Sarah’s background in cybersecurity is both extensive and diverse. Commencing her career as a developer, Sarah has a background in Criminology, has served as an investigator in fraud and corruption for government agencies, managed IT and security risk as part of her tenure at one of Australia’s top 4 banks, provided cybersecurity services to a multitude of clients and managed teams responsible for GRC consulting. Most recently, Sarah served as the Chief Information Security Officer (CISO) at Australia’s largest ASX-listed cybersecurity company, where she successfully achieved ISO/IEC 27001 certification in under six months. In addition to her industry experience, Sarah has contributed to the advancement of the field through her university research and continued teaching in cybersecurity and data transformation as part of an MBA degree program.

With a PhD in Russian Information Operations, Sarah has a deep understanding of threat actors and their motivations. This knowledge, coupled with Sarah’s extensive real-world experience, spanning over two decades, gives her a deep understanding of how different types of threat actors can affect your business, their tactics, techniques and procedures (TTPs), and how to protect against them.

Sarah has been a trusted consultant to clients across all industries and verticals. She excels in comprehending the unique needs of each business, analysing their specific threat profile and risks, and tailoring a security strategy that is most suitable for their organisation. 

Sarah’s mission is to decrease the cost, time, and effort invested in fulfilling cybersecurity demands, and help businesses mature their security posture, all while supporting business growth. Her passion for security has led her to serve as a trusted advisor to countless boards and Audit and Risk Committees (ARC), providing insight into the current threat landscape, risk profile, and security posture of clients who have compliance obligations, such as APRA’s CPS 234, organisations seeking ISO/IEC 27001:2013/2022 certification, and those with local and international privacy requirements.