About GadgetAccess

A cyber security practice built on
advisory, not product

GadgetAccess was founded on a conviction that enterprise organisations deserve security advice that is genuinely independent, technically rigorous and oriented toward their outcomes — not toward the next renewal cycle. Fifteen years later, that conviction shapes everything we do.

Talk to Our Team View Our Services

The Practice

Founded 2009 15+ years in Australian enterprise security

Australia Wide Sydney-headquartered, delivering globally

ISO 27001 Certified advisory practice operations

IRAP Certified Cleared assessors for government engagements

50+ seat minimum Where complexity justifies specialist advisory

Our Story

From reseller to
trusted advisor

GadgetAccess has operated in the Australian cyber security market for over 15 years. For much of that time, we were a reseller — connecting organisations with the tools they needed to improve their security posture. We were good at it. But we kept seeing the same problem.

The organisations we worked with had more tools than they needed. They had gaps in capability that more tools couldn't address. And they lacked the strategic advisory function that would have prevented both problems. Nobody was helping them think clearly about what they actually needed — because everyone selling to them had a product interest in the answer.

We repositioned accordingly. Today, GadgetAccess is an advisory-first practice. We still maintain deep expertise across 300+ security platforms — but we use that expertise to give our clients better advice, not to place more product. The transition wasn't commercially painless. It was the right thing to do.

"The organisations that improve their security posture year on year are not the ones with the biggest budgets. They are the ones with a clear programme, executive ownership, and an advisor who holds them to it."

— Andrew Curtis, Managing Director, GadgetAccess

Talk to Andrew →

2009

Founded as GadgetAccess

Established as a cyber security product reseller, servicing SMB and mid-market clients across New South Wales with a focus on endpoint and network security platforms.

2012

Enterprise Practice Launched

Expanded into enterprise markets, building relationships with financial services and government clients requiring more complex, multi-vendor security programmes and ongoing technical support.

2015

Government Security Practice

Established our government and defence practice, with the first IRAP-certified assessors joining the team and our first Commonwealth agency engagements commencing.

2017

Advisory Services Introduced

Launched our first formal advisory services, recognising that clients consistently needed independent guidance alongside platform access — and that the two were increasingly in tension.

2020

Canberra Office Opened

Established our Canberra presence to better serve Commonwealth agency clients and expand our government and defence practice alongside growing IRAP assessment demand.

2021

ISO 27001 Certification

Achieved ISO 27001 certification for our advisory practice operations — applying the same governance standard we assess clients against to our own information security management system.

2024

Advisory-First Pivot

Formally repositioned as a specialist cyber security advisory firm — reducing product resale activity in favour of deep strategic advisory engagements where our independence creates genuine client value.

What We Stand For

Four principles that govern
every engagement we run

These are not values on a wall. They are the structural commitments that shape how we are organised, how our advisors are remunerated and how we govern our relationship with technology vendors.

Independence without exception

We receive no commissions, referral fees or volume incentives from technology vendors. Our advisors are remunerated on client outcomes, not on technology placed. This is not a policy we apply selectively. Every vendor relationship we hold is structured to be commercially neutral — and we will terminate a partnership before we compromise the independence of an advisory engagement.

Operational credibility over theoretical expertise

Every GadgetAccess advisor has held senior security leadership roles in enterprise environments. We recruit for people who have owned the problem — who have led a team through an incident, sat in front of a board during a breach, and rebuilt a security programme from the ground up. Theoretical knowledge of how security programmes should work is not a substitute for having operated one.

Accountability for outcomes, not deliverables

Most advisory engagements are structured around deliverable documents — reports, assessments, roadmaps. We structure ours around outcomes. If the remediation stalls, we stay involved. If the roadmap needs to change as the environment evolves, we change it. A report that sits unactioned on a CISO's desk is not a successful engagement, regardless of its quality.

Honest advice, even when it's uncomfortable

The most valuable thing an advisor can do is tell a client something they don't want to hear — early enough to act on it. We will tell you when your security programme has structural problems that cannot be solved by adding tools. We will tell you when a compliance exercise is masking a genuine security gap. We will tell you when the answer is to consolidate, not expand. That is what you are engaging us for.

