Welcome Who we are What we do Meet the Shogun Contact Credits

Welcome

If you’ve made it this far you’re probably looking at that cover image and thinking “Wow, this sure doesn’t look like your typical cybersecurity company.”
If so, then that’s good. We aren’t.

Acknowledgement of Country

Shogun Cybersecurity is based in Naarm (Melbourne). We acknowlegde the Wurundjeri and Bunurong People as the traditional owners of this land, and recognise their unbroken, ongoing connection to it. We pay our respects to their elders past, present, and emerging.

Who we are

Shogun Cybersecurity was born out of a desire to do things differently. Despite the relative youth and rapidly evolving nature of cybersecurity, it has become a practice held captive to vested interests, rigid frameworks, and entrenched ways of thinking. In many organisations, “doing things the right way” has become more important than being innovative, being efficient, being effective. There’s no room for out of the box thinking or creative problem solving because fear and risk aversion has stifled any appetite for change. Outcomes are now less important than following the process, and cybersecurity has become little more than a series of check lists and flowcharts.

We want to change that. Your business needs cybersecurity measures that work, not that look good on paper. That is what we strive to deliver. We aren’t interested in providing low margin cookie cutter services that deliver no actual value. We’re not interested in playing cybersecurity theatre for the sake of appearances. If you just want to tick a few boxes for the sake of compliance, you should hit the ‘Back’ button right now, because that’s not what we’re about.

On the other hand, if you want cybersecurity advice and support that helps you sleep better at night, knowing everything has been covered, you should drop us a line. If you’re here looking to shake things up, if you’re willing to back ingenuity over rigid adherence to frameworks, if you want to build a real security program instead of one that just looks good on paper, then we would love to work with you.

At Shogun Cybersecurity, our priority is good outcomes for our clients. We’re focused on making cybersecurity accessible and achievable, regardless of organisational size, budget, or maturity. We deliver real solutions that provide real security, rather than fall back on “best practices” and inflexible frameworks.

We solve problems.

What we do

Cybersecurity is a complex problem space, there are as many different aspects to it as there are to business itself. At Shogun Cybersecurity, we play to our strengths as a small and responsive independent consultancy. We are proud to be strong generalists, but our services are targeted at solving the sorts of problems that enable us to make the biggest difference to our clients.


Independent advice for executives and boards

We’re long past the days when board directors and executives could afford to be ignorant about cybersecurity. ASIC has made it clear that management of cyber-risk falls within the scope of Director’s Duties under the Corporations Act, and failure to meet these obligations could lead to substantial personal liability. Cybersecurity is a complex and rapidly evolving problem space however, so keeping on top of the latest developments is a constant challenge. Having a reliable cybersecurity advisor you trust can be the difference between sweet dreams or sleepless nights.

As a client of Shogun Cybersecurity, you can sleep soundly. We make it our business to stay informed so you have the answers you need before you even know to ask for them. We’re specialists at translating complicated technical problems into the familiar language of business risk, and because we’re independent you can rest easy that our advice is objective and tailored to your best interests. Get in touch with us to find out how we can help you stay on top of the game.


Strategic planning and execution

Getting a cybersecurity program up and running is tough. Keeping it on the rails and moving forward is even tougher. In our experience, the most critical factor for success is having a well planned and articulated strategy to follow. A good strategy is not just a roadmap for getting from where you are to where you want to be; it’s also the point of reference to measure progress and performance against. Most importantly, it’s the guide that helps you get back on track when things start to derail.

Adopting a strategic approach to cybersecurity when resources are limited and day-to-day fire fighting constantly takes priority can feel like an impossible pipe dream, but it doesn’t have to be that way. At Shogun Cybersecurity, we’ve helped many organisations move from reactive to proactive by developing achievable, actionable cybersecurity strategies that deliver real outcomes. We combine strategic insight with hands-on experience to help you define your direction, establish priorities, and take meaningful steps towards achieving your goals. Whether you’re starting from scratch or building on existing foundations, we’ll help you build - and execute - a cybersecurity strategy that delivers real results.

Reach out if you’re ready to take control of your cybersecurity journey, we’ll help you make it happen.


Internal assurance and audit

Building internal cybersecurity capability is hard. Even for organisations with reliable and trustworthy internal security teams, there’s always a risk that tunnel vision or blind spots can develop over time - “You don’t know what you don’t know”, as the saying goes. Independent oversight provides valuable external perspective to catch any issues before they turn into real problems, but it’s important that internal teams don’t feel attacked, undermined, or like they aren’t trusted. Choosing the right approach to internal assurance is just as important as doing it at all.

