):
So, what role do you think, Michelle, that people and
culture play compared withtechnology in this?
What's more important?
Are they equally important or oris it actually really all about
the people?
SPEAKER_02 (32:57):
I think the as someone who is more people
focused, generally speaking, umgiven my background in in
resilience management, I'm gonnasay the people are probably more
important, and Lizzie will maydisagree with me, is that I
think ink qual.
SPEAKER_01 (33:13):
It's a yin and a yang, I keep saying.
SPEAKER_02 (33:16):
I I would have actually thinking about it, I
would have to agree with you.
And the reason for that is theexposure is the same, same but
different in terms of um yourexposure from the point of view
of technology and from the pointof view of people.
So people will take the path ofleast resistance.
(33:39):
People will, you know, as wesaid earlier, prop open the door
because it's easier for them toget in and out.
Um or they will go, oh, I'lljust click this thing because
it's simpler for me to do that.
Or, you know, I'll take thosepapers home with me because I
can read them in transit andthen leave them, you know, on
(34:02):
the bus on the bus, train, orplane.
So, you know, people and from abehavioral point of view, people
need to be very aware of theirbehaviors and what they're
indicating, not just forthemselves, but again for their
company.
How are they representing theircompany?
Um, you know, some of thelargest reputational damage to
companies has been done bypeople doing things that are not
(34:24):
100% um ethical, for example.
I mean, you just need to look atthe reputation of certain
industries around banks or realestate agents or um uh
salespeople.
It's not that there are notpeople who are ethical and are
uh, for the majority, doing theright thing.
(34:44):
It is literally the ones thatare making unethical decisions
and that are compromising thevalue and the culture and of
that, those industries and thecompanies they work for.
It is really easy for a companyto lose reputation based on what
its employees do.
(35:05):
You know, all you need to do islook at um, you know, any kind
of reviews that small businesseshave.
You know, if you have uhdisgruntled employees or worse,
disgruntled customers, you know,if you have a happy customer,
they're not going to tellterribly many people.
If you have an unhappy customer,they will tell everyone.
It's so true.
No question on that.
SPEAKER_03 (35:26):
Yeah.
So Lizzie, let's jump back toyou and let's talk perhaps a
little bit about the future ofresilience in business.
Um what we've we've talked alittle bit about AI um
automation, but but what's whatare emerging emerging
technologies uh meaning for thefuture of resilience planning,
do you think?
SPEAKER_01 (35:44):
Look, I think it's a scary time, but it's also an
important time.
So AI is is threatening, uh,small medium enterprise.
There's there's no getting awayfrom that.
Um and what we're advocating isnow is the time to put um things
in place that protect yourbusiness.
And like I said, it's an and notan all.
(36:06):
We're seeing an awful lot ofapps uh launch every day and
being developed overseas andpushed upon us for things like
payroll services, recruitmentservices.
And those things still need tobe personalized.
Um, we uh we have a recruitmentbusiness within our construct
where we work with localbusinesses.
(36:27):
We don't use AI for that.
We won't use AI for that.
It makes mistakes.
Um I had a client recently whosaid, Can you help me?
I get 200 CVs a day.
Or why?
Because they've signed up tobigger recruitment companies
that have fully adopted AI andit looks at all the things on a
(36:48):
on a CV and just sends the CV.
There's no contextualizing thatperson.
And I'll give you a classicexample.
I got offered a service deskposition the other day because I
did work in a service desk many,many years ago.
Congratulations.
So I thought, hmm, do I want touh go back 15 years in my career
(37:08):
and go and do that?
So um sometimes emergingtechnology can be fantastic.
And look, in in certain aspects,especially when you look at
renewables and the ESG aspectthat we're looking at, it's
quite exciting.
And we we do use that in ourenvironmental business that we
offer businesses as well.
(37:30):
But for recruitment, it doesn'twork, it really doesn't, in my
opinion.
So I think it's looking atemerging technologies as a way
of understanding them.
Do they work for you?
And so we do work with smallbusinesses and and um we do get
contacted where they say, Look,can you look at what we do?
And is AI for us?
(37:51):
Can we use it in some way?
How do we meet our competition?
Um, and we will do reviews, andI and I think more and more I'm
seeing emerging technologiesthat are coming out, like
digital currency.
Um they're talking about you canuse digital currency now to pay
your mortgage, buy a house, youknow, buy a car, etc.
(38:15):
As that comes on, how does thatimpact small-medium accounting
firms?
Well, they have to pivot and nowunderstand digital currencies,
etc.
Do they do that using tools?
So, where does it have a home?
So AI has a good home in termsof compliance.
So, all these companies that I'mtalking about, your law firms
(38:36):
and your accounting firms, theyneed to have an automated
monitoring tool in the back endbecause there's an awful lot of
governance now to manage.
So that can be very helpful, andwe do help companies with that.
We have a local business that wepromote and work with, um, which
has a piece of technology that'sfantastic.
(38:57):
We have our own proprietarysoftware that does that as well,
verify Global, that looks at umlooking at uh new technology and
people using technology andverifying their qualifications
and its usability.
So I think AI has a place.
I think it's just not, oh, I useChatGPT for this.
(39:20):
Um, and and trust me, ChatGPTmakes lots of mistakes.
So it's built on the internet,so it's it's going to be biased.
So I would always say to people,if you are going to use Chat
GPT, for instance, writing yourdocument, your legal document,
um, still go to a lawyer, stillget it checked out, still go to
(39:40):
your local accountant, get itchecked out, still go to your
local recruitment person forsupport or payroll company.
And again, supporting localbusinesses.
I don't think emergingtechnology is always the answer.
Speaking as a CTO.
SPEAKER_03 (39:57):
So, Michelle, uh, from your point of view, um, you
know, obviously resilience isincreasingly important.
We're in an increasinglyuncertain world.
There's technology changes allthe time, there's there's big
sort of geopolitical issues atthe moment as well.
How how do you see the role ofCTOs, CIOs, and risk
practitioners evolving over thenext five years?
SPEAKER_02 (40:17):
I think it's going to become more of a partnership,
and I think the things that havebeen looked at in separate silos
are going to have to worktogether and become more of a
strategic approach.
And that sounds, you know, quiteheavy, a heavy burden for small
and medium enterprise.
But the reality is that anybusiness plans, any plans for
(40:40):
growth need to consider thevalue of emerging technologies,
but also the risks and theexposures that they um they
present as well.
