About Morrisec
Cyber Security Designed For Your Business
At Morrisec, we tailor our services to meet the unique needs of your business, including the threats and risks specific to you. Your security controls are designed to secure and enable your operations, aligning with your business goals and objectives, not impact critical business operations. By taking a risk-based approach to cyber risk management, you can optimise the return on investment in cybersecurity spending commensurate with your business requirements and your risk profile.
Governance, Risk and Compliance (GRC) processes play a vital role in shaping your cybersecurity strategy. They assess and control risk, provide guidance on secure operations based on your unique risks, and ensure compliance with legal, regulatory, and contractual obligations for seamless business continuity and customer engagement. Without proper GRC processes utilising a risk-based approach to security, an organisation relies on intuition or assumptions when implementing technology, services, and processes, leading to inefficiencies, wasted resources, poor ROI on cybersecurity efforts, and negative business impacts.
Morrisec is a pure-play cybersecurity GRC company that specialises in delivering risk management and compliance solutions. Our goal is to enable your business by providing customised security services based on your unique threat and risk profile.
Every organisation’s cybersecurity requirements differ, influenced by factors such as industry, size, location, and critical assets such as intellectual property. Not every organisation requires “military-grade” security, nor is every organisation targeted by highly resourceful nation-state actors. It is unnecessary to invest significant money, time, and resources in implementing excessive controls beyond the necessary risk mitigation measures specific to your organisation.
Our Mission
Empowering organisations by providing simplified, cost-effective cybersecurity solutions designed to meet their specific needs.
Our Vision
The future of cybersecurity is one where all companies can utilise current and emerging technology securely, ensure their data is protected, enabling them to focus on their strategic goals.
Dr Sarah Morrison
Co-CEO
Sarah’s background in cybersecurity is both extensive and diverse. Commencing her career as a developer, Sarah has a background in Criminology, has served as an investigator in fraud and corruption for government agencies, managed IT and security risk as part of her tenure at one of Australia’s top 4 banks, provided cybersecurity services to a multitude of clients and managed teams responsible for GRC consulting. Most recently, Sarah served as the Chief Information Security Officer (CISO) at Australia’s largest ASX-listed cybersecurity company, where she successfully achieved ISO/IEC 27001 certification in under six months. In addition to her industry experience, Sarah has contributed to the advancement of the field through her university research and continued teaching in cybersecurity and data transformation as part of an MBA degree program.
With a PhD in Russian Information Operations, Sarah has a deep understanding of threat actors and their motivations. This knowledge, coupled with Sarah’s extensive real-world experience, spanning over two decades, gives her a deep understanding of how different types of threat actors can affect your business, their tactics, techniques and procedures (TTPs), and how to protect against them.
Sarah has been a trusted consultant to clients across all industries and verticals. She excels in comprehending the unique needs of each business, analysing their specific threat profile and risks, and tailoring a security strategy that is most suitable for their organisation.
Sarah’s mission is to decrease the cost, time, and effort invested in fulfilling cybersecurity demands, and help businesses mature their security posture, all while supporting business growth. Her passion for security has led her to serve as a trusted advisor to countless boards and Audit and Risk Committees (ARC), providing insight into the current threat landscape, risk profile, and security posture of clients who have compliance obligations, such as APRA’s CPS 234, organisations seeking ISO/IEC 27001:2013/2022 certification, and those with local and international privacy requirements.
David Morrison
Co-CEO
With a wealth of experience spanning more than two decades, David has established himself as a leading cybersecurity professional. His expertise and knowledge have proven invaluable in safeguarding organisations from cyber threats across a gamut of industries and roles. A key differentiator in David’s experience is having worked extensively across all key areas of cybersecurity, including governance, risk and compliance, penetration testing, threat detection and threat hunting, digital forensics, security training and education, exploit research and development, network architecture, and network security implementation and management. David’s wealth of knowledge and experience gives him a unique perspective and ability to assist organisations in managing cyber risks across any domain. Being able to prioritise risk mitigation activities based on real-world threats and the specific risk profile of each individual business is critical to progressing cyber maturity and resilience within defined budgetary constraints. David’s ability to communicate with highly technical personnel and then switch to engage with the C-suite on business risk and strategy within the same meeting is an incredibly distinct advantage when supporting organisations.
David’s extensive tenure in one of Australia’s leading universities, where he worked in a challenging and high-risk environment with limited budgets and resources, has afforded David the skills and experience to develop practical solutions that effectively minimise risks while remaining cost-effective. This has been especially beneficial to small and medium-sized businesses that are always constrained by limited budgets and resources. In addition to his experience client-side, David has also consulted with a multitude of organisations across all industries, assisting them in identifying both technical and procedural risks and reducing them according to their unique risk appetite.
David has an unwavering commitment to cybersecurity, having co-founded Australia’s first ‘hacker’ conference, Ruxcon, in 2003 with two other cybersecurity professionals. David has a deep-seated commitment to giving back to the industry he has dedicated half his life to, as well as a passion for teaching. He has taught network security and penetration testing at TAFE NSW, including the Certified Ethical Hacker (CEH) course. Simultaneously, he has mentored teams from various Australian tertiary institutions in Capture the Flag (CTF) contests. Recently, he has taught courses for one of Victoria’s largest universities, covering governance, risk and compliance (GRC), system administration and system hardening, programming, networking and network security, cryptography, cloud security, penetration testing, and digital forensics and incident response (DFIR).
David’s ultimate objective is to demonstrate that cybersecurity is not as daunting as it appears and that implementing effective controls to minimise risk does not necessarily require an exorbitant financial investment. To him, cybersecurity should enable businesses to thrive and achieve their full potential, not hinder processes and impede innovation. David firmly believes that there is always a way to decrease risk while still supporting the growth and success of the business.