Case Studies

Real
programs.
Real results.

We work with organisations that have complex cyber challenges and real deadlines. Below is a selection of engagements — anonymised where required — that reflect the kind of work we do and how we do it.

Clients we've worked with
Client
Logo
Client
Logo
Client
Logo
Client
Logo
Client
Logo
Client
Logo
Security Roadmap Delivery
GRC & Compliance
Cyber Project Management
APRA CPS 234
Security Architecture
Business Analysis
ISM & Essential Eight
Healthcare & Financial Services
Security Roadmap Delivery
GRC & Compliance
Cyber Project Management
APRA CPS 234
Engagements

Selected work.

Healthcare
01
Major Australian Health Insurer
APRA CPS 234 compliance program delivery
The client faced an APRA supervisory review with significant gaps in their information security capability framework. We embedded a senior Cyber PM and GRC specialist to take ownership of the compliance program — assessing current state, mapping gaps, coordinating remediation workstreams, and preparing the board-level reporting pack required for regulatory submission.
Roles placed
Cyber PM · GRC Specialist
Duration
9 months
Frameworks
APRA CPS 234 · Privacy Act
Outcome
Regulatory submission completed on time. Board-level ISCP approved. Zero findings escalated from APRA review.
Financial Services
02
Tier 2 Australian Bank
Security architecture for core infrastructure modernisation
A major infrastructure modernisation program needed security embedded from the start, not bolted on at the end. We placed a senior Security Architect who worked alongside the infrastructure and cloud teams to design and validate the security architecture across network, identity, data, and endpoint domains — ensuring compliance with APRA and the bank's own security standards.
Roles placed
Security Architect
Duration
12 months
Frameworks
APRA CPS 234 · NIST CSF
Outcome
Security architecture signed off by CISO. Program delivered on schedule with no security-related delays. Architecture adopted as bank standard for future programs.
Insurance
03
National General Insurer
Essential Eight uplift and third-party risk framework
The client had stalled at Maturity Level 1 across most Essential Eight controls and lacked a structured approach to third-party cyber risk. We embedded a Cyber BA and PM team to assess current maturity, prioritise uplift across the eight controls, manage vendor risk assessments, and build a repeatable third-party risk management framework.
Roles placed
Cyber PM · Business Analyst
Duration
6 months
Frameworks
Essential Eight · ISM
Outcome
Reached ML2 across 6 of 8 controls within engagement. Third-party risk framework implemented and adopted by procurement team.
// Additional case studies — duplicate the block above and fill in your engagement details
Work with us

Your program could be next.

If you have a cyber program that needs experienced hands — or a compliance deadline that's getting closer — let's talk.

Start a conversation →