So I think it's going to becomemore of a partnership than
anything else because the um thethe require, you know,
legislative requirements willchange to put more emphasis on
(41:05):
things that boards and managingdirectors and you know business
operators will need to do overtime.
And that needs to be allowed forum, you know, over the next say
five years, because you know,legislation changes on a regular
basis.
We know it's coming, but it'salways a surprise when it gets
(41:26):
here for people because theyhaven't had again, I allude back
to time, they haven't had timeto focus on that.
So, for example, next year AMLlegislate AML CF2 legislation is
coming into play.
And you would think, well, thathas nothing to do with me.
But um in terms of how we managethat, it does play back to what
(41:49):
the banks are requesting ofbusiness now in terms of how
they identify, how they theypractice their business, all of
the associated reporting behindthat.
So, you know, legislative changehas significant impact on
businesses of all sizes, um,particularly on the smaller
business, because again, it'sabout how they allocate the
(42:09):
appropriate level of time andresource for that.
SPEAKER_03 (42:12):
That's right.
And and Lizzie, from a um fromthe point of view of a small
business, I mean perhaps we'vethere's lots of people who will
be listening to this who mightbe sole traders or perhaps, you
know, uh husband and wife teamor something like that.
Um, you know, they don't have aCTIO, CTO and a CIO and a and a
risk team that they are all ofthose things.
Um what advice would you havefor them about how you sort of
(42:36):
should start preparing for forbeing more resilient?
SPEAKER_01 (42:39):
Yeah, I think I think that's what we're finding
is is we're not just anintegrator of systems and tools.
We've become sort of an advisorto small business where we sit
down, we understand theirbusiness.
And uh we had a situationrecently where it was a plumbing
business and it's a husband andwife team.
And uh the wife sits there anddoes end-to-end.
(43:02):
She is the CIO, CTO, COO, uhbutler, uh housekeeper, you name
it, she's it.
Um, and her husband goes out uhto see clients and and and does
the work and comes home, and atthe end of the week she has to
beg him to empty his pockets touh empty out his all his
receipts, which he's terriblefor keeping.
(43:24):
And I said to her, What are thethings that bug you?
What are the things uh that youneed?
And she said, I don't know whatI don't know.
That's my biggest problem.
So if I don't if I don't getsomething like a receipt, I I
don't know that it's been spent,so I don't know if I'm
reconciling the books.
Um, if legislation comes out, Ifind it confusing.
(43:46):
I don't know what I don't know.
So what we've tried to do isoffer a sort of space where we
do some initial free consultingto understand the business and
say, okay, here's some advice,but you know what, you don't
need us.
Here's the things that I woulddo if I was sitting in your
situation.
So, first of all, put an app onyour husband's phone to scan uh
(44:08):
receipts at the point that he'sbuying something, you know, so
that it goes to you immediatelyand you don't have to empty out
his pockets, you know.
As simple as that, um it couldbe.
Um, but one of the other thingsthat I do think is the big thing
is is CIOs anyway are dying, um,and they're being replaced by
(44:31):
ESGOs, environmental socialgovernance, which is saying it's
looking at the whole piece.
And if you're a mum and dadbusiness, you're already an ESGO
because you're already thinkingend-to-end.
Um, bigger companies don't, theythink in silo, which what what
Michelle was talking aboutearlier.
Um so for small businesses,particularly, um, we sit down
(44:56):
and work with them and say, howcan we make things a bit easier
for the circumstances you arein?
They can't sit down there andpay$25,000 to a consulting firm
to come in and tell them how tobetter their business.
They already know what they'redoing, they probably do it ten
times better than anybody else.
Uh you know, uh these mum anddad uh businesses are the
(45:19):
ultimate project managers.
I mean, certainly the the menand women we've met are
fantastic.
Um, so it's about sitting thereand offering them uh the right
tools at the right price, maybenegotiating on their behalf and
making sure that tool adoptionis there.
Um so a lot of uh what we do isnot about um big contracts and
(45:43):
winning big business.
Sometimes our fees are as low as80 bucks.
It's sitting there and saying,Oh, look, you know, sitting down
for an hour with a cup of tea,going, okay, um, I would look at
these things.
I wouldn't worry about theseother things.
But everybody's business, as asMichelle has said, is about
(46:04):
being resilient and resilient tolegislation change, resilient to
banking conditions.
I mean, the RBA have not come inwith any relief again.
Um, so inflation is what it is.
I don't believe it's managedparticularly well in Australia,
but we can't do anything aboutit.
So, how do we how do we meet themarket to minimize the exposure
(46:27):
for small business?
And that's something thatMichelle's team offer.
SPEAKER_03 (46:31):
Yeah, excellent.
Well, uh, ladies, thank you somuch for being here on the
podcast today.
If people do want to know moreabout your business, how do they
get in touch with you?
SPEAKER_01 (46:39):
Yeah, so uh we have a website uh which has all of
our businesses on it, which isum arisinkgroup.com, um, and
they can go there, dot com.au, Ishould say, because that's our
Australian business.
Um, and uh they can go on thereand search all our different
services, but also pick up thephone and talk to us.
(47:01):
There's a 1300 number on ourwebsite, they can contact us
that way.
Uh we you can contact us throughuh business chambers.
We're a proud member of BusinessTrain Rooms and thank you for
the opportunity of being heretoday.
It's been wonderful.
I'm hoping to be back with otherservices in the future.
SPEAKER_03 (47:20):
Excellent.
Well, we look forward to seeingboth of you at one of our future
events.
Um, but in the meantime, thankyou, thank you again for being
here.
I'm Greg Harford from theCanberra Business Chamber.
This has been the CanberraBusiness Podcast, and I've been
talking to Lizzie Christensen,the Global Partner and Chief
Technology Officer for RS ZincGroup, and Michelle Kahn, the
risk practitioner, a partner toARS Zinc, uh, working on um uh
(47:41):
purple resilience issues forbusiness across the board.
Thank you so much.
Um, this is Canberra BusinessPodcast.
Don't forget to follow us onyour favourite podcast platform
for future episodes, and we'llcatch you next time.
Hello and welcome to the Canberra Business Podcast.
I'm Greg Harford from theCanberra Business Chamber, and
today I'm delighted to be joinedby uh Lizzie Christensen, who's
the global partner and chieftechnology officer for Aris Zinc
Group, and Michelle Khan, therisk practitioner, a partner to
Aris Zinc.
