Blog

Practical guides for non-technical founders navigating technical decisions. Compliance frameworks, hiring your first CTO, architecture choices, and what to look for in contractors and agencies. Written by Robbie Cronin, fractional CTO based in Melbourne.

Fractional CTO services|About Robbie

essential-eightpatch-managementvulnerability-scanningaustraliacompliancesecurity

Patch Management for Essential Eight: Timelines, Tools, and What Auditors Actually Check

The Essential Eight patching requirements are aggressive by design. 48 hours for critical vulnerabilities. Two weeks for internet-facing apps. Here's how to actually meet them, which tools work, and where most Australian businesses fail.

5 March 2026·17 min read

essential-eightmfaphishing-resistantfido2australiacompliancesecurity

Phishing-Resistant MFA: What It Means and Why Essential Eight ML2 Demands It

SMS codes and authenticator apps no longer meet Essential Eight Maturity Level 2. Here's what phishing-resistant MFA actually is, which methods qualify, and how to roll it out with FIDO2 security keys, Windows Hello for Business, or passkeys.

2 March 2026·14 min read

essential-eightapplication-controlwdacaustraliacompliancesecurity

WDAC for Essential Eight: The Application Control Guide Nobody Wanted to Write

Windows Defender Application Control is the hardest Essential Eight strategy to implement. What WDAC is, how it differs from AppLocker, what each maturity level requires, and how to avoid bricking your fleet.

27 February 2026·16 min read

essential-eightcomplianceaustraliacyber-securitymaturity-model

Essential Eight Maturity Levels Explained: What ML1, ML2, and ML3 Actually Require (2026)

A practical breakdown of Essential Eight maturity levels for Australian business owners. What each level requires, what it costs, which controls to tackle first, and whether your Microsoft 365 licence already covers it.

26 February 2026·18 min read

fractional-ctostartupstechnical-leadershipaustralia

What Is a Fractional CTO? (And How to Know If You Need One)

What a fractional CTO actually does, what it costs, when it makes sense, and the red flags to watch for. Written by someone who does this work.

26 February 2026·11 min read

essential-eightcomplianceaustraliacyber-securityacsc

What Is the Essential Eight? The Complete Australian Guide (2026)

The Essential Eight explained for business owners, not IT departments. What the eight controls actually do, real breaches that prove why they matter, and how to figure out what your business needs.

26 February 2026·18 min read

cyber-insuranceessential-eightaustraliacompliancesecurity

Your Cyber Insurer Is Already Asking About Essential Eight. Here's What That Means.

Australian cyber insurers are rejecting 40% of claims. Most rejections come down to missing controls that Essential Eight covers. What they're checking, what it costs you, and how to fix it before renewal.

23 February 2026·10 min read

essential-eightcomplianceaustraliacyber-insurancesecurity

How Much Does an Essential Eight Assessment Cost in Australia? (2026)

Real pricing for Essential Eight assessments in Australia. From solo consultants to Big 4 firms. What you're actually paying for, what you can skip, and how to avoid overspending.

23 February 2026·9 min read

startups

Questions to Ask a Software Development Agency Before You Sign Anything

Five uncomfortable questions to ask a software development agency before signing. What their answers reveal about code ownership, scope creep, and whether they'll actually deliver.

23 February 2026·8 min read

startupscontractorsscaling

Your Developer Quit Mid-Project. Here's What to Do in the Next 72 Hours.

Your developer quit mid project. Here's what to do in the next 72 hours to protect your code, your product, and your sanity.

16 February 2026·10 min read

startupscontractorsscaling

How Much Does It Actually Cost to Build an App in 2026

How much does it cost to build an app? Real numbers from build to Year 2, hidden costs agencies leave out, and a framework for budgeting your first 18 months.

9 February 2026·10 min read

soc-2complianceenterprise-salesstartupssecurity

Your Enterprise Customer Just Asked for SOC 2. Here's What to Actually Do.

A week-by-week playbook for startups that just got the SOC 2 question on a sales call. Real costs, timelines, and what auditors actually check.

8 February 2026·12 min read

hipaacompliancehealthtechstartupssecurity

HIPAA Compliance for Startups: The $5K Version vs the $50K Version

Most healthtech startups overpay for HIPAA compliance. Here's what the engineer-led $5K version looks like, and why it's actually more secure than the $50K consultant version.

8 February 2026·13 min read

complianceiso-27001soc-2startupssecurity

ISO 27001 vs SOC 2 vs Cyber Essentials: Which One Does Your Startup Actually Need?

A decision framework for non-technical founders choosing between ISO 27001, SOC 2, and Cyber Essentials. With real costs, timelines, and an honest answer about which one to do first.

8 February 2026·9 min read

contractorsstartupshiringfractional-cto

5 Questions to Ask a Software Development Agency Before Signing

The uncomfortable questions to ask a software development agency that separate founders who get working products from those who get expensive lessons.

2 February 2026·10 min read

hipaacompliancehealthtechtrackingprivacysecurity

Kaiser Just Paid $46M for Website Tracking Pixels. Is Your Healthtech Startup Next?

Google Analytics on your health app might be a HIPAA violation. Kaiser Permanente paid $46M to learn this lesson. Here's how to audit your tracking stack before OCR comes knocking.

1 February 2026·10 min read

fractional-ctostartupshiring

Fractional CTO vs Contractor: Which Does Your Startup Need?

A decision framework for non-technical founders choosing between hiring a contractor, fractional CTO, or full-time CTO. With real cost comparisons.

26 January 2026·6 min read

hiringcontractorsstartups

How to Hire a Software Contractor as a Non-Technical Founder

A practical guide to vetting, hiring, and managing software contractors when you don't have a technical background. Avoid the expensive mistakes.

25 January 2026·5 min read

announcements

Hello World

Welcome to the Innitor blog. Insights on software engineering, technical leadership, and building products that actually work.

19 January 2025·1 min read

Get posts like this in your inbox

Practical takes on engineering, compliance, and building products that work. No spam, unsubscribe anytime.