Together
Security and Risk Management advisory
Protecting trusted workforces and critical infrastructure through practical, risk-based security solutions.
We support organisations to design and implement protective security and risk management capabilities that are structured, defensible, and embedded into day-to-day operations.
Our work focuses on areas where risk is most complex and often least understood — people, supply chain, and operational dependencies — particularly where workforce risk intersects with critical assets and operations.
While our experience is deeply informed by supporting organisations under the Security of Critical Infrastructure Act 2018 (SOCI Act) and other regulatory frameworks, including the Commonwealth Government’s Protective Security Policy Framework (PSPF), our approach applies across both private and public sector organisations seeking to strengthen security, governance, and resilience.
Core Capabilities
1. Enterprise Security and Risk Management Programs
Design, review, and evaluation of integrated security and risk management frameworks, including Critical Infrastructure Risk Management Program (CIRMP) and security maturity assessments. Supporting organisations to demonstrate both compliance and protective security effectiveness.
Download Our Service Brochures
CIRMP SECURITY MATURITY ASSESSMENT and evaluation (59 reQuirements)
telecommunications CIRMP SECURITY MATURITY ASSESSMENT and evaluation (77 reQuirements)
2. Personnel Security and Insider Risk
Structured, risk-based approaches to managing workforce trust, insider threat, and ongoing suitability across the employment lifecycle. Linking roles, access, and behaviour to security risk and organisational impact.
Download Our Service Brochures
CRITICAL WORKER IDENTIFICATION AND RISK MANAGEMENT FRAMEWORK
INSIDER THREAT PROGRAM
Trusted Workforce Program
3. Supply Chain and Third-Party Risk
Identification and management of supplier risk through structured mapping, categorisation, and integration into enterprise risk. Establishing a clear link between third parties, critical assets, and operational impact.
Download Our Service Brochures
RISK-BASED SUPPLY CHAIN MAPPING AND CAtegorisation framework
SUPPLY CHAIN RISK MANAGEMENT FRAMEWORK
Education and Community
Build internal capability through our eLearning Hub, supported by online and in-person workshops, articles, podcasts, and a growing Community of Practice.
Download e-Learning Hub Catalogue
e-LEARNING HUB CATALOGUE
How we work
We support organisations at different stages of maturity — from building internal capability to delivering full program implementation. This enables you to engage in a way that aligns with your organisation’s needs, priorities, and operating environment.
| Option 1 | Option 2 (Recommended) | Option 3 |
| Self-Guided (eLearning) | Guided Implementation | Full Advisory |
| eLearning courses, templates, and tools | Courses combined with targeted advisory support | Pentagram-led design, implementation, and evaluation |
| Best for: building internal capability | Best for: structured implementation with expert support | Best for: end-to-end delivery and independent evaluation |
| Learn at your own pace Apply structured methodology Build internal capability | Refine your approach Align stakeholders Apply frameworks consistently Validate decisions | End-to-end program design Independent analysis and challenge Board-ready outputs Full implementation support |
Start a Discussion
If you are looking to strengthen your organisation’s security and risk capability, we invite you to start a discussion with us. Together, we will assess your current approach across workforce, supply chain, and operational security, and define a structured, defensible path forward aligned to your organisation’s maturity, priorities, and operating environment.