So uh, ladies, welcome to thepodcast.
SPEAKER_01 (00:35):
Thank you for having us.
SPEAKER_03 (00:37):
Now, in this episode, uh, we're going to dive
into Purple Resilience, which isa pioneering approach to
operational resilience and cyberpreparedness uh led by Strategic
Executive Solutions, a divisionof Aras Zync Group.
Um perhaps though, Lizzie, justto start, um, for those of our
audience who might not befamiliar with Arasync, um, what
(00:57):
is it that your business doesand um how long have you been
going for?
SPEAKER_01 (01:00):
So uh this year we hit 25 years as Arasync group
with our subsidiary umcomponents.
So we have two main subsidiarybusinesses.
One is Arasync People Solutionsthat does payroll, recruitment,
um, workforce planning, uhconsulting, where we benchmark
(01:22):
people for industry.
And then we have strategicexecutive solutions, and it is
what it is, it helps businessesprovide solutions, answers
questions that they might noteven know the question to ask in
the first place.
Um, and we wrap solutions,particularly we focus on our
government sector, and then wehave a small-medium enterprise
(01:44):
sector.
Um, and that sector is reallyyour your listeners, your people
who who perhaps um are a bitoverwhelmed with what's going on
in industry, and we try to helpthem prepare and protect their
businesses where they can.
SPEAKER_03 (02:00):
Excellent.
And how how big is the business?
How big is your team here inCanberra?
SPEAKER_01 (02:03):
Um, so we're quite nimble.
We only have 10 employees in ourbusiness, but we have about 200
consultants nationally, mainlyin uh government and defence
enterprise.
Um, and then we have a smallNIMBO NIMBLE team here of two,
of which uh Michelle is one ofthem, um, where we, as I say,
(02:25):
support local uh business.
SPEAKER_03 (02:28):
Fantastic.
So um you're you're the CTO forAris Sync Group and the operator
of uh Strategic ExecutiveSolutions.
How did how did it all begin andwhat inspired you to begin
working on operationalresilience issues?
SPEAKER_01 (02:42):
I think it was Michelle that really inspired
me.
We've known each other for20-something years, and my
background is in mergers andacquisitions and emerging
technology, and we kept bumpinginto each other as you do uh
from contract to contract.
And uh we were chatting one day,and we said, you know, the
(03:02):
biggest problem we're finding inindustry is big things happen,
um, and the ripple effect tosmall medium enterprise is huge.
Um, big companies can pivot andbring in big uh cyber companies
that to help them, but smallmedium enterprises sometimes get
lost.
And there's while there's um uhsecurity companies that say they
(03:25):
can help, they're expensivesometimes.
So, what we're trying to do iscreate something that makes you
resilient as a business, whetherthat's train upskilling your
people, preparing for AIintegration, um, looking at
payroll services, when tooutsource, when to not
outsource, is it working foryou?
(03:46):
So it's not just about security,it's being resilient and future
ready so that you can navigatethrough those things that
happen.
I mean, would you say, Michelle?
SPEAKER_02 (03:56):
Absolutely, and I think the value of looking at
resilience is basicallyminimizing your overall
exposure.
You know, people look at theirrisk profile or they look at um
what they're doing from a uhplanning perspective, but they
don't really marry up everythingthat needs to be married in
order to create a fullyresilient organization, and
(04:18):
that's irrespective of the sizeof the organization.
You know, most people can't, youknow, when when I go into a
business and talk to them, mostpeople can't really articulate
what their key exposures are andhow they're minimizing that
exposure by either managingtheir risk or understanding
their operational resilience andbuilding that kind of um
(04:41):
building that kind of I want tosay resilience, and I think
another word for resilience, um,building that uh strength within
their operational area to beable to overcome these events.
SPEAKER_03 (04:52):
And and is that that's looking both at the risk
but also the opportunity side ofthe ledger as well?
SPEAKER_02 (04:57):
Absolutely, and I think you know, businesses um
want to grow, but it's aboutbeing able to prepare for that
growth as well.
How do they how do they get intothe points that they want to get
into while keeping theirexposure at a minimum?
SPEAKER_03 (05:16):
So tell us tell us about purple resilience, which
sounds um sounds very grand butalso very secretive.
What what what is that all aboutand what's what's going on
there?
SPEAKER_01 (05:26):
So there is this thing called purple teaming
that's been around for a littlewhile with uh that came out of
large companies um understandingwhat a pen test was.
Um and it sort of came aboutfrom external companies which we
call red teams, who try andpenetrate the building and try
(05:48):
and penetrate the cybersecuritythat has been set up, while the
blue team sits with the customerand points out the
vulnerabilities in the system.
And the idea is you then gettogether after an ethical hack
and say, okay, these are yourvulnerabilities, this is how you
plug it.
Purple resilience came out froma conversation with Michelle and
(06:12):
I saying that's not enough.
Because you've got to look atthe supply chain.
So what we do is depending onthe business and depending on
the appetite of the board, wemight go to a board and say we
want to do a full-scale attack.
That might be hiring actors toget into parts of the building
(06:33):
that they shouldn't be able toget in, taking pictures of
someone sitting in a chair thatthey shouldn't be sitting in, or
getting holding a picture of adocument that they shouldn't be
able to get hold of.
So for government buildings,obviously, that's that's um
important, but also medical uhpeople and medical businesses,
legal businesses, accountingfirms.
(06:55):
Um, but is it affordable?
So um a lot of what we saw inthe market, people were talking
about red team attacks, which istraditional pen testing, but
they weren't talking about thewhole piece.
Um, is the workforce resilientenough to understand when they
are uh being fished, forinstance?
(07:15):
So there are lots of trainingcourses and whatever, and again,
they're expensive.
And nine times out of ten, whatwe've found is that it's people
who let the company down.
They prop open a door when thecleaner's there, or they're
having a cigarette in the backalley with the security guard,
and someone just walks in behindthem through tailgating.
(07:38):
And it's those kind of practicesthat affect a business.
Um, so purple resilience islooking at all aspects, not just
what's happening in the marketand being operationally ready,
but looking at what's happeningfrom an IT stack point of view,
an HR point of view, a financepoint of view.
And obviously, when you blendthe red and blue team, you get
(08:02):
purple.
And purple resilience to us isis something that we are
advocating becomes a standard.
SPEAKER_03 (08:10):
So I'm interested just to unpack the um your point
about people often being kind ofthe weak spot in a business or
an organization.
