Fully scoped and substantiated
We scope every engagement clearly and substantiate the cost, so it holds up in your bidding and estimation.
About
A security practice built for Defence suppliers.
We help organisations win and hold the right to supply to Australian Defence, from first DISP certification to ongoing compliance.
Image placeholder · Daryl to specify
The practice
Our mission is to protect the Defence Industrial Base.
Cyvex helps small and medium enterprises participate in the Defence supply chain. We also help international firms, already certified to NIST or CMMC in the United States, become DISP members so they can supply to Australia.
The security expected of Defence suppliers keeps rising. We exist to carry that load: to assess accurately, advise plainly, and keep organisations compliant in a way that is sensible and cost-effective.
How we work
Scoped, substantiated, and sensible.
Economical by design
We help you meet Maturity Level 2 in a minimum-viable way, so you invest wisely rather than over-build.
Senior expertise and service
A team of experts committed to your success, with a real commitment to service throughout.
From readiness to beyond
We stay with you from first certification through ongoing membership, so nothing falls between providers.
Why Cyvex
Why organisations select Cyvex.
Executive and technical capability in one team
We work with directors and senior executives on business risk, governance and investment decisions, while also engaging with internal IT teams, cyber security specialists and managed service providers on the underlying controls.
Advice grounded in operating reality
We do not begin with templates. We examine how the organisation actually works, where Defence information may be handled, who is accountable, which systems and facilities are involved, and what evidence is available.
Experience in complex and regulated environments
Our experience spans Defence, government, financial services and supply chain focused technology organisations. These environments require disciplined governance, defensible evidence, clear accountability and security controls that can withstand scrutiny.
Practical support for SMEs
We recognise that SMEs do not have unlimited personnel, time or budget. Our approach is proportionate and prioritised. We help clients focus first on the requirements that present the greatest risk to DISP readiness and Defence opportunity.
Clear communication for decision-makers
DISP requirements can quickly become technical and difficult to navigate. We translate them into clear business decisions, accountabilities, risks and actions so executives understand what is required and why.
Support beyond the DISP application
Our focus is not simply to help complete an application. We help clients establish security arrangements that can be operated, evidenced and maintained after DISP membership is achieved. We then work with you to maintain membership for the longer term.
A more complete approach
Defence assurance and deep cyber security capability, together.
Cyvex combines Defence assurance experience with deep cyber security capability. This allows us to help clients connect:
- Defence opportunity with security requirements
- Executive accountability with operational responsibility
- Cyber controls with credible evidence
- Policies with actual business practice
- DISP application activity with ongoing compliance
Image placeholder · Daryl to specify
Frameworks we work across
The standards that govern Defence-industry security.
- Defence Industry Security Program (DISP)
- Essential Eight Maturity Level 2
- Protective Security Policy Framework (PSPF)
- Information Security Manual (ISM)
- Information Security Registered Assessors Program (IRAP)
- NIST and CMMC, for international suppliers crossing to Australia
Speak with us
Discuss your DISP, IRAP or security obligations.
We move from first conversation to active engagement in two to three weeks.
Book a discussion
Or call
[CANBERRA PHONE]