Our Thoughts on Information Security

At Iron Spear Information Security we regard information security as a trilogy of;

  • creating the right security culture with employees, customers and contractors,
  • building effective processes to protect information without impeding business, and
  • implementing technology solutions that address key risks.

Security is NOT achieved by implementing technology, rather by mitigating risk.  By translating technical vulnerabilities into business risk and seeking effective mitigating controls based upon the business risk, security will begin to add value to any organisation.  

We are a dynamic team of experienced security professionals with excellent references and a broad range of security experience.  For us information security is a passion and our goal is to assist our clients develop security programs that bring value to the business.

We won't drown you in technical documentation, rather we will translate your security issues into business risks, a language any CEO or Board Member can understand.

We operate nationally and across all industries and have strategic partnerships to provide a wider range of services outside of information security.


We offer a broad range of services described in more detail in the services page, some of which include;

  • Creating the right security governance
  • Developing your security program, including policies, standards and guidelines
  • Security strategies and practical roadmaps
  • Security maturity assessments
  • Alignment to security frameworks & standards (e.g. ISO 27000, NIST, COBIT)
  • Development of security awareness & training
  • Developing security risk models based on your enterprise Risk Framework
  • Vendor management and KPI's
  • Technical vulnerability Assessments
  • Penetration Testing
  • Internal Audit Assistance 
  • NERC CIP Assistance