A cyber security practice built on
advisory, not product

Andrew Curtis

20 years in enterprise security across financial services, government and critical infrastructure. Former CISO in two ASX-listed organisations. Founded GadgetAccess in 2009 and has led its evolution from reseller to specialist advisory firm.

Advisory focus: Security programme governance, board risk reporting, vCISO advisory, APRA CPS 234 compliance.

Senior Advisor

Former CISO across critical infrastructure and government sectors. Deep expertise in IRAP assessments, government security programme design and security leadership for organisations navigating SOCI Act obligations.

Advisory focus: Government advisory, IRAP assessments, critical infrastructure security, vCISO engagements.

Senior Advisor

Former Head of Security Operations at a Tier 1 Australian bank. Specialist in detection engineering, SOAR implementation and SOC operating model design. Has built and rebuilt SOC programmes across three enterprise environments.

Advisory focus: SOC optimisation, MITRE ATT&CK coverage mapping, detection engineering, Microsoft Sentinel.

Senior Advisor

Former regulatory assessor with APRA background. Deep expertise in CPS 234, Essential Eight and ISO 27001 across regulated industries. Has led compliance programmes for four ASX-listed financial services organisations.

Advisory focus: APRA CPS 234, ASD Essential Eight, ISO 27001 certification, regulatory engagement.

Senior Advisor

Former threat intelligence analyst in the financial sector and government. Specialist in threat actor tracking, detection use case development and operationalising intelligence across SIEM and EDR platforms.

Advisory focus: Threat intelligence, MITRE ATT&CK, detection engineering, Splunk and Sentinel.

Join Our Advisory Team

We look for practitioners with 10+ years in senior security leadership roles — people who have owned the programme, sat in front of the board and led a team through an incident.