We are a team of seasoned cyber security and risk management leaders with international exposure across a variety of industries. With our breadth and depth of experience we can quickly identify your risks and controls and ensure they are well-managed. In doing so we promote a prudent risk management culture and help instil requisite risk management principles and practices. Our accomplished cyber security and risk management team is complemented by experienced directors including Geoff Rohrsheim, Jamie Potter and Scott Grigg.

A Thomas.png


Managing Partner

Alan Thomas

With extensive experience across several industries, Alan is a motivational leader with a strong client relationship and management focus. Having established two businesses in Adelaide that have thrived, Alan has a demonstrated ability to grow a business from the ground up. With a heritage in both operations and sales, Alan brings invaluable perspective to our business. Throughout his experience, Alan has gained a deep understanding of the industry and its competing demands as well as the business priorities faced by our clients.



Consulting Partner

Paul Dewsnap

Paul brings twenty-five years’ experience in the banking, professional services, biotechnology and defence industries, having spent the past fifteen years working with regional banks. During his time in the banking industry, Paul participated in numerous Australian Banking Association working groups including Open Data, Cloud Computing and Fintech. Prior to moving into banking, Paul worked in the United States for several years delivering strategic initiatives spanning both North America and Europe.

Paul has held several senior roles including Chief Information Security Officer with ME Bank, Head of Strategy and Architecture and Head of Information Security and IT Risk with Bendigo and Adelaide Bank, Head of Information Security with Adelaide Bank, and Director of Technology Strategy and Architecture with Robert Half International.

Paul possesses a unique blend of strategic and business planning skills, coupled with an extensive background in mergers and acquisitions, digital technology, core systems integration and consolidation, IT outsourcing, information security and operational risk management.

Paul advises Directors and C-Suite Executives on the application of emerging technologies, and the associated opportunities, risks and compensating controls. He also works with Business SA to assist young entrepreneurs to develop innovative and sustainable businesses.



Consulting partner

Jayson Walmsley

Jayson brings more than twenty-five years of experience in banking and finance, information technology, risk and security. He has held roles including Head of Information Security at Bendigo and Adelaide Bank and Manager of Networks, Telecommunications and Payment Systems at Adelaide Bank.

Jayson believes that a robust security strategy fully integrated within the business is a necessity for all organisations, not only to manage the ever-increasing threat of security risk, but more importantly as a business enabler in today’s digital world.

He is passionate about working with businesses to assist them strike the right balance between securing data and technologies and realising business benefit. Jayson believes in facilitating a mindset shift from perceiving security as a ‘cost of doing business’ to embracing it as a growth enabler.

Jayson’s areas of speciality are cyber security strategy and cyber risk management taking a business driven, risk-based approach. He has a strong track record of assisting businesses embed cyber resilience, maximise the value of technology and managing complex programs of work and has undertaken numerous security and risk reviews.

Jayson is a board member of the ISACA Adelaide Chapter and member of the Australian Information Security Association. 



Principal Consultant, Risk Advisory

Amy Wright

Amy brings more than fifteen years of experience across a broad range of technology risk and advisory services, including internal and external audit and specialist consulting services to clients across a variety of industries and government agencies in Australia, the United States and Singapore.

Amy has provided audit and consulting services in IT security management, IT governance, business continuity management, regulatory compliance, records management, project management, software asset management reviews, IT due diligence and occupational health and safety.

Amy also has experience conducting technology and audit related training sessions and workshops on a variety of topics including risk management, IT internal and external audit, IT security management, change management, project management methodologies and business continuity management.

Amy is a member of the Information Systems Audit and Control Association (ISACA). She has presented at industry events including the Adelaide Institute of Internal Auditors, and the Adelaide Business Continuity Management Information Exchange forum.



Principal Consultant, Cyber Security

Cerri Morgan

Cerri brings twenty years’ experience in IT, having specialised in cyber security and risk for over fifteen years.  He has held senior roles in both Ireland and Australia, working in the banking and finance, higher education and agribusiness sectors.

Cerri’s direct skills and experience have included cyber security strategy and program development, risk management, security awareness, policy and standards, threat and vulnerability management, application security, identity management, enterprise security architecture, incident response and remediation, cloud security, third-party security assessments and delivering targeted education seminars, to name but a few.

Cerri is certified in a number of specialised security areas and has a Masters’ degree in Science Communication. He is also a part-time lecturer at the University of South Australia’s for the Masters’ degree in Cybersecurity and a member of the Australian Information Security Association. Cerri is passionate about managing cyber security risk across all organisational levels and raising awareness of cyber threats.