Tailored cyber risk management
We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas.
We can help you build or run these processes either as a dedicated external team or complementary to your internal risk team.
Services
Cyber Risk and Threat Modelling
Alongside our offensive security team, we establish the critical cyber risk scenarios that are relevant to your business.
We help you create a common language between cyber security and technology teams and the business by removing unnecessary technical jargon from your risk scenarios. Our cyber risk and threat modelling approach allows you to communicate and prioritise cyber risk against other business risks seamlessly.
We help you build different levels of cyber risk scenarios from strategic scenarios used to report to executives and the board, to operational risk scenarios to be used by cyber security and technology teams to identify operational cyber risks and issues.
Cyber Risk Management Capability Design
Continual cyber risk management is necessary to proactively identify and manage your organisation’s cyber security risks. We can help you design and implement the needed cyber risk management capabilities to identify and manage cyber risks and control gaps for your organisation.
We can help you build effective governance frameworks to ensure continued visibility into the risks that the organisation face. Additionally, we can work alongside organisations to stand up their capabilities to ensure that personnel and the organisation feel sufficiently trained and comfortable with newly developed frameworks and processes.
Cyber Reporting Metrics
Cyber security reporting metrics are essential for organisations to measure and understand the effectiveness of their cyber security posture.
We can help you design different levels of cyber security reporting metrics to be used with your operational teams all the way to your executives to clearly and accurately measure control effectiveness and performance. Our metrics will allow you to identify control performance weaknesses as soon as practical and processes to drive improvement in your operations.
Control Framework and Library Development
We can help you build a control framework and library that is aligned with your organisation’s risks and regulatory obligations.
We can help you tailor your controls to your organisation’s risk appetite to ensure that we balance risk mitigation benefits and control costs to ensure that you achieve the right level of security.
We build a process around your control framework and library to ensure that it is functional and integrated into your wider cyber risk management processes so the organisation has a clear understanding of what and how it should be implementing security.
3rd Party Risk Management (TPRM) Program
As organisations are increasingly reliant on outsourcing to third-party vendors or service providers, so are the risks you are faced with.
Risks associated with third parties include access to your network, sensitive commercial information, your customers' information and much more. As such, 3rd party risk management should be a critical component of overall cyber risk management.
Beyond the typical third party questionnaires, we can help you design a holistic third party risk management program and processes that target the unique third party risks that your organisation faces to reduce your exposure when inevitably a third party is compromised.
Our Cyber Risk Management Experts
We have diverse and in-depth experience across all areas of cyber risk management.
Jennifer Vu
Jennifer is the Head of Advisory Services and leads the cyber strategy and GRC capability at Skylight Cyber.
As an experienced cyber security consultant, she specialises in delivering pragmatic and risk-driven cyber security strategies, assessments and cyber risk management services to her clients. Jennifer has engaged with CISOs and cyber security teams to build their security organisations and successfully gain funding for their programs. She also has experience in getting into the weeds of cyber risk management to design, implement and run client's GRC processes and capabilities.
Additionally, in her most recent previous role at NSW Government, she has helped create the 2021 NSW Cyber Security Strategy and led the development and delivery of the first NSW government-wide training sessions for executives and senior management across all departments of NSW government.
Jennifer holds a Bachelor of Information Systems (Co-op) (Honours) from the University of New South Wales (UNSW).
.svg)
Jimmy Hong
Jimmy is a senior cyber security and strategy consultant, specialising in cyber risk management and governance, and cyber security strategy. He excels in customising critical industry standards such as the ISM, ACSC Essential Eight, ISO 27001, and NIST to align with the unique needs of client organisations, as well as a deep understanding of regulatory compliance requirements such as GDPR and PDPA. This ensures their cybersecurity strategies are effective and well-integrated with business objectives.
Additionally, Jimmy is skilled in information security contractual negotiations and third-party risk management, providing comprehensive safeguards and compliance strategies for organisations.
Jimmy’s consultancy work covers a broad spectrum of sectors, including government agencies, private entities, and global financial institutions. His impact is noted with significant contributions for clients across Australia, Europe, and Asia.
He holds a Bachelor and Master of Electrical Engineering with a focus in Telecommunications from the University of New South Wales.
Mischa Tanne
Mischa is senior cyber security consultant with comprehensive experience delivering governance, risk, and compliance engagements. He has worked with clients to assist them in complying with industry standards and frameworks as well as regulations and laws, including ISO 27001, NIST CSF, ACSC Essential Eight, and GDPR. Mischa has also served as a vCISO, acting as the client’s on-call cyber security expert while also coordinating efforts to increase security practically. Mischa always makes an emphasis to provide business-led cyber security advice in order to provide practical advice to uplift maturity that has the most benefit.
Mischa’s consulting experience has included engagements with national, state, and local governments, public, and private sector clients, across both the APAC and EMEA regions.
He holds a Bachelor of Economics and a Bachelor of Art from the University of Sydney with majors in Econometrics, Financial Economics, and Political Economy. In his focus on continual development, he has also attained industry certifications including CompTIA Security+, and ISC2 Certified in Cybersecurity.
