Home > About
About Us

Built for government and defence environments

Strategic Cyber was founded by practitioners who saw organisations struggling to meet government and defence security requirements in practice. We're a focused team that works directly with clients to assess, validate, and improve their security posture.

Our story

Founded in Canberra, Strategic Cyber was built by practitioners working inside government and defence environments who saw a consistent problem: security frameworks were being interpreted, documented, and reported on — but not always implemented or validated in a way that held up under scrutiny.

Organisations were being asked to meet ISM, PSPF, DISP, and Essential Eight requirements without clear guidance on what 'good' looked like in practice. Some were over-engineering solutions. Others relied on documentation that did not reflect how controls actually operated.

We established Strategic Cyber to provide a more grounded approach — one focused on control effectiveness, evidence, and real-world implementation. Our team has worked within federal government and alongside industry, implementing, assessing, and advising on security controls in complex environments. We don't just interpret frameworks — we validate how they operate in practice and help organisations demonstrate that clearly.

Strategic Cyber team in a working session

Our mission: To help organisations operating in government and defence environments understand their security posture, validate control effectiveness, and maintain compliance with confidence.

We work with organisations that need to strengthen their security posture, meet mandatory requirements, and manage cyber risk in complex environments. Our approach is practical, evidence-based, and tailored to your context — not a one-size-fits-all framework exercise.

What Makes Us Different

Built on practitioner foundations

We're not a traditional consulting firm. Here's what sets us apart.

Canberra-based, government-aligned

We operate within the federal government environment and understand how security requirements are interpreted and applied in practice.

Security-cleared practitioners

Our consultants hold AGSVA clearances and have worked within government environments, not just alongside them.

In-house IRAP capability

Where required, we can support assessments involving classified systems with ASD-accredited capability on the team.

Focused on control effectiveness, not documentation

We assess whether controls operate as intended and can be evidenced — not just whether documentation exists.

Experienced across government and defence frameworks

We work with ISM, PSPF, DISP, and Essential Eight in operational environments.

Aligned to how your organisation operates

We work with your stakeholders to ensure findings and recommendations are practical, understood, and able to be implemented.

Our Values

How we work

Practical, not theoretical

We deliver recommendations that can be implemented within your operating environment — aligned to your systems, constraints, and priorities.

Clarity over jargon

We translate complex frameworks into clear, actionable guidance that can be understood and applied across your organisation.

Focused on outcomes, not deliverables

We structure our work to support decisions, remediation, and defensible reporting — not just produce documentation.

Meet the team behind SC

Strategic Cyber is led by senior practitioners with hands-on experience in government and defence environments. We work directly with our clients, bringing practical insight into how security requirements are applied in real-world settings. Engagements are led by senior practitioners and supported by analysts where appropriate — maintaining continuity, context, and accountability throughout delivery. Our approach is focused on validating control effectiveness, strengthening evidence, and supporting decisions that hold up under scrutiny.

Explore the Team
Proven in government environments

Proven in government environments

Supporting multi-year federal engagements with ongoing contract extensions

Delivering assessment and compliance outcomes across Defence and Commonwealth agencies

Applying ISM, PSPF, DISP, and Essential Eight in operational environments

What sets us apart

What sets us apart

We assess how controls operate in practice and whether they can be evidenced

Engagements are led by senior practitioners with consistent accountability

We apply frameworks in operational environments, not as theoretical models

Credentials

Credentials

In-house IRAP assessor capability

Industry certifications including CISM

Security-cleared practitioners (as required)

Technical partnership with Tenable

Ready to strengthen your security posture?

Talk to our team about your compliance needs. We'll respond within one business day.

Get in Touch Book a Free Health Check

Or call us on (02) 6152 8342