The November 2025 E8 deadline has passed. Every DISP member should be at Essential Eight Maturity Level 2 across their entire corporate IT environment. If you haven't made the move from Top 4, you're already non-compliant. Find out exactly where your gaps are.
Guarantee: Under 3 critical gaps found? You don't pay.
Sound familiar?
The E8 deadline has passed
November 2025 was the cutoff. DISP members had to move from Top 4 to full Essential Eight ML2. If you haven't done it, your next annual review is going to be a problem.
Defence primes are asking
Your tier 1 customer needs assurance you meet DISP requirements. Without evidence, you risk losing contracts worth more than the compliance work itself.
Annual reviews have teeth
DISP membership can be suspended or revoked for non-compliance. Losing membership means losing the ability to bid on defence work.
AUKUS is creating opportunity
The submarine program is opening thousands of new supply chain roles. DISP membership is the entry ticket. Companies that get compliant now will be first in line.
Not sure where your gaps are?
5 yes/no questions. Takes 30 seconds.
All four DISP security domains reviewed in one engagement. One report, one person accountable. Written so your board and your defence prime can actually read it.
Included if relevant to your business:
Consultancies send a team of 5 for 3 months.
One engineer. 1-2 weeks.
Fixed scope. Fixed price. Same rigour, less overhead.
Your report doubles as DIDG grant application evidence. Government co-funds up to 50% of implementation costs.
Under 3 critical gaps found? You don't pay.
Zero risk. I've never had to honour this.
The Defence Industry Development Grants (DIDG) Security Stream co-funds cyber security improvements for defence suppliers. You need an audit report to apply. Our assessment produces exactly that.
$10K-$100K grants
DIDG Security Stream grants range from $10,000 to $100,000. 50% co-funded, so the government matches what you spend.
Rolling applications
No fixed deadline. You can apply any time. Most companies get a decision within 8-12 weeks of submitting.
Our report is your application
The gap analysis and remediation roadmap from our assessment is exactly what the grant application asks for. You don't need to do extra work.
Our assessment report is what you need to apply for DIDG grants. One engagement unlocks up to $100K in government co-funding.
Free scorecard
2 minutes. See where your organisation stands against Essential Eight and DISP security requirements. No email needed.
Take the scorecardDeep assessment
1-2 weeks, fixed price. I review your controls, policies, and security posture across all four DISP domains.
Board-ready report
Compliance report with remediation roadmap. Written for your board and your defence prime, not just your IT team.
A prime just told you to get DISP
Your tier 1 customer said you need DISP membership to keep the contract. You need to know what's involved before you commit.
You saw a tender that requires DISP
There's a defence contract you want to bid on, but DISP membership is listed as a requirement. You need to get compliant fast.
Your Annual Security Report has gaps
Your ASR is due and you know you've got gaps under the new E8 rules. You need to understand the size of the problem before your review.
You want in on AUKUS supply chain work
The submarine program is creating thousands of new opportunities. DISP membership is the entry ticket, and companies that move now will be first in line.
I'm a senior software engineer with 10+ years in platform infrastructure. CNCF maintainer. I've taken companies through compliance certifications and I do the assessment myself. No juniors, no handoffs, no 200-page report written by a graduate who's never seen production code.
You talk to me, I do the work, I write the report. That's why it costs a fraction of what consultancies charge.
“You can see the difference of having a proper CTO knowing what they're doing. It's great to see you progressing this much.”
External Compliance Auditor
Certification engagement
“He doesn't just build what's asked; he helps shape what's needed. Deeply technical, dependable, and an outstanding communicator.”
Libby Roberts
Founder, LeapForward
The Defence Industry Security Program is run by the Australian Government. It's mandatory for businesses that need to access or store classified information, work on defence projects, or bid on defence tenders.
Essential Eight Maturity Level 2 is the second tier of the ASD's cybersecurity framework. It requires specific implementations across application control, patching, macro settings, user application hardening, admin privileges, MFA, backups, and patching operating systems.
Three ways. First, I do the work myself. No juniors, no handoffs. You get a senior engineer with 10+ years experience, not a team where the partner shows up for the pitch and a graduate does the assessment. Second, fixed scope and fixed price. No billable hours adding up. Third, it takes 1-2 weeks instead of 6-8. Same rigour, less overhead.
Yes. The assessment identifies gaps and prioritises them. If you need help closing those gaps, I can scope a remediation engagement separately. Most entities start with the assessment and then decide what they want to tackle themselves vs what they need help with.
If your customer requires it or if you handle any classified or sensitive defence information, yes. Even if you're a subcontractor. Your tier 1 prime may require DISP membership as a contract condition.
All DISP members were required to move from the old Top 4 mitigation strategies to full Essential Eight Maturity Level 2 by November 2025. If you haven't completed that transition, you're non-compliant now. Your next annual review will flag it.
Yes. DISP membership is a prerequisite for participating in the AUKUS submarine program supply chain. The program is creating thousands of new opportunities across manufacturing, engineering, and technology. Getting DISP-compliant now puts you at the front of the queue.
The Defence Industry Development Grants (DIDG) Security Stream provides $10K-$100K in co-funding for cyber security improvements. The government matches 50% of what you spend. Applications are rolling, so there's no deadline. Our assessment report is exactly what you need to submit with your application.
Take the quick check above, or book a 15-min chat and I'll walk through what DISP compliance means for your organisation.
Taking on 2-3 DISP assessments per month. First in, first served.
