Verified Credentials
Holding industry-recognised certifications that underpin every engagement.
What I Deliver
Cybersecurity Management Systems (ISMS & CSMS)
I specialise in defining, implementing, and assessing cybersecurity management systems, including ISO 27001 Information Security Management Systems (ISMS) and IEC 62443-2-1/ISA99 Cybersecurity Management Systems (CSMS), ensuring comprehensive protection for your business. An ISMS governs information security across your IT environment; a CSMS extends this into OT/ICS environments where operational continuity and safety are critical.
Compliance & Framework Alignment
With proven experience aligning organisations with NIST and AESCSF frameworks, I provide both local and remote assessments of compliance with best practices, aligned with the ACSC Essential Eight and corporate policies. My approach includes detailed rectification reports, actionable remediation plans, and hands-on implementation to minimise risk to your operations. I also support SOCI Act Risk Management Program (RMP) development for operators of critical infrastructure assets.
Risk Assessment & Security Design
I bring extensive expertise in conducting risk assessments and security threat analysis, with solution design based on IEC 62443-3-2 (zone and conduit model) and IEC 62443-3-3 standards, or TS50701 for the transport sector. Risk management is conducted in accordance with IEC 31000 principles. My services also encompass design and deployment of security technologies, from antivirus and firewalls to NIDS, WAF, encryption, and SIEM for real-time detection and monitoring.
OT/IT Network Segmentation & Architecture
Effective separation of OT and IT networks is foundational to industrial cybersecurity. I design and implement network segmentation architectures aligned with the Purdue Reference Model and IEC 62443 zone and conduit principles — including DMZ design, data diodes, unidirectional gateways, and firewall rule sets tailored to OT protocol requirements (DNP3, Modbus, OPC-UA).
Cybersecurity Awareness Training
I offer tailored cybersecurity awareness training to build a strong security culture, educating your team on common threats and reinforcing best practices — especially for Operational Technology (OT) environments where staff may not have traditional IT security exposure. Training is designed to be practical and sector-relevant, not generic.
Compliance Landscape
Engagements are routinely aligned to the following frameworks depending on your sector, regulatory obligations, and risk appetite.
IEC 62443 — Industrial Cybersecurity
The primary international standard series for securing Industrial Automation and Control Systems (IACS). Covers security management (Part 2), risk assessment methodology (Part 3-2), and system-level security requirements (Part 3-3). Certified ISA/IEC 62443 Cybersecurity Expert.
AESCSF — Australian Energy Sector
The Australian Energy Sector Cybersecurity Framework, developed by AEMO, provides maturity assessment and improvement pathways for electricity and gas market participants. Assessments align with AESCSF profiles and identify prioritised improvement actions.
ACSC Essential Eight
The ACSC's eight prioritised mitigation strategies, assessed against Maturity Levels 0–3. Covers application control, patching, macro settings, user application hardening, restricting admin privileges, patching operating systems, multi-factor authentication, and regular backups.
SOCI Act — Security of Critical Infrastructure
The Security of Critical Infrastructure Act 2018 (and amended) requires operators of critical infrastructure assets — electricity, water, gas, transport, and more — to register assets, report incidents, and maintain Risk Management Programs (RMPs). I assist organisations to scope, develop, and maintain compliant RMPs.
Discuss Your Cybersecurity Requirements
Contact Adam to arrange a scoping discussion for your assessment or implementation project.