Um, I mean, I I think it'sprobably true that most people
are not intending to createsecurity weaknesses by leaving
the door open when they whenthey pop out for a cigarette or
what have you.
But do you think that's becausepeople don't realise the the
(08:32):
potential consequences or theseriousness of of what might
happen?
SPEAKER_01 (08:36):
Yeah, I think I think you're exactly right.
I think what I've certainly seenand what Michelle and I have
shared from working with alldifferent shapes and sizes of
organizations is um they'realways like, oh my goodness, I
didn't realise.
I'm so sorry.
Um we had a situation uhrecently where a cleaner was
(08:58):
unplugging a critical machine toplug her hoover in at night.
What that meant was backupwasn't happening.
Now no one could figure out whybackup was failing.
They'd had all these expensivetechnology companies come in and
said you need to upgrade, youneed to do that.
No, what it was is locking thedoor so the cleaner couldn't use
(09:20):
the plug to plug her hoover in.
And that's the difference.
That's what we're saying, andthat that is just you know um an
assessment of a process, notnecessarily anyone's particular
uh fault or being malicious.
And it's it's being aware thatif someone's behind you um, you
(09:43):
know, and they're not wearing atag, being confident enough to
say, in this building you needto wear a tag.
I'm sorry, I I I'm gonna have toshut the door.
Oh no, it's okay, I work in soand so.
If you it's you're not being abad person by saying, I'm sorry,
I I can't let you in.
Now we penetrate buildings usingthat very tactic, and I have to
(10:06):
say, 100% successful, becauseeverybody wants to be nice.
SPEAKER_00 (10:10):
Right.
SPEAKER_01 (10:11):
Um, and and security isn't necessarily, sadly, about
being nice.
SPEAKER_03 (10:15):
Yeah, and I guess that that flies in the face of
of a generally polite way ofbehaving that that everyone
would would like to to be,right?
SPEAKER_02 (10:24):
Absolutely, yeah, absolutely.
And I think you know, peopledon't really comprehend
unintended consequences untilthose consequences occur and
there is there is a follow-onfrom that.
So, you know, you know, someoneletting someone else in without
the appropriate security checkshas a ripple effect to the rest
of the business.
Um, you know, right down towhere they can get, what they
(10:47):
can see, but also, you know, whothey are and whether they have a
reasonable intent, good intent,or um malicious intent.
There is still an intent behindthat.
SPEAKER_01 (10:58):
That's very true because another example, and
this probably goes to some ofyour your listeners as well, is
that one of the examples we hadin uh Fishwick, there's a number
of warehouse places there, andin the summer it gets quite hot,
and not all these places haveproper air con, so they prop
open the back door.
(11:19):
Um and we had a situation wheremoney went missing, uh, people's
belongings have gone missingbecause the door's propped open.
So it doesn't have to be uh amajor security event for a
company, but what we're sayingis everybody had the rights to
an inclusive safe space, and ofcourse we want to be polite, but
(11:40):
we also want to be resilient, wewant to protect our business
because that protects our jobs.
So um having the rightprocedures and practices and the
right awareness for the scale ofbusiness and the and the
businesses you're supporting,your customers that you're
supporting is important.
And we found that one solutiondoes not fit many.
(12:01):
Every solution we tailorspecific to who their market is,
what the activities they'redoing, and the type of people
they have working for them.
SPEAKER_03 (12:12):
So, um what kind of organizations do you support and
what industries are you workingacross?
SPEAKER_01 (12:19):
Um so so predominantly, as I said, we
have one half of the businessthat's in public sector, that we
work on defence contracts, um,government agencies, large,
medium, small.
But the other side um we'refinding more and more we're
supporting um accounting firms,law firms, manufacturing firms
(12:41):
who who really um need to havethese ticks in the box.
The other aspect to our businessis we have an environmental
social governance part of ourbusiness where certainly in
these days we need to all bedoing better with our
environmental practices.
And that's part of resilience aswell, being prepared for the
(13:02):
future.
So, again, for us, ESG is verymuch part of that.
And introducing ESG intosmall-medium enterprise, people
are confused by it.
They assume it meanssustainability.
It doesn't, it actually meansinclusive behaviours, there's
elements of um diversity andinclusion in there and um other
(13:24):
aspects.
Absolutely.
SPEAKER_02 (13:26):
Um certainly from a doing the right thing
perspective, generallythroughout the organization, in
terms of what that looks likefor the individuals, their
teams, and the organization as awhole.
And you know, from anoperational resilience
perspective and from a purpleresilience perspective, we
certainly look at what thatmeans.
(13:46):
And as Lucy pointed out earlier,and I think it's worth
repeating, this is not abouthaving a thick document that
sits on a shelf.
It's about having people who areready for the things that are
coming at them and the speed ofbusiness in today's, you know,
in today's environment.
Things are changing thick andfast.
We're getting new legislation,we're getting updates, we're
(14:09):
getting new technologies, andwe're getting people who can get
around those new technologiesand legislations.
So small, you know, allbusinesses at any level, small,
medium, or large for thatmatter, need to be prepared for
this.
And as said earlier, uh largecompanies have the deep enough
pockets to pull in largecompanies that can look after
(14:32):
that.
But where the economy sits,though, is in the small medium
enterprise.
You know, that's where jobs aregenerated, that is where um
money is generated for all kindsof purposes uh to be put back
into the economy, and it'sreally important that that be
protected.
So from a purple resilienceperspective, that's what really
(14:56):
we're looking at the theprotection and the ability for
small-medium enterprise to havethat opportunity to grow, to
have that opportunity tocontribute.
SPEAKER_01 (15:07):
But equally, right?
I mean, on an equal footing.
Australian businesses have tocompete with overseas businesses
more.
Absolutely.
Absolutely.
And and having that not justreadiness, but also that pivot
to be able to say, well, I'm anAustralian business, I mean,
we're an Australian-owned andoperated business, and we
(15:29):
compete every day with companiesthat are not.
Um, and what frustrates us isgovernment always says, oh yes,
we support small mediumenterprise.
Not what we're saying at all.
They don't.
Um, so what we want to do iscreate a consortium, a
community, if you like, where wehelp each other.
(15:50):
We're a small medium enterprise,we need help.
That's why we're here.
We need to promote our business.
Um, but equally we want to workwith other companies and promote
them.
So we do that.
SPEAKER_03 (16:01):
So on that resilience journey, I mean you
make an interesting point aboutinternational competition.
