Why this site exists
Most cybersecurity advice on the internet is written by people who have never actually worked in security.
They test a VPN for a weekend, run an antivirus through a checklist, and publish a comparison. Then they tell you which product to buy based on a spec sheet and a commission rate.
Plain Text Security is different. I’ve spent years working at the sharp end of enterprise cybersecurity — evaluating vendors, running procurement processes, responding to incidents, and building security programs from the ground up. I know what good security looks like in practice, not just on paper. And I know how hard it is to find honest, plain-spoken advice that isn’t trying to sell you something.
That’s what this site is for.
Who’s behind it
I’m a senior cybersecurity professional based in Brisbane, Australia, currently working as a CISO-level practitioner with experience across both the public and private sectors. I’ve spent the better part of my career helping organisations navigate the genuinely difficult problem of securing their people, systems, and data.
I evaluate security tools for a living. Not for affiliate commissions — for real procurement decisions with real budgets and real consequences. That experience shapes every review and recommendation on this site.
I built Plain Text Security because I kept getting asked the same questions — by colleagues, friends, family, and small business owners — about which tools are actually worth using. This is my attempt to answer those questions properly, in plain English, without the noise.
What you’ll find here
For individuals and families: Honest reviews of the tools that actually make a difference for personal security — password managers, VPNs, identity protection, home network security. Not ranked by commission rate. Ranked by whether I’d recommend them to someone I care about.
For businesses and security teams: Practitioner-led analysis of enterprise security tools — EDR, SIEM, identity governance, email security, and more. Written for the people who actually have to buy and operate this stuff, not for the vendor’s marketing team.
For Australian organisations specifically: Coverage of the regulatory and compliance landscape that matters here — the ASD Essential Eight, the Australian Privacy Act, ACSC advisories, and what they actually mean for your organisation in practice.
How I make money
Plain Text Security earns affiliate commissions when you click through to a product and make a purchase or sign up. This is disclosed clearly on every article where it applies.
Affiliate relationships do not influence my recommendations. I have recommended free tools over paid ones, open source over commercial, and “don’t buy this” over a high-commission product — and I’ll continue to do so. My reputation as a practitioner is worth more than any commission.
I also don’t accept payment for reviews, sponsored placements, or “partnerships” that involve editorial influence. If that ever changes, I’ll tell you.
A note on financial and legal advice
Nothing on this site constitutes financial, legal, or professional advice. Security recommendations are based on my professional experience and judgement — your situation may differ. For decisions with significant consequences, consult a qualified professional.
Get in touch
Have a question, a topic you’d like covered, or a product you think I should review? I read every email.
Plain Text Security is an independent publication run as a sole trader business registered in Queensland, Australia (ABN: 21 438 478 477).