Brisbane - SMBiT Professionals February Meeting

Cybersecurity standards are rarely described as interesting. This session might change that.

I’ll be presenting on the SMB 1001:2026 Cybersecurity Standard, breaking down what’s new compared to the 2025 version, what’s actually changed in practice, and what organisations should be doing about it. We’ll cover how to address, meet, align with, and maintain the controls in a way that makes sense for real businesses – not just auditors and policy writers.

This is not a sales pitch or a box-ticking exercise. It’s a practical, plain-English walkthrough of what the standard is trying to achieve, where people usually get stuck, and how to avoid over-engineering your way into frustration.

There will be time for questions throughout, including the ones you’re probably thinking right now. The primary goal is simple – everyone should learn something useful, leave with clearer answers, and ideally stay awake for the full session.

A quick introduction. My name is Luke Irwin. I’m the Founder and Principal Consultant at Aegis Cybersecurity, a specialist cybersecurity governance, risk, and compliance consultancy. I spend my days working with boards, executives, and leadership teams across Australia to help them understand cyber risk, regulatory obligations, and assurance frameworks in a way that is practical and defensible.

My work spans standards and frameworks such as ISO 27001, Essential Eight, SOC 2, DISP, NIST, and SMB 1001. Aegis Cybersecurity is currently the first and only consultancy holding SMB 1001 Diamond certification, and my focus is firmly on governance, maturity, and long-term outcomes – not tools, vendors, or fear-based messaging.

If cybersecurity standards sit somewhere between “important” and “confusing” for you, this session will be worth your time.