I think all Aussie businessesare are facing um global
competitors essentially almostevery day.
Um how do you think we as acountry stack up on that
operational resilience uhjourney compared to um uh
(16:23):
jurisdictions overseas?
SPEAKER_01 (16:25):
I think we do it better, um to be really honest
with you.
Um I think Australian businessesdo a lot of things very, very
well, especially at the smallmedium enterprise, because we've
had to.
We've had to roll up our sleevesand take on international
business.
Um, there's a lot ofinternational business here in
(16:46):
Canberra.
Um I mean, you have the big fourconsulting firms that are now
glorified recruitmentconsultancies, they're just body
shops, they don't add valueanymore, they add big documents.
I mean, uh we had a situationthe other day where a company
was given a document written byAI that made the news, right?
Um so we always say, you know,if you look at ethical
(17:10):
practices, Australia does itbetter.
Now, I bring in AI because AI isobviously going to have an
impact, particularly on smalland medium enterprise.
People will say, Well, I don'tneed that anymore.
I don't need uh an accountant,bookkeeper, lawyer in the
future.
I can get out AI to do it.
(17:32):
I'm in technology, but I willtell you, I'm not an advocate
for AI in its strongest sense.
I think AI for me is always anand, not an or.
So it sits to the side and ithelps us shape our concepts.
We use it uh in our organizationwhere we will write things, we
(17:53):
will put policies together, andthen ask the AI to say, put that
in a nice construct so it's easyfor this customer to understand.
But we're still tweaking it andit's our content and it's our
thoughts realized.
And I think overseas there aredifferent regulations, um,
different barriers, and in someinstances less barriers.
(18:17):
So we do have minimum wage here,for instance.
We do have other constraintsover technology here that other
countries don't have.
So I think what it should be isit's a choice.
I think Australian businessesshould choose Australian
businesses in the same way thatwe make a choice to procure
through First Nationsorganizations.
(18:39):
Wherever possible ourprocurement is through that, but
as part of our reconciliationplan.
Um we choose to be a uh adiverse organization so we
represent all aspects of localcommunity, and that includes um
immigration, you know, peoplecoming here on four, five, seven
(18:59):
visas.
We we have internship programswhere we're working with the
local universities, we have uhveterans and first responders
who have now decided totransition into another journey
and another career.
And when you look at overseascompanies, they don't have that,
(19:20):
they don't have that mateshipthat we have in Australian
businesses.
And what's missing for me is themateship in Canberra needs to be
better, and that's why we'resitting here today because for
us, business chambers representsmateship of local community and
local businesses workingtogether.
SPEAKER_03 (19:39):
Yeah, absolutely, and and that's ultimately the
core of the chamber andeverything that we do, right?
SPEAKER_01 (19:45):
Yeah, and and it should be about we should be
more uh steadfast in as localbusinesses appointing a local
business.
I mean, uh I'll use the theCanberra Light Railway as a
classic where we're all prettyappalled that it went to a
foreign company.
If you look at what they did inMelbourne, um, they made sure
(20:07):
that all that money and thetechnology and and was derived
here in Australia.
We could do this.
We're Australians, we're reallyclever people.
We've invented a lot of things,um, but we're very easy uh
leaning into uh overseas or whatthe American uh businesses, and
(20:29):
we really as Australians rightnow need to be more resilient.
Uh if I can use that term again.
SPEAKER_02 (20:36):
I think you totally can, and I think the the reason
for that is because not only dowe need to be actually
resilient, but from a purpleresilience perspective, I think
that ties back into the strengthof supply chain and making sure
that um all of those, thehandoffs between businesses are
(20:57):
appropriately supported andappropriately rigorous so that
we don't um have a higher riskprofile than is necessary when
dealing with with otherbusinesses.
We can keep um manuf, you know,we can keep whatever we need to
produce locally or withcomponent parts much more um
(21:18):
closely closely managed than wedo if we are looking at uh
potentially remotely produced.
SPEAKER_03 (21:26):
And I think that was the lesson through COVID, right?
Absolutely if you've gotdispersed supply chains, global
supply chains, that can causecan cause challenges.
Absolutely.
SPEAKER_02 (21:35):
And I think that's that was a salient lesson for
resilience for a number oforganizations.
SPEAKER_03 (21:42):
Absolutely.
Um just to kind of bring this tolife for our listeners, can you
share a scenario whereresilience planning has made the
difference between disruptionand continuity?
SPEAKER_01 (21:52):
Yeah, so disruption can come in many forms, okay?
So it can come from uh aregulation change, um, and I'll
use fair work, good old fairwork, um has helped and hindered
small business um horribly insome instances.
(22:12):
Um, it's very much for theemployee.
Now they may come onto yourpodcast now, and I'd love a
debate, by the way, just puttingit out there uh with fair work.
Um but uh if you look at some ofthe legislation they've had, it
really is against small mediumenterprise in a lot of
instances.
We've had experiences workingwith companies where they've
(22:35):
said, hang on, we've done theright thing, we've employed
these people, market conditionshave hurt us, an overseas player
has come in, we've we're gonnahave to downsize, we're gonna
have to lose five people.
So they go through their rightprocesses, uh, they make sure
that they do all the rightthings, being resilient against
fair work regulation, makingsure that they've um give these
(22:58):
people that they're going to letgo the right opportunities, um,
go through all the checklists,do all those things, and do all
the right things.
And then they're forced downthis path of going to fair work
anyway, because those fivepeople go to fair work and say,
I want more money.
And we've been told time andtime again that oh, just offer
(23:19):
them more money and they'll goaway.
But as a small business, thathurts.
It you know, um a payout offive, ten, fifteen thousand
dollars might hurt.
So uh the legislation doesn'twork, it's broken.
So what we look at doing isworking with organizations at
their workforce planning, attheir resilience planning.
(23:41):
Um, do all the employees need tobe on certain types of
contracts?
Can they be on casual-basedcontracts?
Still giving them all thebenefits that you should give as
an employer where possible, butlooking in detail at the
contracts, how resilient arethey?
Um, a lot of contracts now arewritten on AI tools or uh by um
(24:06):
legal firms, large legal firms,and then people have copied and
pasted and you know, smallbusinesses, we do what we can,
we end up with our standardcontracts.
And how many people arelistening now who haven't looked
at their employment contract forsome time?
Um, and has it been adjusted tomeet current conditions, current
(24:26):
regulations?
