OxComm Cybersecurity

Standards-Based Frameworks & Governance

Secure the stack.

Technology shifts. AI accelerates.
Zero Trust redraws the perimeter.
Governance endures.

CISSP· CISM· CISA· 30 years

Global framework alignment across every layer of the OSI stack — from the physical layer to the application layer — safeguarding private and sensitive information wherever it lives.

60% of breaches involve the human element — phishing, error, social engineering. Verizon DBIR, 2025
63% of organisations have no AI governance policy in place at all. IBM Cost of a Data Breach, 2025
22% of breaches begin with stolen or abused credentials. Verizon DBIR, 2025
$2.66m saved per breach by organisations with a tested incident response plan. IBM Cost of a Data Breach, 2025
$173k average cost of a breach to a New Zealand SME. NCSC NZ, 2025

Every one of these is a governance failure before it's a technical one — which is also why every one of them is preventable.

About

30 years in information security, across government, critical infrastructure, and technology sectors. Experience at CISO level, leading security programmes, and advising boards and executive teams on risk, governance, and strategic security investment.

A decade of CISM and CISA-level governance work underpins a practice built on frameworks that actually get implemented — not just documented.

OxComm is an independent advisory practice — senior-level expertise without the overhead of a large consultancy. Engagements are kept deliberately limited to ensure quality and genuine attention to each client.

New Zealand–based. Available for remote and on-site engagements across the public and private sectors.

Services

Advisory work across the full security spectrum — from strategic governance to hands-on risk and compliance delivery. Engagements are typically advisory, programme-level, or interim CISO.

Expertise

CISSP-certified since 2006, with 30 years of applied practice across the domains that matter most to organisations navigating real security challenges.

Security & Risk Management Security strategy, policy design, risk frameworks, and governance structures aligned to organisational objectives.
Security Architecture & Engineering Architecture assessment, security design principles, and technical risk evaluation across on-premise and cloud environments.
Governance, Risk & Compliance ISO 27001, NZISM, and PCI DSS implementation and assurance — from gap analysis through to audit readiness.
Security Assessment & Testing Risk assessments, threat modelling, penetration testing oversight, and security programme evaluation.
Security Operations & Continuity Incident response planning, tabletop exercises, business continuity, and operational security capability uplift.
Identity & Access Management IAM strategy, privilege access controls, and identity governance across enterprise and cloud environments.

Contact

Engagements are taken selectively. If you're looking for senior security advisory support — interim CISO, programme leadership, or compliance work — get in touch.

New Zealand–based  ·  Remote and on-site engagements