Zero
Non-conformities across 6 ISO 27001 audits
Designed and led the ISMS through six consecutive surveillance and recertification cycles without a single non-conformity.
Sydney · Independent Specialist · Est. 2006
Independent Cyber & Digital Specialist.
Security governance and digital transformation.
For serious organisations.
Executive-grade information security specialist services for government providers, not-for-profits and mid-market organisations who need defensible governance, audit-ready controls and a trusted specialist at the table — without retaining a Big Four engagement.
ISO 27001 Lead Implementer ISO 27001 Lead Auditor ACSC Essential Eight Certified in Cybersecurity
By the numbers
19+
Years in IT & Security
6
Consecutive ISO 27001 audits, zero non-conformities
18
Subcontractor RFFR assessments led
ML3
Essential Eight, 5 years sustained
Specialist services
Eleven focused engagements.
One trusted specialist.
Virtual CISO Services
Executive-level security leadership on a fractional basis — board reporting, strategy, risk posture and program ownership.
Learn moreISO 27001 Advisory & Audit Readiness
Implementation, gap assessment and certification readiness designed to pass external audit and operate sustainably.
Learn moreRFFR / Government Security Readiness
Right Fit For Risk uplift for government providers and their subcontractors, aligned to ACSC ISM and Essential Eight.
Learn moreEssential Eight Assessments
Independent maturity assessments and pragmatic roadmaps to ML2 / ML3 — no over-engineering, no vendor agenda.
Learn moreMicrosoft 365 Security Governance
Tenant hardening, Purview, Defender, Entra ID and conditional access aligned to your control framework.
Learn moreSharePoint & Cloud Transformation
Governance, classification and information architecture for cloud and SharePoint migrations done properly.
Learn moreSecurity Risk Management
Enterprise risk frameworks, third-party risk, and risk treatment plans your board and auditors can rely on.
Learn moreTechnical Governance & Compliance
Bridge the gap between engineering reality and compliance obligations — practical controls, evidence and reporting.
Learn moreSystem Digitisation
Retire paper, spreadsheets and shared inboxes with governed, audit-grade digital systems on Microsoft 365 and Power Platform.
Learn moreBusiness Process Automation
Remove manual bottlenecks with automated, auditable workflows on Power Automate, Power Apps and Dataverse.
Learn moreVendor & Supplier Renegotiation
Discrete, fixed-scope renegotiation of IT vendor and SaaS contracts during transformation and renewal events.
Learn moreWhy clients engage me
A trusted specialist, not a vendor.
CEOs, CIOs, boards and risk committees engage me for clarity, accountability and audit-ready outcomes — without the bloat of a tier-one consultancy.
- 01
Independent, not reselling
No product quotas, no vendor incentives. Advice is calibrated to your risk and budget — not a partner programme.
- 02
Operator-grade experience
Acting CISO and Information Security Manager engagements — I've owned the program, not just audited it.
- 03
Audit-tested outcomes
Six consecutive ISO 27001 surveillance and recertification audits delivered with zero non-conformities.
- 04
Government-aligned fluency
ACSC ISM, Essential Eight, RFFR and government expectations — translated into controls your team can actually run.
Frameworks & expertise
Fluent across the frameworks that matter in Australia.
Deep working knowledge of ACSC, ISO, NIST and Microsoft control sets — translated into pragmatic, auditable programs for organisations operating under government and regulator scrutiny.
ISO/IEC 27001 & 27002ACSC Essential EightACSC ISMRFFR / governmentNIST CSFZero Trust ArchitectureMicrosoft 365 & Entra IDSharePoint GovernanceThird-Party RiskPrivacy Act / APPSOC 2 ConceptsITIL Service Management
Selected engagements
Outcomes that hold up under audit and scrutiny.
18
RFFR subcontractor assessments delivered
Led Right Fit For Risk readiness for a government provider and its subcontractor network — uplifted to government expectations.
ML3
Essential Eight sustained for 5 years
Took an organisation from baseline to Maturity Level 3 and held it through hybrid Microsoft and SaaS environments.
Certifications
Credentialed across security, governance and IT.
- Microsoft Certified Technology Specialist
- Microsoft Certified IT Professional
- ISO 27001 Lead Auditor
- ITIL V3 Certified
- ISO 27001 Lead Implementer
- ISO 27001 Internal Auditor
- ISO 27001 Risk Manager
- Certified in Cybersecurity (CC)
- Info Security Lead Professional
- ISO 27001 Security Executive
- Microsoft Certified Technology Specialist
- Microsoft Certified IT Professional
- ISO 27001 Lead Auditor
- ITIL V3 Certified
- ISO 27001 Lead Implementer
- ISO 27001 Internal Auditor
- ISO 27001 Risk Manager
- Certified in Cybersecurity (CC)
- Info Security Lead Professional
- ISO 27001 Security Executive
How we work together
A measured, four-stage specialist engagement.
- 01
Discovery
A confidential conversation to understand context, drivers, regulators and the outcome that matters.
- 02
Assessment
Structured review of current state against the relevant framework — ISO 27001, Essential Eight, RFFR or ISM.
- 03
Roadmap
A prioritised, costed plan calibrated to your risk appetite, change capacity and certification timeline.
- 04
Execution & Assurance
Hands-on specialist support through implementation, audit and continuous improvement.
Client perspectives
Trusted by leaders who carry the risk.
Names withheld · scroll to read
Identities of clients and organisations withheld. Full references available on request under NDA.
Begin the conversation
A confidential discussion about your security posture.
A 30-minute specialist call — no pitch, no scripted discovery. Just a candid conversation about the outcome you need and whether I'm the right person to help you get there.
All initial conversations are confidential. Engagements operate under NDA where required.