Visor Consulting

Safeguard Your Information

We Advise and Assist

We work with you to plan and achieve your goals, making informed decisions along the way

We Are Qualified

Assessors, compliance auditors, and risk advisors, including
Masters of Business and Technology, Cloud Security,

CISM, CISSP, ISO 27001 Lead Auditor, IRAP

We Are Connected

We have a wide network of associates around the globe who contribute to
our team

We Are COVID SAFE

All of our Employees are fully vaccinated.

We Know Things

We research new trends in information security and provide practical, trusted advice on their security, use, and risks.

Visor Consulting

Safeguard Your Information

We Advise and Assist

We work with you to plan and achieve your goals, making informed decisions along the way

We Are Qualified

Assessors, compliance auditors, and risk advisors, including
Masters of Business and Technology, Cloud Security,

CISM, CISSP, ISO 27001 Lead Auditor, IRAP

We Are Connected

We have a wide network of associates around the globe who contribute to
our team

We Know Things

We research new trends in information security and provide practical, trusted advice on their security, use, and risks.

“People always make the best exploits. I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.”

– Elliot Alderson, Mr. Robot

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

– Bruce Schneier

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.”

– Kevin Mitnick, “The World’s Most Famous Hacker”

“Begin with the end in mind”

-Stephen Covey

“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.”

– Bruce Schneier, Protect Your Macintosh, 1994

“You can’t talk yourself out of a problem you behave yourself into.”

–Stephen Covey

“Many executives are insulated from reality and consequently don’t know what the hell is going on.”

–James Champy

“Have you tried turning it off and on again?”

“Is it definitely plugged in?”

-The IT crowd

About Us

Visor Consulting was established in 2003 as a specialised consultancy focusing on providing pragmatic, achievable, information security, risk management, and compliance expertise to our stakeholders.

We have over twenty years experience working with Government security policies and regulations and have been involved in securing some of Australia’s flagship IT initiatives.

Our Principal Consultant and founder has many years working in the highest security environments assisting the intelligence and law enforcement communities. His efforts in the intelligence community were recognised by the US National Security Agency (NSA).

We have contributed to Australian State and Federal Government policies and security related frameworks and have contributed to the development of international security standards through OASIS.

We enjoy the challenge of new and emerging technologies and have been early adopters (and assessors) of new paradigms and IT development and delivery methods. Our research strengths are in the cryptography, identity management, authentication and biometrics fields, specifically examining the security and privacy impacts and protections of these technologies.

We take a pragmatic and collaborative approach to our work and have built a reputation for achieving the desired outcome through a negotiated approach and delivering quality results.

We are achieving our goal of helping Safeguard Your Information and helping you improve your information security goals.

Advisory & Consultancy Services

We are information security specialists – helping clients safeguard their information. Our experience is wide ranging covering all aspects of the capability development life cycle. A short list of our service offerings is provided below.

We also undertake research into new technologies and are members of governance advisory boards.

Strategy & Policy

We start with the big picture – the vision and strategic plans. From there we can help develop more detailed and more technical security architectures, capability designs, and implementation plans.

We contributed to the development of the Australian Government’s Public Key Infrastructure (PKI) by helping design the Gatekeeper Framework. We also contributed to the Australian Government’s Authentication Working Group as security advisors. Later, we worked with the Queensland Government on their Information Security Governance framework (IS 18), their PKI framework, and the Queensland Government’s Authentication Framework QGAF, which was later adopted and extended by the Federal Government to become the National eAuthentication Framework (NeAF) and eventually the Australian Government eAuthentication Framework (AGAF) as it is known today.

We offer

C Level Advice and Guidance on Developing Information Security Strategies, frameworks, Enterprise Security Architectures, and Policies
Information Security Reviews of Your Organisation
Security Advice and Assistance to Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), IT Security Advisors and Managers

Implementing good security starts at the top – with good governance.

We often provide briefings to boards and C level Executives, explaining information security – particularly the Government’s requirements, and discussing the impact on business and providing options for meeting contractual and compliance requirements without breaking the bank.

We have a long history working with risk and risk assessments. Our staff have studied risk management methodologies and frameworks at the Postgraduate level. We have extensive experience with a range of risk management standards, methods, processes and reporting tools.

We sit on Governance Committees as advisors e.g. the Gatekeeper Policy Committee

We offer

Board and Executive level briefings “decoding” the Government’s information security requirements
Practical advice on technical security risk management, risk assessments, and security risk management plans (SRMPs)
Trusted Advice and Assistance to Senior security roles within your organisation
Creating and establishing security governance and compliance regimes and frameworks
Reviews and reform of security governance and culture

Our team has worked on some of the country’s largest IT initiatives. We have placed team members into major projects in Lead Security roles, designing and developing security solutions.

