🏛️
Government suppliers
For organisations working with government or preparing to meet stronger assurance expectations in public-sector supply chains.
Cyber security governance, risk and compliance for Australian organisations
Trusted cyber GRC and IRAP support that helps organisations move with confidence.
Cyber AF supports organisations that need credible cyber governance, assurance readiness and practical advice. The focus is clear communication, strong documentation and outcomes that stand up to stakeholder and procurement scrutiny.
Cyber AF is led by Michael Farlow, an ASD-endorsed IRAP Assessor.
More than a decade of IT, cyber security and management experience across public and private sectors.
Support shaped by work across dozens of federal government departments and agencies and private large, medium and small businesses in Australia and overseas.
Advice designed to help leadership teams understand risk, prepare for assurance and improve their security posture in practical terms.
Who Cyber AF helps
Support for organisations with rising security, assurance and procurement expectations
Cyber AF is positioned for organisations that need more than a compliance checklist. The work is designed to help teams make defensible decisions, improve evidence quality and move forward with confidence.
☁️
Cloud and SaaS providers
For service providers that need clearer security documentation, better control mapping and stronger assurance outcomes.
🛡️
Security-conscious businesses
For organisations that want a practical uplift program rather than a purely theoretical compliance exercise.
📋
Regulated environments
For teams that need clearer governance, risk treatment and executive-ready reporting across security obligations.
Outcomes
Clear advice. Strong documentation. Practical next steps.
Cyber AF helps clients understand their current position, align requirements to achievable actions and make progress toward assurance with less confusion and better internal alignment.
Assess
Understand the current position
Review obligations, existing documentation, current controls and the evidence base needed to support a credible assurance pathway.
Align
Translate requirements into action
Turn frameworks and expectations into a practical plan with clearer ownership, better documentation and realistic priorities.
Advance
Move forward with confidence
Support uplift, remediation and communication so internal teams and external stakeholders can see progress and trust the outcome.
Next step
Need a trusted second pair of eyes on cyber risk, assurance or IRAP preparation?
Start with a straightforward conversation about your environment, obligations and likely next steps.