For us at Shogun Cybersecurity, internal assurance isn’t about finding faults or pointing out mistakes, it’s about identifying what’s working well and what could be working better. We believe providing internal teams with external validation that they’re doing a good job can be just as valuable as uncovering a gap no one had thought about. For business leaders, we aim to provide peace of mind that cyber-risks are being appropriately managed and enable confident decision making. If it does turn out that there are gaps no one thought of, our focus is finding solutions and educating you team so that the right lessons are learned. We’re not interested in making a scapegoat out of anyone.

“Trust, but verify.” It’s not just a catchy slogan, it’s how you build a more resilient and effective cybersecurity program. Talk to us to learn how independent assurance can work for your organisation.


Cybersecurity due diligence for M & A

Due diligence in mergers and acquisitions is nothing new, but the focus has historically been on managing financial and legal risks. Despite the ever-increasing frequency of cyber-attacks and data breaches, cybersecurity often remains an afterthought in M & A transactions. Very few involve anything more than token inquiries: A self-attested questionnaire and a warranty from the vendor is enough to seal the deal. The only risk on the radar for buyers is potential post-acquisition remediation costs. No one is thinking about the new threats they might inherit.

The harsh reality is that without robust cybersecurity due diligence, you can easily end up with a lot more than you bargained for - and not in a good way. A vendor may boldly claim that their systems are secure and they’ve never been breached, but it begs the question: would they know if they had? There could be undetected threats lurking, from malicious insiders to sophisticated cybercriminals, waiting for an opportunity to spread into and exploit new environments. Ultimately, your losses could far exceed whatever is covered by the vendor warranty.

So, if you’re considering a merger or acquisition and you want to protect yourself and not just your investment, drop us a line to learn more about how Shogun Cybersecurity can help you invest with confidence.


Incident resilience

Cybersecurity incidents are inevitable in the modern business world. They won’t always be the kind that pose an existential threat to your organisation, but a poorly handled response can quickly turn a minor incident into a critical one. It all comes down to preparation. Having an incident response plan is the first step, but it needs to be more tailored than a basic checklist or generic template from the Internet to be useful in a real incident. Even a meticulously detailed plan has little practical value if it hasn’t been tested and rehearsed until your team can execute it instinctively.

Don’t wait until you’re in the middle of an incident to find out that you weren’t ready, get in touch with us today and we’ll work together to make sure you’re ready when it counts. At Shogun Cybersecurity, we help our clients build true incident resilience. Whether you just need a second set of eyes on your existing response plan to see how it can be improved, or you want to put your team through their paces with simulated incident response exercises, we’ve got you covered.


OpenCASE for small business

Knowing where to start and what to prioritise with cybersecurity in a small business is tricky. Most of the “best practices” established by industry were invented by large enterprises and governments. Trying to make sense of them, let alone apply them in a small business context inevitably leads to frustration and failure.

In response to this age-old problem, we facilitated the development of OpenCASE - the Open Cybersecurity Architecture for Small Enterprise - to provide a clear and easy to understand cybersecurity framework especially for small businesses. OpenCASE is freely available to use and easy to understand, so you don’t need us to get started with it, but if you still want advice on how to implement it, or need help with making it happen in your business, then we’d love to be part of your OpenCASE journey.


Got other problems? We can help!

We said at the beginning that we’re proud generalists. If you’ve got some other cyber-related problems to solve, get in touch with us to discuss your requirements. Whether it’s building and deploying cybersecurity solutions, incident response and planning, developing policies, or anything in between - if you are serious about cybersecurity then we are serious about helping you.

Meet the Shogun

Corch

I’m Corch. I solve problems.

I won’t bore you with a monologue about how many years I’ve worked in security, how many different industry verticals I have experience in, or how many expensive industry certifications I (don’t) have. The reality is that those sorts of statistics don’t matter. The only question that actually matters to you is “can I help you?”. If you’ve got cybersecurity related problems that need solving, the answer is “most likely”. If there is one thing I’m know for, it’s solving problems. Difficult problems. Problems other people can’t solve.

I’m a strong supporter of diversity and inclusivness within the cybersecurity community. I stand against gatekeeping in all forms, whether it be overt discrimination, or more subtle forms like the obsession with expensive certifications among recruiters and employers. I fight against vested interests calling for mandatory professional licensing of cybersecurity workers, who seek only to line their own pockets, entrench the exclusivity and privilege of their own positions, and exert control over the sector for their own benefit.

I am proud supporter of AWSN, and have particpated in their mentoring program since its inception.

I speak regularly at cybersecurity events in Melbourne and around Australia. Feel free to get in touch if you would like to discuss a speaking opportunity.