Design, build and integrate over 50 ICT systems into the new Defence Headquarters -HQJOC at Bungendore near Canberra. A multi-million dollar system. Starting with a sheep paddock and working all the way through to operation.
Initial Security and governance advice to the Australian Government’s Welfare Payment Infrastructure Transformation
My Health Record – providing security advice and security assessments from inception
Digital Credentials – validation service and an identity verification service
Queensland Transport’s Smart Drivers Licence – using smartcards and PKI

We offer

Development of an Enterprise Security Architecture
Security (sub)system requirements development, solution design, and design reviews
Security design and reviews of virtualisation, cloud migration, technology integration
Assessments of new and emerging technology and technology/capability reviews – focusing on opportunities and risks
Development and review of security related documentation sets (policies, designs, risk assessments, compliance profiles, operational incident management plans, etc)

Our team has been involved in the operation of many ICT systems and capabilities. Often we are part of the transition team from project status into operations and business as usual.

Most of our team has now moved in to project related work or governance and review – but we do continue to have some operational exposure.

We offer

PKI operations and management
Platform/cloud migration planning
Technology migration and planning
Small Business IT operational assistance and reviews

We provide trusted, independent, respected, security and compliance assessments. Our assessments provide your stakeholders with assurance in your security, risk, and compliance profile. The risk mitigation and security measures observed within your business environment can be trusted to be effective, are free from vulnerabilities and are implemented in accordance with established policies, standards and architectures.

We are qualified ISO 27001 lead auditors, and we are able to conduct IRAP assessments at up to the TOP SECRET level.

Glen is a foundation IRAP Assessor and conducted the first ever IRAP Assessment. We have been conducting IRAP Assessments since the inception of the program in 2003.

We offer

Protective Security Policy Framework (PSPF) Assessments
Protective Security Assessments where a SCEC Assessment is not required – though we do work with some excellent SCEC Consultants too
ASD Top 4 Assessments
ASD Essential Eight Maturity Assessments
ASD Top 35 Assessments
ISM Gap Analyses
ISM IRAP Assessments
IRAP-like Assessments for the Department of Jobs and Small Business – for jobactive, Transition to Work, Parents Next, Disability Employment Services,
and more

We believe that education and understanding underpins the development of a good security culture, so we actively contribute to the ongoing education of our community.

We created, coordinated, and taught university courses at the Post Graduate level for the Centre for Transnational Crime Prevention at the University of Wollongong.

At the Centre for Transnational Crime Prevention we created, supervised, and delivered two courses:

LEGL923 Crime and IT Regulation
LEGL952 Cybercrime

Our students have gone on to be successful crime fighters, members of corporate boards, and have shared their knowledge and experience with others.

We run community workshops where we address concerns about Internet safety, and answer questions about security, and new technologies and we recommend simple things you can do to prevent online misadventure. Our “war stories” are particularly popular with children and the ageing.

We also contribute to the development of international standards, such as the OAUTH standard for OASIS.

We offer

Tailored education sessions for all levels of your organisation, with a focus on interesting, engaging, real-life scenarios and ‘war stories’

Request more information or ask for a quote

Research

For the past few years we have been focusing on the emerging digital health sector with a particular emphasis on the protection of personal and private, sensitive medical information.

We are working closely with the Federal Government on securing the My Health Record capability, including providing input to two reviews conducted in 2018 – Overall and technical.

From 2008 through to 2016 we worked with the National eHealth Transition Authority (NeHTA), in the planning activities related to the shift to digital health. The activities included helping to develop common policies, terminologies, and interoperability across the states and territories as well as conducting security assessments of several capabilities.

In 2016 NeHTA was replaced by the Australian Digital Health Agency, which focuses more on operating and expanding the digital health ecosystem.

In 2019, we are planning to focus on the security of connected medical devices and implants – a foray into the Internet of Things (IoT) security. We are reviewing information security of devices such as fitbits, Apple watches, etc. and looking at the security and privacy of the data these devices collect.

Similarly, we will be looking at security of implants such as wireless enabled pacemakers, new medicine delivery implants, and other implantables.

We hope to work with the ADHA and the Digital Health Cooperative Research Centre in developing better practices for security of medical devices in the Australian environment.

We will continue to work with our existing clients in the health sector, providing security assessments of key Government funded capabilities such as the National Cancer Screening Registry and others.

On a more esoteric level we will be investigating the emerging area of human augmentation and integration with smart technologies such as machine learning and even Artificial Intelligence.

Stay tuned, more to come ….

Testimonials

eHealth

I can only sing accolades for the Visor security team. In a previous security role, under Glen’s leadership, I engaged Visor, on many different occasions, to lead many security and risk related projects for me.

Visor were able to take a lot of my ‘pain’ away, and I was consistently impressed me with their on time delivery capability.

An ‘A’ team consultancy.

Yvette Lejins

Former Lead Security Architect

National eHealth Transition Authority

Healthdirect

Healthdirect Australia has engaged the services of the Visor Group extensively in achieving ISM Accreditation. Glen and his team have consistently provided pragmatic professional guidance based on best practice and conformity to ISM.

Always being happy to accommodate discussion and explore various avenues in order to meet requirements. Glen and his team have been an invaluable source of guidance and ongoing support in achieving ISM Accreditation. Their experience and industry knowledge has been invaluable in achieving our goals.

Working together we have fostered a collaborative working relationship where we feel Glen and his team are part of the company.
We highly recommend Glen and the entire Visor team.

Thoughts

Here are a few thought pieces and news items related to information security. More detailed information – including FAQs, an interactive knowledge base, and document templates and tools are available in our private area.

You need to be registered to get access.