Essential Eight, cyber insurance, Privacy Act, and APRA CPS 234 assessments for Australian businesses. Same frameworks your insurer is asking about. One report that covers all of them. Big 4 firms charge $30,000+ and take 8 weeks.
Guarantee: Under 3 critical gaps found? You don't pay.
“He's the kind of person you trust with the most important parts of the product. Deeply technical, dependable, and an outstanding communicator.”
Libby Roberts
Founder, LeapForward
$6-8K
fixed
price
1-2wk
start to
finish
Sound familiar?
Your cyber insurance renewal landed with new security requirements you've never seen before.
Your insurer is asking about Essential Eight maturity levels and you're not sure what that means.
A Big 4 firm quoted $30K and 8 weeks. Your renewal deadline won't wait.
40% of cyber insurance claims are denied due to inadequate security controls.
Not sure where you stand?
Free 3-minute scorecard. See exactly what an auditor would flag.
Everything your insurer is asking for. One engagement, one report, one person accountable for the result.
Included if relevant to your business:
Typical Big 4 engagement
$30,000+
Your price
$6K-$8K
Delivered in 1-2 weeks. Not 6-8.
Under 3 critical gaps found? You don't pay.
Zero risk. I've never had to honour this.
Libby Roberts had been through 4 contractors trying to get LeapForward off the ground. The platform worked, but nothing was documented. No security controls, no compliance. Her insurer started asking questions she couldn't answer.
One engagement. ISO 27001 certification, security controls across the platform, and a codebase she could actually hand to an auditor.
Curious where your business stands?
Free 3-minute scorecard. No email required.
Cyber insurance renewals
Insurers are tightening requirements every cycle. Demonstrate compliance before your renewal date, not after they ask questions you can't answer.
EOFY (June 30)
Security assessments are tax-deductible. Get it done before June 30 and claim it this financial year.
Privacy Act reforms
The biggest reform to Australian privacy law in decades. New penalties, new obligations, new enforcement powers. The changes are coming whether you're ready or not.
Founder, LeapForward
“Rob has an incredible ability to listen, ask the right questions, and turn ideas into clear, thoughtful solutions. He doesn't just build what's asked; he helps shape what's needed. He's the kind of person you trust with the most important parts of the product.”
Head of Engineering
Payments Platform, Series A
“We had an enterprise prospect asking about SOC 2 and didn't know where to start. Robbie showed us what actually mattered for the deal. Closed it three weeks later.”
Aerospace engineer turned software engineer. I've spent 10+ years building and securing platforms serving hundreds of millions of users at companies you've heard of.
When you hire a Big 4, a partner sells and a graduate delivers. When you hire me, you get the person who's actually been through ISO 27001 audits, built ISMS documentation, and implemented technical controls in production. Same person, start to finish.
Can't we do this ourselves?
You can. Most of the frameworks are public. The hard part isn't knowing what the controls are. It's knowing which ones actually matter for your situation, what order to tackle them in, and what your auditor will actually check vs. what you can skip.
How is one person better than a firm?
At a Big 4 firm, a partner sells the engagement and a graduate delivers it. You're paying senior rates for junior work. When you hire me, the person who scopes the work is the same person who does it. Start to finish.
What if we fail the audit anyway?
That's what the guarantee covers. If I find fewer than 3 critical gaps in your assessment, you don't pay. I've never had to honour it.
We don't have budget right now.
The assessment is tax-deductible. And it's a fraction of what a denied insurance claim costs. The average cyber insurance claim in Australia is $71K. Compared to that, $6-8K for an assessment that actually prepares you is pretty straightforward maths.
What if we're APRA-regulated?
CPS 234 and CPS 230 requirements are built into the assessment. If you're a bank, insurer, or super fund, I map your controls directly to APRA's expectations. The Essential Eight assessment covers most of CPS 234's technical requirements. CPS 230 operational resilience is included as an add-on.
What exactly do we get?
A written report covering Essential Eight maturity, cyber insurance readiness, Privacy Act compliance, and APRA CPS 234 where relevant. A prioritised remediation roadmap with timelines and cost estimates. And a 30-day follow-up call to make sure nothing got missed. ISO 27001, SOC 2, and SMB1001 included where relevant.
30 minutes. I'll tell you exactly where you stand, what your insurer will ask, and what it'll take to pass.
I take on 2-3 compliance clients at a time. If the calendar is full, I'll let you know upfront.