Um, I suspect not.
And it's been weaponized againstsmall business.
So we've had multiple clients inthat situation where we have
gone in and amended contractsand made sure that again people
are supply chain.
I know that sounds mercenary,but people are your biggest
(24:50):
asset in your organization, aswell as the technology that's
there and the tools that thatthey're doing.
Absolutely.
SPEAKER_03 (24:56):
And to be clear, right, most employers are
wanting to do the best for theirpeople and they want to reward
them and help them grow andlearn and keep them in the
business.
SPEAKER_01 (25:05):
But it should be symbiotic, it should be uh a yin
and a yang.
It shouldn't be just one way.
SPEAKER_03 (25:11):
Like that, the yin and yang of employment
relationships.
SPEAKER_01 (25:14):
It's so true then.
SPEAKER_03 (25:15):
Absolutely.
Michelle, let's let's come toyou and talk a little bit more
about the purple resilienceconcept.
Um, how does it combine, as Iunderstand it, it combines cyber
defense, crisis management, andoperational readiness.
What does that mean in practice?
How do you bring those together?
SPEAKER_02 (25:31):
I think in practice we're really talking about
forming a protective structurearound an organization that
brings together all of thesiloed elements.
You know, people often, youknow, we talked about pen
testing earlier, people oftentreat that as a specific thing
that they need to do to makesure their technology can't be
(25:52):
hacked.
But they don't think about howthat marries to their processes
or how that might look from abusiness continuity perspective.
So if they are attacked and theyare suddenly without a system,
how do they then manage aroundthat system?
What processes do they bringinto play?
(26:13):
And how confident are they thatthat will work?
Because again, you know, peoplewill dust off a manual that they
wrote 17 years ago and say, oh,we've got you know our business
continuity planning.
But things have changed sincethey wrote it.
It's not, you know, they haven'ttreated it as a um something
(26:36):
they need to continuously engagewith throughout their, you know,
throughout the life of thebusiness.
SPEAKER_03 (26:41):
Yeah, so have you got it have you got a tip on
that for small business owners,though?
Because there's plenty of peoplewho do, as you say, think about
business continuity and thenplan goes on the shelf.
How do people keep that at frontof mind?
What what what's the thing theyneed to do?
SPEAKER_02 (26:54):
I think from a small business perspective, they need
to allow time.
And I know that is in smallbusiness, that is one of the
hardest things.
The commodity of time is one ofthe hardest things to manage and
uh assign to things that areperceived as less important.
And that's the thing about umabout resilience until you go
(27:19):
through it, you don't understandhow valuable it is to have
something that that strengthensit for you.
And I think, you know, so thethe tip would be allow enough
time to manage the things thatlimit your exposure, that allow
you to focus on protecting yourbusiness.
(27:43):
Because, you know, most smallbusiness and medium or all
business owners really arefocused on let's increase our
sales, let's increase the valueof our business.
But how do you protect the valueof that business?
SPEAKER_01 (27:56):
So having regular tests as well.
Absolutely.
We we we offer ethical hack,what we call hack attacks.
So depending on the type ofbusiness you are, um, we will
agree to attack your business.
Um, whatever that may look like,it might be a physical and a
cyber attack at the same time,um, to test the plan.
(28:18):
And the reason why that'simportant is a lot of small
businesses outsource theirtechnology stack.
Um, they might have a payrollcompany, they might have an IT
company doing all their uhtechnical support, uh, they
might even have a recruitmentcompany doing all their
recruitment.
So, as a business owner, um youask for those people when you
(28:42):
sign the contract, have you gotthe right certifications?
How often do you test yourbusiness?
But where's the proof?
So we've again found in certainsituations people will sign a
five-year contract and then wefind out, well, when was the
last time your IT company did aresilience test with you to make
sure that they are doing rightby you?
And did they do the test or wasan external people?
(29:05):
So I'll give you an example ofthat.
When we do a red-blue teamattack, we don't use our
company.
We're what we call the greenteam.
So we're in the middle andmaking sure that all the things
are tested.
We purposely use two differentlocal companies.
We use a blue company that weappoint for the for the right
(29:25):
reasons, you know, the rightcategories, and then we have a
red team.
Um, we tend to use companieslike Mercury ISS, which is a
small growing uh securitybusiness.
Uh, Ed and his team arefantastic, and we tend to use
them as the red team.
And the reason why we don't useourselves and the reason why we
don't engage the IT companythat's on site is because this
(29:49):
is about doing it and asking theright questions and not um not
shaping the answers to satisfy atick.
Yes, we've done an annual test.
SPEAKER_03 (30:04):
What do you think are the most or the biggest
misconceptions that companieshave about being resilient?
SPEAKER_01 (30:12):
I think resilience always gets tagged with
security.
Um every time we talk tobusiness echo, oh yes, we we do
a pen test once a year.
Um, oh yes, we have this companythat come in and do it all.
Oh, our IT provider does that.
Um for me, resilience can't beoutsourced.
(30:36):
We supply the tools and sort ofthe hand holding, if you like,
but our advocation for this isto sit with a business and do it
with them, not for them, becausethey have to be resilient.
It's their business.
Absolutely.
And they have to own it.
SPEAKER_02 (30:53):
Absolutely.
And I think one of the one ofthe biggest myths about
resilience is that you'reresilient.
I think, you know, companies ofany, again, of any size tell
themselves that they'reresilient and are surprised to
find out they're not whensomething happens.
And I think you know, one of thebetter casing points is the um
AWS incident a few weeks ago.
You know, Amazon's, you know,AWS had a worldwide outage, and
(31:19):
it really, you know, made peoplerealize how much of the internet
goes through AWS.
You know, so you know, companieslarge and small could not access
the systems, could not makepayments, could not conduct
themselves to go about theirdaily business because they had
(31:40):
no um available systems.
Yeah.
SPEAKER_01 (31:42):
Actually, that's a good point because we talk about
OPTIS earlier and the emergencyservices.
Now I can tell you, um, havingworked for Office, uh, Optus in
a very past life, um, they arevery good at what they do.
Um but why weren't wasn't thefailover in place?
Why why did resilience not kickin?
(32:05):
Why did the business continuityplan not kick in?
Now we've seen all the Senateinquiries and all those sorts of
things that are potentiallygoing to go on.
Um, we've seen what they'vesaid.
But as small businesses, itmakes you question well, hang on
a minute.
