Develop cyber capabilities for the future
We help you develop a long-term pragmatic plan to build and maintain cyber security capabilities aligned to your risk profile and business objectives.
We ensure that the strategy is mapped closely to your organisation’s risk mitigation objectives to build a defensible approach and roadmap to maturing your cyber security capabilities.
Services
Our process starts with an analysis of strategic drivers. We look at the different businesses, technology, security and regulatory drivers to determine the security vision, goals and objectives to address the drivers.
Cyber Security Program Development
Detailed plan of action, including initiatives, project scope and a prioritised roadmap of execution, aligning budget and progress expectations.
Alignment of strategic projects and initiatives to risk mitigation objectives to allow organisations to visualise risk reduction.
Target Operating Model
We define the target state, assess the current state and build a set of initiatives aimed at achieving it.
We co-design target state governance and operating models with clear definitions of roles and responsibilities to ensure that newly built capabilities can be maintained and supported in the long-term.
Project Planning & Cost Analysis
We also help you create detailed project scopes with cost and resource estimates to ensure that the roadmap is prioritised realistically and prepare you for the next step of business case documentation and endorsement.
Best Suited For
Any organisation at any point in their cyber journey, including:
- Organisations with limited cyber capabilities who need guidance on how to start building capability.
- Organisations ready to move from reactive to proactive to security.
- Organisations who are established & mature and have reached a state of plateau and looking to re-assess and improve.
Our Cyber Strategy & Roadmap Development Experts
Our expert team have diverse and in-depth experience to build long-term cyber capabilities.
Jennifer Vu
Jennifer is the Head of Advisory Services and leads the cyber strategy and GRC capability at Skylight Cyber.
As an experienced cyber security consultant, she specialises in delivering pragmatic and risk-driven cyber security strategies, assessments and cyber risk management services to her clients. Jennifer has engaged with CISOs and cyber security teams to build their security organisations and successfully gain funding for their programs. She also has experience in getting into the weeds of cyber risk management to design, implement and run client's GRC processes and capabilities.
Additionally, in her most recent previous role at NSW Government, she has helped create the 2021 NSW Cyber Security Strategy and led the development and delivery of the first NSW government-wide training sessions for executives and senior management across all departments of NSW government.
Jennifer holds a Bachelor of Information Systems (Co-op) (Honours) from the University of New South Wales (UNSW).
.svg)
Jimmy Hong
Jimmy is a senior cyber security and strategy consultant, specialising in cyber risk management and governance, and cyber security strategy. He excels in customising critical industry standards such as the ISM, ACSC Essential Eight, ISO 27001, and NIST to align with the unique needs of client organisations, as well as a deep understanding of regulatory compliance requirements such as GDPR and PDPA. This ensures their cybersecurity strategies are effective and well-integrated with business objectives.
Additionally, Jimmy is skilled in information security contractual negotiations and third-party risk management, providing comprehensive safeguards and compliance strategies for organisations.
Jimmy’s consultancy work covers a broad spectrum of sectors, including government agencies, private entities, and global financial institutions. His impact is noted with significant contributions for clients across Australia, Europe, and Asia.
He holds a Bachelor and Master of Electrical Engineering with a focus in Telecommunications from the University of New South Wales.
Mischa Tanne
Mischa is senior cyber security consultant with comprehensive experience delivering governance, risk, and compliance engagements. He has worked with clients to assist them in complying with industry standards and frameworks as well as regulations and laws, including ISO 27001, NIST CSF, ACSC Essential Eight, and GDPR. Mischa has also served as a vCISO, acting as the client’s on-call cyber security expert while also coordinating efforts to increase security practically. Mischa always makes an emphasis to provide business-led cyber security advice in order to provide practical advice to uplift maturity that has the most benefit.
Mischa’s consulting experience has included engagements with national, state, and local governments, public, and private sector clients, across both the APAC and EMEA regions.
He holds a Bachelor of Economics and a Bachelor of Art from the University of Sydney with majors in Econometrics, Financial Economics, and Political Economy. In his focus on continual development, he has also attained industry certifications including CompTIA Security+, and ISC2 Certified in Cybersecurity.
FAQs
We take a hands-on, co-design approach and have regular engagements with various stakeholders across the organisation. In the early phases, we work across all key stakeholder groups as defined by you and work particularly closely with cyber/IT security teams.
No contentYes, our strategic services not only define the security vision and target state but develop pragmatic cyber security initiatives which underpin them. We also help with budgets, resourcing and establishing key roles and responsibilities across the organisation.