Stepping up your cyber security

We empower Australian SME’s to build resilience against cyber threats through simplified, fit-for-purpose programs.

Cyber risk experts for SME’s

Our fit-for-purpose program was built by combining our extensive expertise in cyber security and understanding of Australian SME’s businesses. Empowering you to sustainably defend your business in this ever evolving landscape.

Flexible & Affordable

We coach you through ISO 27001 implementation at your pace and you decide the budget.

Long lasting, sustainable impact

We empower you to upskill and build a sustainable cyber secure culture within your business, always keeping you a step ahead. 

Uniquely Australian

We use our expertise in Australian businesses and risk management to ensure you are in the best position to stay a step ahead of cyber security in today's climate.

Cyber Steps, designed by cyberworqs

CyberWorqs is a cyber risk management consulting firm, and the power behind the Cyber Steps program. Led by founder, Cindy Lau, our team has a unique skill set in risk management and IT security. We work with businesses across all industry sectors to help management teams understand cyber security risk as an operation risk and what it takes to build a cyber security culture in the organisation.

We focus on providing a complete cyber security solution that covers technology infrastructure and governance. We help businesses identify risks and threats, understand the regulatory environment they operate in, identify the stakeholders, and implement frameworks to manage all aspects of cyber risk.

The Cyber Steps program was established to meet the needs of SME’s. We understand that SME’s have to play by the same rules as the ‘big guys’ when it comes to cyber security obligations but it’s tough with limited access to resources and time. Our coaching program is the perfect DIY solution with expert guidance.

Our philosophy is simple. There is no 'one size fits all' solution when it comes to cyber security. We work with you to provide cost-effective solutions to meet your needs.

Frequently asked questions

Not sure which product is right for you? Or looking for more information on the implementation of the ISO 27001 framework?? Check out our frequently asked questions.

Who is delivering the Cyber Steps coaching and support?

Cyber Steps is delivered by CyberWorqs, an Australian based cyber risk management consulting firm. We work with businesses across all industry sectors to help management teams understand cyber security risk as an operation risk and what it takes to build a cyber security culture in the organisation.

Our team of coaches are seasoned professionals with extensive expertise in ISO 27001 and cybersecurity governance, risk and compliance. They bring practical insights and industry best practices to guide you effectively.

How does the coaching process work?

Our coaching process involves tailored sessions where we address your specific needs and goals for ISO 27001 implementation. We work closely with you to customise the format, topics, and learning approach.

Can I choose the topics to cover in each session?

Absolutely! You have full control over the topics covered in each coaching session. We’re happy to provide guidance but overall we adapt the content to align with your priorities and areas of focus.

What if I'm not sure which topics to prioritise in each session?

If this is the case we can spend some of our initial session assessing your organisation's unique requirements to help identify the most relevant topics to cover. We will also help you plan a roadmap.

How long does the entire process take?

We work to your timing and budget. It is important to remember that implementing ISO 27001 involves making changes to your business. Depending on what changes are required, you can expect it to take 3-6 months to implement an ISMS.

Can the coaching sessions be adjusted as we progress?

Yes, flexibility is built into our coaching approach. As your needs evolve, we can modify the format and content of the sessions to ensure continued relevance and effectiveness.

Is the coaching only for individuals, or can my team participate as well?

Yes, our coaching program can be extended to include your team members. We encourage workshops for knowledge sharing and offer guidance on how to cascade the learnings to your wider organisation.

Are the coaching sessions conducted in person or online?

We offer online coaching sessions to accommodate your preferences and geographic location.

Can the coaching help us address specific challenges we're facing?

Absolutely! Our coaching sessions are designed to address your unique challenges and provide targeted solutions tailored to your organisation's needs.

How soon can we start the coaching program?

We strive to accommodate your timeline. Once you purchase your desired program we can promptly book in the first coaching session.

What outcomes can we expect from the coaching program?

By participating in our coaching program, you can expect to gain a deeper understanding of ISO 27001, whether this be a specific control we are focusing on or an area of the framework. You will be able to confidently navigate the next step towards a successful certification and overall improved cyber security posture for your business.

What is the difference between the coaching services and the support services?

Our coaching services are packaged up in three offers, with different hours depending on what you require. Our support services are single engagements or ongoing services to complement your ISO 27001 implementation and obligations. Coaching services are best for those who are working through their ISO 27001 framework, our support services are for more individual circumstances or specific times within the implementation and certification lifecycle.

What does the ISO 27001 Baseline Review report include?

The comprehensive report includes an executive summary and indicative Statement of Applicability. It provides a detailed analysis of your current security posture and the Annex A controls that are likely to be applicable to your ISMS.

Can I outsource my ISO 27001 internal audits?

Yes! Outsourcing internal audits ensures that they are conducted correctly and thoroughly by expert analysts. It brings an unbiased perspective and ensures compliance with the mandatory audit requirements. We can help you conduct these audits, simply get in touch.

What will I receive after the internal audit?

After the internal audit, you will receive a detailed report that provides insights into your organisation's adherence to ISO 27001 requirements. The report will highlight areas of strength, non conformities and areas that need improvement.

How can I prepare for the ISO 27001 audit?

We’d recommend a pre-audit assessment where we’ll review your mandatory policies and ISMS. It identifies gaps and we provide you with a report with actionable steps to polish your ISMS. We also offer an audit coaching service to provide guidance and help you anticipate and answer audit questions effectively. It prepares your organisation for the certification audit and ensures readiness.

How does the online training subscription work?

The online training subscription (USecure) is an annual subscription which delivers monthly learning modules in the form of videos and quizzes. It also includes a monthly simulated phishing test to enhance employee awareness and response to phishing attacks. Real-world phishing scenarios are simulated to test and improve their ability to recognise and respond to potential threats. It enables ongoing employee education and training on cybersecurity risks, ensuring ISO 27001 compliance.

What are cyber risk management services?

Cyber risk management services involve identifying and assessing potential risks to your organisation's information security. It includes implementing risk treatment measures in line with the ISO 27001 framework.