Get expert help maturing your cyber security to the NIST framework

From one of the first organisations in Australia to achieve ISO 27001:2022

Our cyber security specialists help businesses better understand, manage and reduce their cyber security risk in accordance with NIST (National Institute of Standards and Technology).

ISO 27001 Certification
cyber essentials certification
IASME cyber assurance certification
Get expert guidance completing Cyber Essentials Penetration Testing

The MyEmpire Group difference

"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."

We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right. 

"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness
"The MyEmpire Group team’s technical understanding of Essential 8 and ability to cut through all the techno-speak and explain things to us in layman's terms made the process so much more streamlined."
Lisa Saunders
Group Executive – Governance Risk & Compliance, REI Superannuation
MyEmpire Group have been outstanding in helping us prepare for and obtain our ISO 27001 certification. Their personalised and considered approach to truly understanding our business needs really sets them apart.
Peter Bell - Co-Founder, Techno Global Team
Peter Bell
Co-Founder, Techno Global Team

Our People

Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in. 

Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.

ISO 27001

Leadership Team

Alex Woerndle, MyEmpire Group

Alex Woerndle

HEAD OF OPERATIONS
(CO-FOUNDER & DIRECTOR)

Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.

Carl Woerndle

HEAD OF SALES AND MARKETING
(CO-FOUNDER & DIRECTOR)

Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of .com.au domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.

Chris Self

HEAD OF SERVICE DELIVERY

Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.

Talk to a NIST Cyber Security Specialist

NIST is the US ‘National Institute of Standards and Technology’. The NIST Cybersecurity Framework includes standards, best practice guidelines, and other resources to help organisations mature their cyber security and better protect their networks and data.

NIST includes 6 areas (or functions) organisations can focus on to holistically improve their cyber security

Developed by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework (CSF) provides cyber security guidelines to organisations to help them identify, protect, detect, respond and recover from cyber-attacks, as well as govern each of these functions. The framework also helps with communication between internal and external stakeholders.  

We can guide you through each of these areas and help you implement changes to meet NIST standards.

The NIST Cybersecurity Framework Functions:

The below 6 Functions make up the NIST CSF. The functions are better done simultaneously and continuously, i.e. they are segments of a pie covering all areas of a good cyber security posture. 

Govern

Establish governance to connect and monitor all of the other (below) functions. This includes people, processes, policies, technology, systems, assets, data etc, related to cyber security.

Identify

Identify what is important to your business so you are best placed to manage risk and implement protections.

Protect

Set up appropriate safeguards to ensure delivery of your critical services and business as usual.

Detect

Put in place appropriate activities and tools to detect the occurrence of a cyber security incident.

Respond

Develop a strategic plan to effectively respond to a cyber security incident.

Recover

Have policies and actions in place to restore and recover from a cyber attack to limit downtime and reputational damage (in a worst case scenario).

Talk to a cyber specialist today

The Benefits of NIST

Improve your organisation’s cyber security

The NIST Cybersecurity Framework gives organisations a focused way to improve cyber security and better protect networks and data against the most common cyber attacks. Focusing on the 6 areas can radically improve your cyber defence. 

Cyber security gap assessment Cyber security specialists
Security of Critical Infrastructure (SOCI)

Align to an international standard

Align your organisation to an international framework to not only ensure you are following best practice standards, and complying with laws and regulations, but to demonstrate this fact to others. 

Prioritise and triage your actions

The NIST CF helps provide scope on what security concerns need to be addressed and in what order. Giving you visibility on the biggest cyber risks to your business let’s you organise the what, how and when’ to take actions so you can best lift your cyber defence. 

Give your security structure

Following NIST makes it simple to provide a consistent and structured approach to your cyber security. It connects an organisation’s different departments and locations to provide your business eco-system—the people, products and processes—with more security thought and risk assessment. 

Increase your business opportunities

As well as giving your business a foundation to improve your cyber security, NIST helps you align to a US market standard. This builds trust with businesses, consumers, regulators etc, and often leads to new business opportunities because it demonstrates to third parties you are equipped to protect their (and their customers) information.

Cyber security gap assessment

Tiers to fit any sized organisation

We can conduct a CMMI Maturity Assessment of your current security state and future state. We can then provide recommendations to uplift your cyber security.

The measurement of maturity can include:

Level 0 – None

Level 1 – Initial

Level 2 – Managed

Level 3 – Defined

Level 4 – Quantitatively Managed

Level 5 – Optimised

Here is our typical process...

1. Understand your ‘why’

We start by understanding your reasons for wanting to apply NIST CSF to your organisation. This could be to generally improve your cyber security risk posture, get guidance identifying and addressing gaps in existing implementations, or maybe you’ve been told it’s an industry requirement. 

2. Scope the deliverables

We firm up which environments you want included in-scope for the assessment. For instance, information technology (IT), operational technology (OT), specific business units/locations or the entire enterprise. 

3. Identify your control owners

We help you identify who’srequired for NIST discussion workshops, e.g., management, teams involved with IT applications, cyber security, networks or systems providers, external MSPs/MSSPs etc. We recommend those responsible for implementing and managing the controls be involved in workshops. 

4. Matching to a Maturity Level

We work with you to identify the right NIST Maturity Levels for your business goals. This ranges from Maturity Level 0 to 5 for each of the 6 areas. 

5. Assessment against NIST

We measure your level of alignment with a focus on the NIST guidelines and highlight key misalignments.  

6. Contextualise NIST recommendations

We develop customised technical and business recommendations to improve each NIST Function.  

7. Assessment deliverables

We provide you with an easy to digest Assessment Report and Assessment Workbook. In these we show what each NIST mitigation strategy is and your business’ current alignment with the Maturity Levels, as well as guidance on quick wins, tasks to be prioritised, and suggested timelines. 

8. Support with implementation

We can help implement people, process and technology improvements needed to uplift your NIST maturity. 

Ready to get started?