I use Optus.
Am I resilient?
Could they do this to mybusiness?
Um so I think that misconceptionthat it's just about security is
(32:31):
the biggest blunder.
It's it's testing every aspectof your business to say, if
something happened tomorrow, canI pivot and continue to operate?
That's it.
It's that simple.
SPEAKER_03 (32:44):
So, what role do you think, Michelle, that people and
culture play compared withtechnology in this?
What's more important?
Are they equally important or oris it actually really all about
the people?
SPEAKER_02 (32:57):
I think the as someone who is more people
focused, generally speaking, umgiven my background in in
resilience management, I'm gonnasay the people are probably more
important, and Lizzie will maydisagree with me, is that I
think ink qual.
SPEAKER_01 (33:13):
It's a yin and a yang, I keep saying.
SPEAKER_02 (33:16):
I I would have actually thinking about it, I
would have to agree with you.
And the reason for that is theexposure is the same, same but
different in terms of um yourexposure from the point of view
of technology and from the pointof view of people.
So people will take the path ofleast resistance.
(33:39):
People will, you know, as wesaid earlier, prop open the door
because it's easier for them toget in and out.
Um or they will go, oh, I'lljust click this thing because
it's simpler for me to do that.
Or, you know, I'll take thosepapers home with me because I
can read them in transit andthen leave them, you know, on
(34:02):
the bus on the bus, train, orplane.
So, you know, people and from abehavioral point of view, people
need to be very aware of theirbehaviors and what they're
indicating, not just forthemselves, but again for their
company.
How are they representing theircompany?
Um, you know, some of thelargest reputational damage to
companies has been done bypeople doing things that are not
(34:24):
100% um ethical, for example.
I mean, you just need to look atthe reputation of certain
industries around banks or realestate agents or um uh
salespeople.
It's not that there are notpeople who are ethical and are
uh, for the majority, doing theright thing.
(34:44):
It is literally the ones thatare making unethical decisions
and that are compromising thevalue and the culture and of
that, those industries and thecompanies they work for.
It is really easy for a companyto lose reputation based on what
its employees do.
(35:05):
You know, all you need to do islook at um, you know, any kind
of reviews that small businesseshave.
You know, if you have uhdisgruntled employees or worse,
disgruntled customers, you know,if you have a happy customer,
they're not going to tellterribly many people.
If you have an unhappy customer,they will tell everyone.
It's so true.
No question on that.
SPEAKER_03 (35:26):
Yeah.
So Lizzie, let's jump back toyou and let's talk perhaps a
little bit about the future ofresilience in business.
Um what we've we've talked alittle bit about AI um
automation, but but what's whatare emerging emerging
technologies uh meaning for thefuture of resilience planning,
do you think?
SPEAKER_01 (35:44):
Look, I think it's a scary time, but it's also an
important time.
So AI is is threatening, uh,small medium enterprise.
There's there's no getting awayfrom that.
Um and what we're advocating isnow is the time to put um things
in place that protect yourbusiness.
And like I said, it's an and notan all.
(36:06):
We're seeing an awful lot ofapps uh launch every day and
being developed overseas andpushed upon us for things like
payroll services, recruitmentservices.
And those things still need tobe personalized.
Um, we uh we have a recruitmentbusiness within our construct
where we work with localbusinesses.
(36:27):
We don't use AI for that.
We won't use AI for that.
It makes mistakes.
Um I had a client recently whosaid, Can you help me?
I get 200 CVs a day.
Or why?
Because they've signed up tobigger recruitment companies
that have fully adopted AI andit looks at all the things on a
(36:48):
on a CV and just sends the CV.
There's no contextualizing thatperson.
And I'll give you a classicexample.
I got offered a service deskposition the other day because I
did work in a service desk many,many years ago.
Congratulations.
So I thought, hmm, do I want touh go back 15 years in my career
(37:08):
and go and do that?
So um sometimes emergingtechnology can be fantastic.
And look, in in certain aspects,especially when you look at
renewables and the ESG aspectthat we're looking at, it's
quite exciting.
And we we do use that in ourenvironmental business that we
offer businesses as well.
(37:30):
But for recruitment, it doesn'twork, it really doesn't, in my
opinion.
So I think it's looking atemerging technologies as a way
of understanding them.
Do they work for you?
And so we do work with smallbusinesses and and um we do get
contacted where they say, Look,can you look at what we do?
And is AI for us?
(37:51):
Can we use it in some way?
How do we meet our competition?
Um, and we will do reviews, andI and I think more and more I'm
seeing emerging technologiesthat are coming out, like
digital currency.
Um they're talking about you canuse digital currency now to pay
your mortgage, buy a house, youknow, buy a car, etc.
(38:15):
As that comes on, how does thatimpact small-medium accounting
firms?
Well, they have to pivot and nowunderstand digital currencies,
etc.
Do they do that using tools?
So, where does it have a home?
So AI has a good home in termsof compliance.
So, all these companies that I'mtalking about, your law firms
(38:36):
and your accounting firms, theyneed to have an automated
monitoring tool in the back endbecause there's an awful lot of
governance now to manage.
So that can be very helpful, andwe do help companies with that.
We have a local business that wepromote and work with, um, which
has a piece of technology that'sfantastic.
(38:57):
We have our own proprietarysoftware that does that as well,
verify Global, that looks at umlooking at uh new technology and
people using technology andverifying their qualifications
and its usability.
So I think AI has a place.
I think it's just not, oh, I useChatGPT for this.
(39:20):
Um, and and trust me, ChatGPTmakes lots of mistakes.
So it's built on the internet,so it's it's going to be biased.
So I would always say to people,if you are going to use Chat
GPT, for instance, writing yourdocument, your legal document,
um, still go to a lawyer, stillget it checked out, still go to
(39:40):
your local accountant, get itchecked out, still go to your
local recruitment person forsupport or payroll company.
And again, supporting localbusinesses.
I don't think emergingtechnology is always the answer.
Speaking as a CTO.
SPEAKER_03 (39:57):
So, Michelle, uh, from your point of view, um, you
know, obviously resilience isincreasingly important.
We're in an increasinglyuncertain world.
There's technology changes allthe time, there's there's big
sort of geopolitical issues atthe moment as well.
How how do you see the role ofCTOs, CIOs, and risk
practitioners evolving over thenext five years?
SPEAKER_02 (40:17):
I think it's going to become more of a partnership,
and I think the things that havebeen looked at in separate silos
are going to have to worktogether and become more of a
strategic approach.
