Case Studies
Advert Media Limited (Skool Loop), New Zealand - ST4S Certification
Guided Skool Loop through the implementation of the Safer Technologies 4 Schools (ST4S) initiative, a national privacy and security framework for digital products in K-12 education.
Conducted comprehensive privacy and security assessments across their educational technology platform.
Developed tailored policies and procedures to meet stringent educational data protection requirements.
Successfully achieved ST4S certification, enabling continued service delivery to New Zealand schools.
Vodafone (One New Zealand) - Enterprise Security Audit
Led a comprehensive security audit framework across 100+ systems containing personally identifiable information (PII).
Implemented NIST CSF Cybersecurity Framework controls enterprise-wide, covering several hundred systems across multiple business units.
Developed risk management processes to identify security vulnerabilities and delivered detailed executive presentations on findings and remediation strategies.
Established ongoing compliance monitoring processes that significantly reduced the organization’s security risk exposure.
Ports of Auckland - IT Security Risk Management
Established a comprehensive IT risk management program covering both traditional IT and operational technology infrastructure.
Implemented security controls that measurably reduced security incidents across critical port operations.
Led security awareness training for 500+ employees, significantly improving the organization’s security culture.
Developed structured processes for proactive risk identification and delivered executive-level security risk reporting.
Downer Group, Australia & New Zealand - ISO 27001 Implementation
Developed and implemented ISO 27001 Information Security Management System (ISMS) across the organization’s IT infrastructure.
Conducted comprehensive compliance audits and established security governance frameworks aligned with industry best practices.
Created security policies, procedures, and training programs to ensure effective system management and risk mitigation.
Successfully guided the organization through ISO 27001 certification process, enhancing their competitive position in the construction sector.
Bank of New Zealand, BNZ, New Zealand - APRA CPS234 Compliance Programme
Led technical business analysis for BNZ’s NIST 800-53 based Information Security Controls programme under CPS234 regulatory requirements. Designed and delivered policy, process, and procedure changes to enable sustainable compliance with banking regulations.
Translated complex regulatory requirements into pragmatic, business-fit solutions while balancing operational constraints.
Established effective controls testing framework that met APRA’s stringent information security requirements for critical banking infrastructure.
Auckland Savings Bank, ASB, New Zealand - Identity & Access Management (IDAM) Programme
Conducted comprehensive audit of 7 Identity and Access Management controls for critical IT systems under APRA CPS234 requirements.
Led technical analysis and redesign of IAM controls to meet banking regulatory standards.
Implemented robust testing and compliance validation processes with enhanced reporting mechanisms for board-level governance.
Delivered project leadership for a 13-person technical team, ensuring on-time delivery of critical regulatory compliance outcomes.
Umbrellar, Internet Web Hosting, New Zealand - auDA Certification
Guided Umbrellar through the complex auDA (Australian Domain Administration) certification process for their cloud hosting services.
Conducted comprehensive security assessments and implemented governance frameworks to meet strict Australian domain registry requirements. Developed policies and procedures covering data protection, security controls, and operational resilience.
Successfully achieved auDA certification, enabling the organization to provide critical domain infrastructure services to Australian businesses.
ACC, New Zealand - Disaster Recovery Planning
Completely rewrote ACC’s Disaster Recovery Plan to meet modern business continuity requirements and regulatory standards.
Conducted thorough risk assessments and business impact analyses to identify critical systems and recovery priorities.
Developed comprehensive testing procedures and recovery scenarios to ensure plan effectiveness during actual incidents.
Established ongoing maintenance processes to keep the DR plan current with evolving technology and business requirements.