Frequently Asked Questions

A virtual CISO provides the strategic security leadership of a full-time Chief Information Security Officer on a flexible, part-time basis. You get board-level reporting, security strategy, programme oversight, and compliance management, without the cost of a full-time executive hire. It's ideal for organisations that need senior security leadership but can't justify or find a permanent CISO.

I work with organisations of all sizes, from SMEs that have no dedicated security function through to large enterprises that need independent assessment or supplementary leadership. My clients span financial services, healthcare, government contractors, construction, technology, and professional services.

Engagement costs depend on scope, complexity, and duration. I offer retainer-based, project-based, and ad-hoc models to suit different budgets. I'm always happy to have an initial conversation to understand your needs and provide a clear, transparent quote with no obligation.

For most engagements, I can start within 1-2 weeks. For urgent matters like incident response or time-critical compliance deadlines, I can often accommodate faster timelines.

Both. Much of my work can be done effectively remotely, but I'm available for on-site work in Sydney and can travel nationally or internationally as needed. For board briefings and workshops, in-person delivery is often preferred.

You work directly with me, not a junior consultant. I bring 22+ years of hands-on experience, an MBA, and CISSP certification. I'm vendor-neutral, I don't have products to sell, and I'm focused entirely on your organisation's best interests. You get senior expertise without the big-firm overhead and markup.

Yes. I have hands-on experience with the ASD Essential Eight, ISO 27001, NIST CSF, GDPR, CPS 234 (APRA), and the SOCI Act. I can help with gap assessments, implementation, and certification readiness.

Both. Many of my clients start with a one-off assessment or project and then move to an ongoing retainer for continued advisory. The engagement model is entirely flexible.