-
Starter Cyber Health Check
Quick clarity and a do-first plan in 2–3 weeks.
Scope: 10-area review (governance, identity, devices, email/web, backups, third-parties etc) mapped to recognised frameworks
Approach: Short interviews + evidence sampling (business + IT/MSP)
Outputs: Report containing — Risk heatmap, one-page leadership summary, technical findings and prioritised 90-day plan
Focus: Quick wins, top risks, foundational controls
Best for: New programs, lean teams, or time-boxed assurance
-
Comprehensive Cyber Health Check
Deeper assurance across 10 areas with evidence backed controls and measurable uplift.
Scope: Full 10-area assessment mapped to recognised frameworks
Approach: Interviews + targeted evidence review + hands-on config checks
Extras: An expanded assessment across the 10 areas from the Starter: hands-on secure config checks, sample control walkthroughs, detailed findings and recommendations and a summary pack you can reuse for audits/insurers
Outputs: Report containing — Risk heatmap, leadership summary with key decisions, detailed technical findings & recommendations for IT/MSP, and a roadmap with owners & effort
Best for: Executive/board assurance, audit/readiness, organisations seeking security uplift
Other Services
Assess & Prioritise
Start with clarity. We identify what matters most, where you’re exposed, and the practical next steps. You get a short, prioritised plan you can execute in weeks.
Assess & Prioritise
Pick and combine (menu of options)
Cyber Health Check — baseline posture + top risks
Penetration Testing — Web applications, external footprint, cloud infrastructure, WiFi testing and network infrastructure
Essential Eight (E8) Snapshot — quick wins + target level
Crown-Jewels Review — critical systems/data focus
Data-Flow Mapping — what you hold, where it goes, who touches it
Network Overview — dependencies + weak links
90-Day Action Plan — owners, effort, milestones
Executive/Board Summary — plain-English, one page
Who’s it for
Organisations needing a clear starting point; leaders wanting confidence for next steps
Outcomes
Executive team/board-ready summary in plain English
Prioritised risk heatmap and visibility of key dependencies (so the next moves are obvious)
Risk-based, prioritised remediation roadmap
Strengthen & Govern
Right-sized policies, controls and secure configuration—without the jargon. We map your obligations to workable controls—privacy, sector rules and security standards—so teams can follow them and IT/MSP can deliver.
Hardening & governance menu
Policy & Standards Pack — short, usable policies (AUP, Access, Backup, Incident, Retention)
Essential Eight Uplift & Measurement — plan, targets, simple tracking
Secure Configuration Review — M365/Intune/Defender; App Control/ASR, firewall rules and configuration
Email & Domain Trust — SPF / DKIM / DMARC recommendations for tuning & monitoring
Vulnerability & Patch Rhythm — roles, cadence, reporting
Access Governance (JML) — Onboarding & offboarding, regular access reviews; tidy privileged roles
Backup & Patch Assurance — independent checks & co-ordination of restore tests
Compliance/Audit Readiness — evidence set, control mapping, “show-me” pack
Privacy Essentials — Minimisation, retention, privacy-by-design
Third-Party/SaaS Review — due diligence, questionnaires
Docs that Stick — source-of-truth diagrams, SOPs; vendor liaison
Identity & Access Sprint — Conditional Access basics, emergency accounts
Sector Packs — APRA CPS 234, SOCI basics, health/aged-care privacy, PCI DSS SAQs
Who’s it for
Organisations wanting structure that sticks; IT/MSP teams needing clear direction
Outcomes
Usable policy set and measurable uplift mapped to your regulatory and industry requirements
Audit-ready evidence pack and clear patch/backup assurance
Prepare & Respond
Incidents happen. We set roles, steps and recovery you’ve tested—so downtime is limited and recovery is predictable. RTO/RPO targets explained in plain English.
Response & recovery menu
Incident Response Plan — roles, triggers, first-hour actions
Playbooks — mailbox compromise, ransomware, data loss
Tabletop Exercises — execs/IT/MSP; ransomware drill + tune-up
Backup & Recovery Review — restore tests; RTO/RPO agreed and documented
BCP/DR — practical recovery targets + short playbook
Logging & Alerts — turn on essentials so suspicious activity is visible
Privacy & Breach Readiness — triage, evidence handling, notification templates
Crisis Comms Pack — draft language for customers, regulators, media
SaaS Backup Strategy — pragmatic options for Microsoft 365 and key cloud apps
Who’s it for
Teams wanting to be ready before it happens; boards seeking assurance
Outcomes
Tested backup/restore with clear RTO/RPO and a first-hour playbook
Tabletop report with actions and a concise crisis communications pack
People, Culture & Awareness
Make secure behaviour the default. Short, engaging sessions for teams, business-focused briefings for frontline staff and leaders, and simple guides for everyday tasks.
Train your people
Staff Sessions (45–60 min) — practical habits, plain language - Conduct in-person or online
Awareness Program-as-a-Service — quarterly micro-learning + phishing sims + metrics
Executive/Board Briefings — Define and communicate how much cyber risk your organisation is willing to accept — with business goals in mind
Phishing-Resistant MFA Guidance — what to use, why, and how
Role-Based Quick Guides — AP/Finance, HR, field, help-desk
Supplier/MSP Ways-of-Working — handoffs, SLAs, responsibilities
Documentation Coaching — keep runbooks and diagrams current
Who’s it for
Non-technical teams and busy leaders; IT/MSP needing consistent messages
Outcomes
Higher staff resilience (phishing and behavior metrics improve quarter-on-quarter)
Leaders aligned on risk appetite and simple, repeatable talking points
Trusted Advisor (on-call)
A sounding board on tap—priorities, vendors, designs and roadmaps. We keep leaders aligned and translate strategy into tickets your IT/MSP can deliver.
Ongoing advisory
Virtual Cyber Manager/vCISO (Retainer) — part-time security lead; monthly cadence; MSP coordination
Monthly Advisory Hours & Priority Response — questions answered, issues unblocked
Security Scorecard — simple dashboard + top 5 actions each month
Second Opinions — quotes, tools, architecture
Prioritisation Clinic — keep the 90-day plan moving
Project/Change Risk Reviews — people/process/tech
Metrics Pack — risk, incidents, maturity, ROI
Cloud Cost-Security Check — reduce waste, close gaps
AI Readiness & Risk (incl. Microsoft Copilot) — use-case triage, data guardrails, vendor/model risk
Who’s it for
Founders, execs, and IT/MSP leads; organisations wanting steady momentum
Outcomes
A monthly scorecard and roadmap checkpoints that sustain progress
Faster, better-informed decisions on tools, spend, and risk trade-offs
Custom Solutions
Every business is different. We bring deep experience and a creative, adaptable approach to shape work around your goals, budget and timelines. If it touches cyber risk, we’ll help you tackle it—so you can focus on running the business.
Tailored to your needs
Engagement Models — one-off or ongoing; fixed-fee or retainer; on-site (Melbourne & suburbs) or remote (Australia-wide), co-delivery with IT/MSP
Examples — second opinions (tools/quotes/tenders); project rescue & pre-go-live reviews; audit/insurance/compliance readiness, M&A/supplier due-diligence, post-incident reviews (“build back stronger”), architecture & change reviews to launch safely
Who’s it for
Organisations with unique constraints, timelines, or regulatory needs
Outcomes
A clearly scoped statement of work with costs, milestones, and success criteria
Delivery artefacts you can keep: diagrams, policies, evidence packs, and playbooks