And that sounds, you know, quiteheavy, a heavy burden for small
and medium enterprise.
But the reality is that anybusiness plans, any plans for
(40:40):
growth need to consider thevalue of emerging technologies,
but also the risks and theexposures that they um they
present as well.
So I think it's going to becomemore of a partnership than
anything else because the um thethe require, you know,
legislative requirements willchange to put more emphasis on
(41:05):
things that boards and managingdirectors and you know business
operators will need to do overtime.
And that needs to be allowed forum, you know, over the next say
five years, because you know,legislation changes on a regular
basis.
We know it's coming, but it'salways a surprise when it gets
(41:26):
here for people because theyhaven't had again, I allude back
to time, they haven't had timeto focus on that.
So, for example, next year AMLlegislate AML CF2 legislation is
coming into play.
And you would think, well, thathas nothing to do with me.
But um in terms of how we managethat, it does play back to what
(41:49):
the banks are requesting ofbusiness now in terms of how
they identify, how they theypractice their business, all of
the associated reporting behindthat.
So, you know, legislative changehas significant impact on
businesses of all sizes, um,particularly on the smaller
business, because again, it'sabout how they allocate the
(42:09):
appropriate level of time andresource for that.
SPEAKER_03 (42:12):
That's right.
And and Lizzie, from a um fromthe point of view of a small
business, I mean perhaps we'vethere's lots of people who will
be listening to this who mightbe sole traders or perhaps, you
know, uh husband and wife teamor something like that.
Um, you know, they don't have aCTIO, CTO and a CIO and a and a
risk team that they are all ofthose things.
Um what advice would you havefor them about how you sort of
(42:36):
should start preparing for forbeing more resilient?
SPEAKER_01 (42:39):
Yeah, I think I think that's what we're finding
is is we're not just anintegrator of systems and tools.
We've become sort of an advisorto small business where we sit
down, we understand theirbusiness.
And uh we had a situationrecently where it was a plumbing
business and it's a husband andwife team.
And uh the wife sits there anddoes end-to-end.
(43:02):
She is the CIO, CTO, COO, uhbutler, uh housekeeper, you name
it, she's it.
Um, and her husband goes out uhto see clients and and and does
the work and comes home, and atthe end of the week she has to
beg him to empty his pockets touh empty out his all his
receipts, which he's terriblefor keeping.
(43:24):
And I said to her, What are thethings that bug you?
What are the things uh that youneed?
And she said, I don't know whatI don't know.
That's my biggest problem.
So if I don't if I don't getsomething like a receipt, I I
don't know that it's been spent,so I don't know if I'm
reconciling the books.
Um, if legislation comes out, Ifind it confusing.
(43:46):
I don't know what I don't know.
So what we've tried to do isoffer a sort of space where we
do some initial free consultingto understand the business and
say, okay, here's some advice,but you know what, you don't
need us.
Here's the things that I woulddo if I was sitting in your
situation.
So, first of all, put an app onyour husband's phone to scan uh
(44:08):
receipts at the point that he'sbuying something, you know, so
that it goes to you immediatelyand you don't have to empty out
his pockets, you know.
As simple as that, um it couldbe.
Um, but one of the other thingsthat I do think is the big thing
is is CIOs anyway are dying, um,and they're being replaced by
(44:31):
ESGOs, environmental socialgovernance, which is saying it's
looking at the whole piece.
And if you're a mum and dadbusiness, you're already an ESGO
because you're already thinkingend-to-end.
Um, bigger companies don't, theythink in silo, which what what
Michelle was talking aboutearlier.
Um so for small businesses,particularly, um, we sit down
(44:56):
and work with them and say, howcan we make things a bit easier
for the circumstances you arein?
They can't sit down there andpay$25,000 to a consulting firm
to come in and tell them how tobetter their business.
They already know what they'redoing, they probably do it ten
times better than anybody else.
Uh you know, uh these mum anddad uh businesses are the
(45:19):
ultimate project managers.
I mean, certainly the the menand women we've met are
fantastic.
Um, so it's about sitting thereand offering them uh the right
tools at the right price, maybenegotiating on their behalf and
making sure that tool adoptionis there.
Um so a lot of uh what we do isnot about um big contracts and
(45:43):
winning big business.
Sometimes our fees are as low as80 bucks.
It's sitting there and saying,Oh, look, you know, sitting down
for an hour with a cup of tea,going, okay, um, I would look at
these things.
I wouldn't worry about theseother things.
But everybody's business, as asMichelle has said, is about
(46:04):
being resilient and resilient tolegislation change, resilient to
banking conditions.
I mean, the RBA have not come inwith any relief again.
Um, so inflation is what it is.
I don't believe it's managedparticularly well in Australia,
but we can't do anything aboutit.
So, how do we how do we meet themarket to minimize the exposure
(46:27):
for small business?
And that's something thatMichelle's team offer.
SPEAKER_03 (46:31):
Yeah, excellent.
Well, uh, ladies, thank you somuch for being here on the
podcast today.
If people do want to know moreabout your business, how do they
get in touch with you?
SPEAKER_01 (46:39):
Yeah, so uh we have a website uh which has all of
our businesses on it, which isum arisinkgroup.com, um, and
they can go there, dot com.au, Ishould say, because that's our
Australian business.
Um, and uh they can go on thereand search all our different
services, but also pick up thephone and talk to us.
(47:01):
There's a 1300 number on ourwebsite, they can contact us
that way.
Uh we you can contact us throughuh business chambers.
We're a proud member of BusinessTrain Rooms and thank you for
the opportunity of being heretoday.
It's been wonderful.
I'm hoping to be back with otherservices in the future.
SPEAKER_03 (47:20):
Excellent.
Well, we look forward to seeingboth of you at one of our future
events.
Um, but in the meantime, thankyou, thank you again for being
here.
I'm Greg Harford from theCanberra Business Chamber.
This has been the CanberraBusiness Podcast, and I've been
talking to Lizzie Christensen,the Global Partner and Chief
Technology Officer for RS ZincGroup, and Michelle Kahn, the
risk practitioner, a partner toARS Zinc, uh, working on um uh
(47:41):
purple resilience issues forbusiness across the board.
Thank you so much.
Um, this is Canberra BusinessPodcast.
Don't forget to follow us onyour favourite podcast platform
for future episodes, and we'llcatch you next time.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.