Our Management Team

Security leaders,
not salespeople

GadgetAccess is led by a management team with deep expertise across enterprise security, financial strategy and commercial growth. Our leadership team oversees a network of senior security advisors — each recruited for operational credibility and real-world experience in the environments our clients face.

🛡️

How Our Advisory Model Works

Our management team directs and quality-assures every client engagement. We maintain a curated network of senior security advisors — practitioners with 15+ years of operational experience in regulated industries — who are matched to engagements based on sector expertise and programme requirements. Client outcomes are always overseen by GadgetAccess management.

Managing Director

Andrew Curtis

Managing Director & Principal Advisor

20 years in enterprise security across financial services, government and critical infrastructure. Former CISO in two ASX-listed organisations. Founded GadgetAccess in 2009 and has led its evolution from reseller to specialist advisory firm.

Advisory focus: Security programme governance, board risk reporting, vCISO advisory, APRA CPS 234 compliance.

CISSP CISM ISO 27001 Lead

Chief Financial Officer

Manny

Chief Financial Officer

CFO with 20+ years of expertise in financial strategy and sustainable growth, guiding GadgetAccess's financial foundations and ensuring the practice is structured for long-term client and commercial success.

Chief Marketing Officer

Felix

Chief Marketing Officer

30+ years of sales and marketing experience driving GadgetAccess's go-to-market strategy, brand positioning and commercial growth — connecting the right organisations with the advisory capability they need.

➕

We're Hiring

Join Our Advisory Team

Senior Security Advisors

We look for practitioners with 10+ years in senior security leadership roles — people who have owned the programme, sat in front of the board and led a team through an incident.

Express Interest →

Credentials & Accreditations

Certified. Cleared. Credible.

Our advisory practice holds the certifications and accreditations required to operate at the highest classification levels in government and the most regulated sectors of the private market. We apply the same standards to our own operations that we assess our clients against.

🏅

ISO/IEC 27001:2022

Our advisory practice operations are certified to the ISO 27001:2022 standard — covering information security management across our Sydney and Canberra offices and all client engagement processes.

Certified Annual Surveillance Both Offices

🏅

IRAP Certified Assessors

Our government practice includes IRAP-certified assessors authorised to conduct formal security assessments of systems handling Australian Government data — from OFFICIAL through PROTECTED classifications.

IRAP Certified NV1 Cleared PROTECTED

🏅

Professional Certifications

All advisory staff hold current, relevant professional certifications — CISSP, CISM, ISO 27001 Lead Auditor and platform-specific credentials. Ongoing CPE maintenance is a condition of engagement with GadgetAccess.

CISSP CISM ISO 27001 GCIA

🛡️ ASD Partner Australian Signals Directorate

🏛️ AIIA Member Australian Information Industry Association

🔐 AISA Member Australian Information Security Association

⚖️ Cyber Wardens Partner COSBOA Cyber Wardens Programme

Our Locations

Australian-headquartered.
No offshore delivery.

All GadgetAccess advisory work is delivered by our Australian-based advisors. We do not offshore any engagement components, and for government engagements handling classified data, all work is performed by cleared personnel within Australia.

Sydney

Sydney — Headquarters

📍 12 Laitoki Rd
Terrey Hills NSW 2084
Australia

📞

1800 928 982 (AU Toll-free)
+61 416 143 454 (Mobile)

✉️ support@gadgetaccess.com
General enquiries & support

Primary focus

Financial Services Enterprise Healthcare Professional Services Technology

Folsom, California

United States

🇺🇸 In-Country Representation

📞 +1 818 649 9444 (US)

More details

Coming soon

Work With Us

Independent. Experienced.
Accountable for outcomes.

If those three things matter to you in a security advisory partner, we would like to have a conversation. We prepare every first briefing specifically for your sector, scale and the challenge you've described — no generic introductory decks.

Book a Briefing View Our Services

Typical first response within one business day. Briefings prepared before the call, not during it.

A cyber security practice built onadvisory, not product