About Us

Security Centric offer information and cyber security consulting services alongside professional engineering services. Founded in 2012, our mission is to genuinely help organisations better understand risk in the context of information security, and work with you to ensure appropriate measures are in place to effectively manage these risks on an ongoing basis.

Our Australian-based team of consultants and skilled engineers have extensive experience performing a range of cyber security services for organisations spanning across multiple industries, including government, banking and financial, manufacturing, retail, and health.


Security Centric consultants and engineers have applied a comprehensive information security methodology to protect the systems, services and environments entrusted to them by the owners of valuable, sensitive and sometimes highly classified information of the Department of Defence, the Intelligence community, and Federal Government agencies. Experience in these demanding environments has shaped the methodology, techniques and services which are also available to the commercial sector whilst achieving strong return on investment and cost effectiveness. 

Security Centric has extensive experience with a number of compliance frameworks including PCI DSS for financial environments, IRAP and ISM for Government, sometimes classified, environments as well as the ISO 27000 range of international standards. Our involvement is both in understanding and architecting a solution as well as implementing the governance and technical solutions.  

Using a risk-based approach to systems design, Security Centric is able to achieve the desired outcomes whilst maximising functional performance and minimising cost and schedule. With experience assessing security posture, evaluating and remediating against national and international compliance frameworks, and implementing numerous security solutions, Security Centric is well placed to provide security compliance and architecture guidance. 

Security Centric has applied this expertise in technical, compliance and governance aspects of information security for numerous government and non-government organisations.  

Who We've Worked With



Service Line Offering

Business lines are arranged to facilitate the full lifecycle capability and also provide a ready-to-use information security function for our partners.


The consulting line features strong capabilities in business risk, governance, compliance including regulated industries and designing pragmatic security transformational projects.

Risk Best Practices CSA, NIST, ASIC, APRA
Cyber Maturity Assessment Privacy Act, ISO 27005, ISO 27017, ISO 27032
Penetration Testing External Infrastructure, Internal Infrastructure, Web Applications, Wireless Networks, API, Social Engineering/Phishing, Industrial Systems
Compliance Standards/Frameworks ISO 27001 & 27017, IRAP ISM, PCI DSS, Privacy Act, NIST, GDPR, APRA, ASIC, NSW DISP.
Assessment Scoping and Applicability, Gap Analysis, Pre-Audit (Preparedness), Cyber Security Maturity Assessment.
Remediation Remediation Program Development, Governance Formation, Policy Development, Technical Control Implementation, Continuous Improvement Program, Certification, Program Management.


Professional Services

A logical extension from this is a team of subject matter experts and engineers to either lead projects, provide targeted specialist advice or supplement existing engineer resources as required. This also ensures hands-on experience, usually across multiple vendors, drives pragmatic consulting recommendations rather than easy to recommend but difficult to implement or maintain audit findings.

Network Security  
Hardening Security Architecture Design, Windows, Linux, Access, Authentication & Authorisation, Process Control, IoT (Internet of Things).




Managed Security Services:

Our client partners commonly find that achieving a good security baseline is only part of the challenge, and thus Security Centric’s managed services unit has developed tools, techniques, processes, platforms and automation to maintain a chosen security posture over time whilst minimising the impact on internal resources and providing value for money.

Our clients make use of all of these units as required, performing as a de-facto information security department with numerous subject matter experts and ready-to-consume technology platforms, without the overhead and cost of building this capability internally. This extends over and above merely a monitoring service, but one that works alongside the board and executive to manage stakeholder expectations surrounding information security.

Technical Event Monitoring, Threat Detection, Technical Exposure Monitoring and Alerting, Security Program Management, Compliance Program Management.
Personnel CISO as a Service, Security Architects, Change Review Board.





Incident Response

Proactive Preparedness and Detection
Reactive Response, Triage, and Forensic Analysis.


Certifications & Qualifications

Information Security Management System (ISO)
ISO 27001 Lead Auditors and Lead Implementers possess an understanding of enterprise information security risk management.
InfoSec Registered Assessors Program
The program, run by the Australian Signals Directorate, that assesses ICT environment for processing and storing classified data. Security Centric has multiple assessors to satisfy resource demands.
Security Cleared Personnel
Consultants and engineers maintain SECRET or TOP SECRET security clearances. This means those personnel discovering vulnerabilities in your systems are properly vetted.
Council of Registered Ethical Security Testers
The leading Australian authority for the certification of penetration testers. Required by many government bodies and banks.
Offensive Security Certified Professional
The leading international certification for penetration testing. Candidates are assessed during a 24 hour practical examination.
Certified Information Systems Security Professional
CISSP candidates are peer evaluated to validate fulltime work experience and formal education to effectively design, implement and manage a best-in-class cybersecurity program, drawing from a comprehensive, up-to-date, global common body of knowledge of new threats, technologies, regulations, standards, and practices.
Certified Information Security Manager
The CISM certification indicates expertise in information security governance, program development and management, incident management and risk management.
Sherwood Applied Business Security Architecture
SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.
Payment Card Industry Qualified Security Assessor
Audit and certify environment processing and storing credit card transactions.