Skip to content
IC Inline Code
Book a discovery call

Practice

Services

Two practice areas — AI governance and offensive/defensive security — under a single accountable practitioner. Five engagement models. Each one solves a distinct problem, and each compounds into the others. Most clients enter through one of the posture assessments, convert to the fractional role, and add enablement or testing work as their footprint grows.

Durable revenue

Fractional AI and Information Risk Officer

From AUD 8,000 per month

Named individual carrying accountability for AI and information risk to the board. Twelve-month engagement with quarterly review points.

  • Quarterly posture re-assessment and gap closure tracking
  • Maintenance of acceptable use, data classification, and vendor risk policies
  • Monitoring and audit log review against agreed control objectives
  • Vendor risk reviews for new AI tooling under consideration
  • AI incident response support, including playbook activation
  • Monthly governance operations report and quarterly board update
View full scope

Entry product · AI

AI Governance Posture Assessment

AUD 15,000 to 25,000 fixed fee

Two-week, fixed-price posture report against the NIST AI Risk Management Framework, mapped to APRA CPS 234, CPS 230, and ISO/IEC 42001:2023.

  • Discovery of AI tooling in use, including shadow AI on personal devices
  • Review of policies, contracts, and admin configurations for managed tools
  • Control gap analysis against NIST AI RMF and APRA prudential standards
  • Threat modelling using OWASP Top 10 for LLMs and MITRE ATLAS
  • Board-ready findings report with prioritised remediation roadmap
  • Optional one-hour board or committee briefing
View full scope

Defensive baseline

Security Posture Assessment

AUD 18,000 to 30,000 fixed fee

Two-week, fixed-price information security assessment mapped to ISO/IEC 27001:2022, NIST CSF 2.0, APRA CPS 234, and ASD Essential Eight maturity levels.

  • External attack surface, cloud and SaaS, identity, and EDR coverage review
  • Document and configuration review against the relevant control framework
  • Stakeholder interviews built around evidence, not policy claims
  • Threat modelling against MITRE ATT&CK for the realistic adversary
  • ASD Essential Eight maturity scoring with evidence
  • Posture report, prioritised roadmap, and optional board briefing
View full scope

Offensive security

Penetration Testing

AUD 12,000 to 90,000 by engagement type

Manual penetration testing delivered by a certified offensive practitioner. Web application, API, cloud, internal network, and red team engagements — no automated scans rebranded as pen tests.

  • Web application, API, cloud configuration, network, and red team scopes
  • Methodology aligned to OWASP, PTES, NIST SP 800-115, and MITRE ATT&CK
  • CVSS-rated findings with reproduction steps and evidence
  • Continuous reporting on critical issues during the engagement
  • Free retest of all findings within 60 days of report delivery
  • Compatible with APRA CPS 234, SOC 2, and ISO 27001 audit evidence
View full scope

Implementation

AI Automation Enablement

Scoped to engagement

Safe deployment and configuration of enterprise AI tooling. We bridge the gap between adopting AI and governing it.

  • Microsoft 365 Copilot, ChatGPT Enterprise, Claude Enterprise rollout
  • Admin console hardening: SSO, SCIM, retention, audit log export
  • DLP and data classification integration for AI inputs and outputs
  • Internal agent and workflow automation with control hooks built in
  • Acceptable use, prompt hygiene, and training collateral
  • Handover to internal owners with documented runbooks
View full scope

Get started

Bring AI risk under board oversight in two weeks.

A thirty-minute discovery call costs nothing. We confirm fit, scope, and timing, then issue a fixed-fee statement of work within two business days.

Book a discovery call Free maturity assessment