InnitorInnitor
Our FounderBlogCheck Your Score

Blog

Practical guides for non-technical founders navigating technical decisions. Compliance frameworks, hiring your first CTO, architecture choices, and what to look for in contractors and agencies. Written by Robbie Cronin, fractional CTO based in Melbourne.

Fractional CTO services|About Robbie
compliancesecuritystartups

Your Data Breach Response Plan Under Australian Privacy Law

The Australian Privacy Principles give you 30 days from suspecting a breach to complete your assessment. Here's exactly what to do and in what order.

·7 min read
australian privacy principlesemployee data privacy australiaprivacy act employee recordsAPP compliance HR data

Australian Privacy Principles and Employee Data

The Australian Privacy Principles apply to employee data too. Most SMEs get this wrong. Here's what you need to fix.

·6 min read
compliancestartupssecurity

Your Website Probably Breaches Australian Privacy Principles

Contact forms, analytics tools, and outdated privacy policies create Australian Privacy Principles breaches on most business websites. Here's what to fix first.

·5 min read
compliancesecuritystartups

Australian Privacy Principles Where SMEs Actually Fail

Most Australian Privacy Principles breaches at SMEs come from vendor gaps and human error, not hackers. Here's where to focus your compliance effort.

·7 min read
DISPEssential Eightcompliancedefenceaustraliasecurity

DISP Membership: The 5 Things to Sort Out First

Your prime contractor just told you to get DISP membership. Here's what to do first, in the order that matters. A practical guide for Australian SMEs starting from scratch.

·6 min read
compliancesecuritystartups

Australian Privacy Principles Guide for SMEs

The 13 Australian Privacy Principles control how your business handles personal data. Here's what SMEs actually need to do to comply before the exemption ends.

·6 min read
hiringcontractorsstartupsfractional-cto

How to Evaluate a Software Contractor Before You Hire

Most founders evaluate contractors on technical skills they can't assess. Here's what actually predicts whether a developer will deliver what your startup needs.

·4 min read
essential-eightpatch-managementvulnerability-scanningaustraliacompliancesecurity

Patch Management for Essential Eight: Timelines, Tools, and What Auditors Actually Check

The Essential Eight patching requirements are aggressive by design. 48 hours for critical vulnerabilities. Two weeks for internet-facing apps. Here's how to actually meet them, which tools work, and where most Australian businesses fail.

·17 min read
essential-eightmfaphishing-resistantfido2australiacompliancesecurity

Phishing-Resistant MFA: What It Means and Why Essential Eight ML2 Demands It

SMS codes and authenticator apps no longer meet Essential Eight Maturity Level 2. Here's what phishing-resistant MFA actually is, which methods qualify, and how to roll it out with FIDO2 security keys, Windows Hello for Business, or passkeys.

·14 min read
essential-eightapplication-controlwdacaustraliacompliancesecurity

WDAC for Essential Eight: The Application Control Guide Nobody Wanted to Write

Windows Defender Application Control is the hardest Essential Eight strategy to implement. What WDAC is, how it differs from AppLocker, what each maturity level requires, and how to avoid bricking your fleet.

·16 min read
essential-eightcomplianceaustraliacyber-securitymaturity-model

Essential Eight Maturity Levels Explained: What ML1, ML2, and ML3 Actually Require (2026)

A practical breakdown of Essential Eight maturity levels for Australian business owners. What each level requires, what it costs, which controls to tackle first, and whether your Microsoft 365 licence already covers it.

·18 min read
fractional-ctostartupstechnical-leadershipaustralia

What Is a Fractional CTO? (And How to Know If You Need One)

What a fractional CTO actually does, what it costs, when it makes sense, and the red flags to watch for. Written by someone who does this work.

·11 min read
essential-eightcomplianceaustraliacyber-securityacsc

What Is the Essential Eight? The Complete Australian Guide (2026)

The Essential Eight explained for business owners, not IT departments. What the eight controls actually do, real breaches that prove why they matter, and how to figure out what your business needs.

·18 min read
cyber-insuranceessential-eightaustraliacompliancesecurity

Your Cyber Insurer Is Already Asking About Essential Eight. Here's What That Means.

Australian cyber insurers are rejecting 40% of claims. Most rejections come down to missing controls that Essential Eight covers. What they're checking, what it costs you, and how to fix it before renewal.

·10 min read
essential-eightcomplianceaustraliacyber-insurancesecurity

How Much Does an Essential Eight Assessment Cost in Australia? (2026)

Real pricing for Essential Eight assessments in Australia. From solo consultants to Big 4 firms. What you're actually paying for, what you can skip, and how to avoid overspending.

·9 min read
startups

Questions to Ask a Software Development Agency Before You Sign Anything

Five uncomfortable questions to ask a software development agency before signing. What their answers reveal about code ownership, scope creep, and whether they'll actually deliver.

·8 min read
startupscontractorsscaling

Your Developer Quit Mid-Project. Here's What to Do in the Next 72 Hours.

Your developer quit mid project. Here's what to do in the next 72 hours to protect your code, your product, and your sanity.

·10 min read
startupscontractorsscaling

How Much Does It Actually Cost to Build an App in 2026

How much does it cost to build an app? Real numbers from build to Year 2, hidden costs agencies leave out, and a framework for budgeting your first 18 months.

·10 min read
soc-2complianceenterprise-salesstartupssecurity

Your Enterprise Customer Just Asked for SOC 2. Here's What to Actually Do.

A week-by-week playbook for startups that just got the SOC 2 question on a sales call. Real costs, timelines, and what auditors actually check.

·12 min read
hipaacompliancehealthtechstartupssecurity

HIPAA Compliance for Startups: The $5K Version vs the $50K Version

Most healthtech startups overpay for HIPAA compliance. Here's what the engineer-led $5K version looks like, and why it's actually more secure than the $50K consultant version.

·13 min read
complianceiso-27001soc-2startupssecurity

ISO 27001 vs SOC 2 vs Cyber Essentials: Which One Does Your Startup Actually Need?

A decision framework for non-technical founders choosing between ISO 27001, SOC 2, and Cyber Essentials. With real costs, timelines, and an honest answer about which one to do first.

·9 min read
contractorsstartupshiringfractional-cto

5 Questions to Ask a Software Development Agency Before Signing

The uncomfortable questions to ask a software development agency that separate founders who get working products from those who get expensive lessons.

·10 min read
hipaacompliancehealthtechtrackingprivacysecurity

Kaiser Just Paid $46M for Website Tracking Pixels. Is Your Healthtech Startup Next?

Google Analytics on your health app might be a HIPAA violation. Kaiser Permanente paid $46M to learn this lesson. Here's how to audit your tracking stack before OCR comes knocking.

·10 min read
fractional-ctostartupshiring

Fractional CTO vs Contractor: Which Does Your Startup Need?

A decision framework for non-technical founders choosing between hiring a contractor, fractional CTO, or full-time CTO. With real cost comparisons.

·6 min read
hiringcontractorsstartups

How to Hire a Software Contractor as a Non-Technical Founder

A practical guide to vetting, hiring, and managing software contractors when you don't have a technical background. Avoid the expensive mistakes.

·5 min read
announcements

Hello World

Welcome to the Innitor blog. Insights on software engineering, technical leadership, and building products that actually work.

·1 min read

Get posts like this in your inbox

Practical takes on engineering, compliance, and building products that work. No spam, unsubscribe anytime.