Get a SOCI cyber security strategy and roadmap tailored to your business

From one of the first organisations in Australia to achieve ISO 27001:2022

Our cyber security specialists help critical infrastructure organisations improve their cyber security to meet current SOCI (Security of Critical Infrastructure) requirements.

ISO 27001 Certification
cyber essentials certification
IASME cyber assurance certification

The MyEmpire Group difference

"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."

We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right. 

"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness
"The MyEmpire Group team’s technical understanding of Essential 8 and ability to cut through all the techno-speak and explain things to us in layman's terms made the process so much more streamlined."
Lisa Saunders
Group Executive – Governance Risk & Compliance, REI Superannuation

Our People

Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in. 

Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.

ISO 27001

Leadership Team

Alex Woerndle, MyEmpire Group

Alex Woerndle


Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.

Carl Woerndle


Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.

Chris Self


Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.

Talk to a Cyber Security Specialist

The SOCI Act is designed to strengthen Australia’s national security interests across 11 sectors of critical infrastructure.

These include food, water, health care, energy, communications, transport, banking, higher education, defence, data storage and space technology.

Critical infrastructure is defined by the Australian Government as: ‘those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure national security’.

Security of Critical Infrastructure (SOCI)

In January 2017, the Australian Government launched the Critical Infrastructure Centre (the Centre) as a way to work with critical infrastructure owners and operators to identify and manage national security risks.

The critical infrastructure sectors are of particular concern because disruptions, or a switch of whose in control, can cause severe impacts. For instance, if someone disabled controls at a water plant and polluted the water supply, this could cause a major public health crisis. Critical infrastructure organisations also often hold large data sets about customers, which need to be protected. Plus many organisations are also privately owned and operated, so SOCI was created to ensure all players are doing their part to protect the nation.  

The SOCI Act involves The Centre assessing critical infrastructure organisations and performing Risk assessments to ensure compliance.

The Centre works across all levels of government to identify Australia’s most critical infrastructure, conduct national security risk assessments, develop risk management strategies, and support compliance. 

To ensure you're meeting your SOCI requirements, we can help...

Develop a SOCI Risk Management Program

This is a requirement of the SOCI Act rules. We’ll help:

  • Identify hazards, including cyber and information security, personnel, and supply chain
  • Determine the risk of occurrence of each hazard and the consequences
  • Design controls and processes to minimise/eliminate the risk of each hazard occurring
  • Assess and implement systems and controls to limit the damage done if a cyber attack is successful.
We can support building this entire program in accordance with SOCI Act requirements.
Cyber security gap assessment
Penetration testing

Monitor cyber incidents and develop reporting mechanisms

We’ll help put the tools in place to monitor cyber security incidents and develop reporting mechanisms for immediate notification. This is crucial because the SOCI Act now requires critical cyber security incidents to be reported within 12 hours of becoming aware of an incident. 

Prepare annual reports for SOCI Act regulators

Another requirement of the SOCI Act is to submit annual reports. We can help create these reports for submission to the relevant Commonwealth regulator, so you can demonstrate you are meeting your SOCI cyber security obligations.

Security of Critical Infrastructure (SOCI)

Ready to mature your cyber security?

SOCI is focused primarily on espionage, sabotage and coercion arising from foreign involvement in Australia’s critical infrastructure.

We'll develop your risk management program, and mature your cyber security, to address these key areas.


We uplift your cyber security capabilities beyond systems and tools to help protect you from outside threats, we also help set up the right controls and processes to protect you from within. For instance, ensuring only necessary parties have access to data and that all monitoring and sharing of data is under continual surveillance.


We help protect your key assets from cyber attack by not just considering cyber risk but risk in general. So, really understanding your key crown jewel assets, and the threats to these assets, and then developing a tailored initiatives to protect what matters. For instance, we help with strategy and roadmaps, tools selection and implementation, team training, ongoing monitoring, and maintenance, reporting etc.


Considering coercion both as a weapon against your organisation, or a third party like the Australian Government, we put cyber security controls in place that protect you from insider cyber attacks, which are sometimes carried out by employees without their knowledge.