lab.xobb.org · higher-education security workshop

Plain instruments for measuring, briefing and acting on cyber-security posture.

A small workshop of tools for Australian university security teams, CISOs and governing boards. Each one is built from public data only, runs entirely in your browser, and turns a recognised framework into a shareable, board-ready picture — without a vendor, a login, or your data leaving your device.

Posture: Client-side · no accounts · no analytics · no data egress
Sources: Public standards & advisories, cited & versioned
Audience: HE security staff, CISOs & university boards

The instruments

How the lab works

Your data stays with you

Assessments run in the browser. Answers are encoded compactly in the page URL so a result is shareable and bookmarkable — but nothing is ever sent to a server. No accounts, no cookies, no analytics, no third-party calls beyond loading the bundled model file.

Public sources, cited

Every methodology claim traces to a named public standard or advisory — the ACSC Essential Eight Maturity Model, CISA KEV, EPSS, HECVAT and similar. No corporate, confidential or institution-specific data is ingested. Output is safe to publish.

Built for the boardroom

Each tool ends in something you can take upstairs: a clear maturity picture and a one-click export to a typeset board briefing, in the same calm, document-like house style across the whole lab.

Unofficial · self-assessment aid

These tools are unofficial self-assessment aids based on public frameworks. The Essential Eight self-assessment is built on the public ACSC Essential Eight Maturity Model (November 2023) and is not affiliated with or endorsed by ASD / ACSC, nor a substitute for a formal assessment. Nothing here is legal, financial or professional advice.