Zero
Non-conformities across 6 ISO 27001 audits
Designed and led the ISMS through six consecutive surveillance and recertification cycles without a single non-conformity.
Sydney · Independent Specialist · Est. 2006
Fractional CTO advisory paired with independent cyber and digital specialist services — for government providers, not-for-profits and mid-market organisations who need technology strategy, defensible governance and audit-ready controls without retaining a Big Four engagement.
By the numbers
19+
Years in IT & Security
6
Consecutive ISO 27001 audits, zero non-conformities
18
Subcontractor RFFR assessments led
ML3
Essential Eight, 5 years sustained
Specialist services
Fractional CTO accountability — technology strategy, architecture and delivery oversight without the full-time cost.
Learn moreExecutive-grade security leadership on a fractional retainer — risk, strategy, board and regulator reporting.
Learn moreDelivery-focused vCISO — ISMS ownership, control execution and audit prep on a defined scope.
Learn moreImplementation, gap assessment and certification readiness designed to pass external audit and operate sustainably.
Learn moreACSC ISM preparation, System Security Plan authoring and assessor liaison — end to end.
Learn moreIndependent maturity assessments and pragmatic roadmaps to ML2 / ML3 — no over-engineering, no vendor agenda.
Learn moreWhy clients engage me
CEOs, CIOs, boards and risk committees engage me for clarity, accountability and audit-ready outcomes — without the bloat of a tier-one consultancy.
Technology strategy, architecture and security governance from a single accountable operator — no handoffs between a CTO advisor, vCISO and integrator.
No product quotas, no vendor incentives. Advice is calibrated to your risk, budget and roadmap — not a partner programme.
I've owned the program — CTO, CISO and delivery leadership across hybrid Microsoft, Azure and SaaS estates — not just audited it.
Six consecutive ISO 27001 surveillance and recertification audits delivered with zero non-conformities.
Frameworks & expertise
Deep working knowledge of cloud architecture, Microsoft platforms, and ACSC, ISO and NIST control sets — translated into pragmatic, auditable technology programs for organisations operating under government and regulator scrutiny.
Selected engagements
Zero
Designed and led the ISMS through six consecutive surveillance and recertification cycles without a single non-conformity.
18
Led Right Fit For Risk readiness for a government provider and its subcontractor network — uplifted to government expectations.
ML3
Took an organisation from baseline to Maturity Level 3 and held it through hybrid Microsoft and SaaS environments.
Case studies
Employment services · Government-contracted provider
Led Right Fit For Risk readiness for a Commonwealth-contracted provider and 18 of its subcontractors — from fragmented baselines to a common ACSC ISM / Essential Eight posture.
Read case studyRegulated services · Mid-market
Designed and led an ISO 27001 Information Security Management System through six consecutive surveillance and recertification audits — every cycle closed with zero non-conformities.
Read case studyNot-for-profit · Commonwealth-adjacent
Led a not-for-profit through an IRAP assessment against the ACSC ISM — from ad-hoc controls to a defensible System Security Plan and a clean assessor engagement.
Read case studyCertifications




















How we work together
A confidential conversation to understand context, drivers, regulators and the outcome that matters.
Structured review of current state against the relevant framework — ISO 27001, Essential Eight, RFFR or ISM.
A prioritised, costed plan calibrated to your risk appetite, change capacity and certification timeline.
Hands-on specialist support through implementation, audit and continuous improvement.
Client perspectives
Names withheld · scroll to read
Identities of clients and organisations withheld. Full references available on request under NDA.
Begin the conversation
A 30-minute Fractional CTO call — no pitch, no scripted discovery. Just a candid conversation about the outcome you need and whether I'm the right person to help you get there.

All initial conversations are confidential. Engagements operate under NDA where required.