Sydney · Independent Specialist · Est. 2006

Fractional CTO.
Independent Cyber & Digital Specialist.
Technology leadership for serious organisations.

Fractional CTO advisory paired with independent cyber and digital specialist services — for government providers, not-for-profits and mid-market organisations who need technology strategy, defensible governance and audit-ready controls without retaining a Big Four engagement.

ISO 27001 Lead Implementer ISO 27001 Lead Auditor ACSC Essential Eight Certified in Cybersecurity

By the numbers

19+

Years in IT & Security

6

Consecutive ISO 27001 audits, zero non-conformities

18

Subcontractor RFFR assessments led

ML3

Essential Eight, 5 years sustained

Why clients engage me

A trusted specialist, not a vendor.

CEOs, CIOs, boards and risk committees engage me for clarity, accountability and audit-ready outcomes — without the bloat of a tier-one consultancy.

  • 01

    Fractional CTO + Cyber under one specialist

    Technology strategy, architecture and security governance from a single accountable operator — no handoffs between a CTO advisor, vCISO and integrator.

  • 02

    Independent, not reselling

    No product quotas, no vendor incentives. Advice is calibrated to your risk, budget and roadmap — not a partner programme.

  • 03

    Operator-grade experience

    I've owned the program — CTO, CISO and delivery leadership across hybrid Microsoft, Azure and SaaS estates — not just audited it.

  • 04

    Audit-tested outcomes

    Six consecutive ISO 27001 surveillance and recertification audits delivered with zero non-conformities.

Frameworks & expertise

Fluent across the technology and control frameworks that matter in Australia.

Deep working knowledge of cloud architecture, Microsoft platforms, and ACSC, ISO and NIST control sets — translated into pragmatic, auditable technology programs for organisations operating under government and regulator scrutiny.

Technology StrategySolution & Cloud ArchitectureEngineering LeadershipISO/IEC 27001 & 27002ACSC Essential EightACSC ISMRFFR / governmentNIST CSFZero Trust ArchitectureMicrosoft 365 & Entra IDAzure CloudSharePoint GovernanceThird-Party RiskPrivacy Act / APPITIL Service ManagementVendor & Commercial

Selected engagements

Outcomes that hold up under audit and scrutiny.

Zero

Non-conformities across 6 ISO 27001 audits

Designed and led the ISMS through six consecutive surveillance and recertification cycles without a single non-conformity.

18

RFFR subcontractor assessments delivered

Led Right Fit For Risk readiness for a government provider and its subcontractor network — uplifted to government expectations.

ML3

Essential Eight sustained for 5 years

Took an organisation from baseline to Maturity Level 3 and held it through hybrid Microsoft and SaaS environments.

Certifications

Credentialed across security, governance and IT.

  • Microsoft Certified Technology Specialist
    Microsoft Certified Technology Specialist
  • Microsoft Certified IT Professional
    Microsoft Certified IT Professional
  • ISO 27001 Lead Auditor
    ISO 27001 Lead Auditor
  • ITIL V3 Certified
    ITIL V3 Certified
  • ISO 27001 Lead Implementer
    ISO 27001 Lead Implementer
  • ISO 27001 Internal Auditor
    ISO 27001 Internal Auditor
  • ISO 27001 Risk Manager
    ISO 27001 Risk Manager
  • Certified in Cybersecurity (CC)
    Certified in Cybersecurity (CC)
  • Info Security Lead Professional
    Info Security Lead Professional
  • ISO 27001 Security Executive
    ISO 27001 Security Executive
  • Microsoft Certified Technology Specialist
    Microsoft Certified Technology Specialist
  • Microsoft Certified IT Professional
    Microsoft Certified IT Professional
  • ISO 27001 Lead Auditor
    ISO 27001 Lead Auditor
  • ITIL V3 Certified
    ITIL V3 Certified
  • ISO 27001 Lead Implementer
    ISO 27001 Lead Implementer
  • ISO 27001 Internal Auditor
    ISO 27001 Internal Auditor
  • ISO 27001 Risk Manager
    ISO 27001 Risk Manager
  • Certified in Cybersecurity (CC)
    Certified in Cybersecurity (CC)
  • Info Security Lead Professional
    Info Security Lead Professional
  • ISO 27001 Security Executive
    ISO 27001 Security Executive

How we work together

A measured, four-stage specialist engagement.

  1. 01

    Discovery

    A confidential conversation to understand context, drivers, regulators and the outcome that matters.

  2. 02

    Assessment

    Structured review of current state against the relevant framework — ISO 27001, Essential Eight, RFFR or ISM.

  3. 03

    Roadmap

    A prioritised, costed plan calibrated to your risk appetite, change capacity and certification timeline.

  4. 04

    Execution & Assurance

    Hands-on specialist support through implementation, audit and continuous improvement.

Client perspectives

Trusted by leaders who carry the risk.

Names withheld · scroll to read

I had the pleasure of working with him on an IRAP assessment and can recommend him without reservation. His depth of knowledge in Australian Government security frameworks and best practices was invaluable — he guided us through the assessment requirements and helped us implement meaningful security improvements.
ITS Project Manager · Government-contracted provider
He has a remarkable ability to break down complex compliance standards into practical, understandable steps. He worked seamlessly with both technical and non-technical stakeholders, ensuring everyone understood the rationale behind the controls and the value they brought to our security posture.
Project Manager · Employment services sector
Thanks to his meticulous attention to detail, proactive communication, and strategic insights, we achieved IRAP certification with greater confidence in our long-term security capabilities. Beyond IRAP, his expertise in Zero Trust Architecture, ISO 27001 and RFFR further cemented his value as a trusted partner.
Technology Lead · government-aligned organisation
For anyone seeking expert guidance in navigating IRAP assessments or strengthening their overall cybersecurity framework, I can wholeheartedly recommend him. His technical knowledge, dedication and professionalism are second to none.
Senior Manager · Not-for-profit sector

Identities of clients and organisations withheld. Full references available on request under NDA.

Begin the conversation

A confidential discussion about your technology and security posture.

A 30-minute Fractional CTO call — no pitch, no scripted discovery. Just a candid conversation about the outcome you need and whether I'm the right person to help you get there.

Sagar Kamra — Independent Cyber & Digital Specialist, Sydney

All initial conversations are confidential. Engagements operate under NDA where required.