Case studies
Outcomes that hold up under audit.
Selected engagements — client identities withheld under NDA. Sectors and metrics are real. Full references available on request under NDA.
Employment services · Government-contracted provider
RFFR uplift across 18 subcontractor organisations
Led Right Fit For Risk readiness for a Commonwealth-contracted provider and 18 of its subcontractors — from fragmented baselines to a common ACSC ISM / Essential Eight posture.
Regulated services · Mid-market
Six ISO 27001 audits. Zero non-conformities.
Designed and led an ISO 27001 Information Security Management System through six consecutive surveillance and recertification audits — every cycle closed with zero non-conformities.
Not-for-profit · Commonwealth-adjacent
IRAP-ready not-for-profit, on a not-for-profit budget
Led a not-for-profit through an IRAP assessment against the ACSC ISM — from ad-hoc controls to a defensible System Security Plan and a clean assessor engagement.
Considering a similar engagement?
A 30-minute confidential call — no pitch. I'll tell you honestly whether an approach like this will work for you.