Contact Us
Menu
Contact Us

About Us

Security Centric is a cyber security services business made up of an experienced team of consultants and skilled engineers all based in Sydney Australia. Founded in 2012, our mission is to genuinely help organisations better understand risk in the context of information security and ensure appropriate measures are in place to effectively manage these risks on an ongoing basis.

We have extensive experience performing a range of cyber security services for organisations spanning across many industries, including government, banking and financial, retail, and health. Our practical approach to business risk simplifies cyber security and ensures effective risk management outcomes.

Full Lifecycle Capability

Security Centric has structured both its capabilities and service offering to cater to its client partner’s desire to holistically manage information security across all functional domains.

full-security-lifecycle-infographic

Each functional domain is designed to continuously improve the other functional domains. The threats, techniques and attack vectors observed across our partners as well as the public domain are used to improve detection effectiveness.

This feeds into the visibility provided by assessment activities to uncover risks to an organisation. Identified threats, risks and weaknesses are evaluated and environments secured and hardened to prevent compromise in the first instance.

Techniques used to circumvent security controls are specifically monitored, as well as signs that specific protections have been bypassed, to identify existing and new breach indicators. These techniques are fed back into the assessment and prevention/securing domains and the loop continues to improve each domain as part of a business as usual processes.

This constantly evolving and improving holistic approach to information security is a primary benefit to our partners who wish to achieve business objectives from information security rather than merely outsourcing a specific but siloed security management task, such as security monitoring.

Organisational Structure

Business lines are arranged to facilitate the full lifecycle capability and also provide a ready-to-use information security function for our partners.

org-structure

The consulting line features strong capabilities in business risk, governance, compliance including regulated industries and designing pragmatic security transformational projects.

A logical extension from this is a team of subject matter experts and engineers to either lead projects, provide targeted specialist advice or supplement existing engineer resources as required. This also ensures hands-on experience, usually across multiple vendors, drives pragmatic consulting recommendations rather than easy to recommend but difficult to implement or maintain audit findings.

Our client partners commonly find that achieving a good security baseline is only part of the challenge, and thus Security Centric’s managed services unit has developed tools, techniques, processes, platforms and automation to maintain a chosen security posture over time whilst minimising the impact on internal resources and providing value for money.

Our partners make use of all of these units as required, performing as a de-facto information security department with numerous subject matter experts and ready-to-consume technology platforms, without the overhead and cost of building this capability internally. This extends over and above merely a monitoring service, but one that works alongside the board and executive to manage stakeholder expectations surrounding information security.

Certifications & Qualifications

iso-logo-cirlc
Information Security Management System (ISO)
ISO 27001 Lead Auditors and Lead Implementers possess an understanding of enterprise information security risk management.
irap-logo-cirlc
InfoSec Registered Assessors Program
The program, run by the Australian Signals Directorate, that assesses ICT environment for processing and storing classified data. Security Centric has multiple assessors to satisfy resource demands.
dod-logo-cirlc
Security Cleared Personnel
Consultants and engineers maintain SECRET or TOP SECRET security clearances. This means those personnel discovering vulnerabilities in your systems are properly vetted.
crest-logo-cirlc
Council of Registered Ethical Security Testers
The leading Australian authority for the certification of penetration testers. Required by many government bodies and banks.
oscp-logo-cirlc
Offensive Security Certified Professional
The leading international certification for penetration testing. Candidates are assessed during a 24 hour practical examination.
cissp-logo-cirlc
Certified Information Systems Security Professional
CISSP candidates are peer evaluated to validate fulltime work experience and formal education to effectively design, implement and manage a best-in-class cybersecurity program, drawing from a comprehensive, up-to-date, global common body of knowledge of new threats, technologies, regulations, standards, and practices.
cism-logo-cirlc
Certified Information Security Manager
The CISM certification indicates expertise in information security governance, program development and management, incident management and risk management.
sabsa-logo-cirlc
Sherwood Applied Business Security Architecture
SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.
pci-logo-cirlc
Payment Card Industry Qualified Security Assessor
Audit and certify environment processing and storing credit card transactions.