Engineering in Action

Real world examples of how we design, build and deliver secure sovereign solutions for complex mission outcomes.

Sovereign

Australian data, Australian control

Secure by Design

Built to IRAP, ASD and Zero Trust principles

Mission Focused

Outcomes over outputs. Delivery over slideware.

Engineering First

Pragmatic. Scalable. Built for the real world.

Cyber & IRAP

Security Services and Assurance.

Trusted cybersecurity assurance for Government, Defence & Enterprise. SolStak provides independent cybersecurity assessment, advisory, and assurance services that help organisations strengthen security posture, meet compliance obligations, and build resilient digital environments.

Assure

Evidence and assurance aligned to government frameworks.

Uplift

Readiness uplift and control remediation that sticks.

Evidence

Control artefacts, test results and auditable traceability.

Operate

Sustainable security controls in run-state operations.

Assurance & Compliance Services

We work with government agencies, defence industry participants, SaaS providers, software engineering teams, and regulated enterprises to deliver practical, risk-based security outcomes aligned to Australian Government and industry frameworks.

IRAP Assessments

SolStak delivers independent IRAP assessments aligned with the Australian Government Information Security Manual (ISM).

Our IRAP assessors work closely with organisations to evaluate cloud environments, systems, applications, and operational controls against ASD requirements, helping customers achieve accreditation readiness with clarity and confidence.

  • Independent IRAP security assessments
  • ISM control validation and evidence review
  • Accreditation support and reporting
  • Cloud and hybrid environment assessments
  • Risk identification and remediation guidance
Learn more

IRAP Preparation & Readiness

Preparing for an IRAP assessment requires more than documentation alone. SolStak helps organisations identify gaps early, implement required controls, and establish evidence-based compliance readiness.

We provide practical uplift guidance across governance, operational security, cloud environments, and technical control implementation.

  • IRAP readiness assessments
  • ISM gap analysis
  • Remediation roadmaps
  • Security control uplift
  • Accreditation preparation support
Learn more

Essential Eight Assessments

SolStak conducts Essential Eight maturity assessments aligned with the Australian Cyber Security Centre (ACSC) maturity model.

We help organisations understand current maturity levels, identify gaps, and prioritise remediation activities that reduce cyber risk and improve resilience.

  • Essential Eight maturity reviews
  • Technical and procedural control validation
  • Executive and operational reporting
  • Gap identification and prioritised recommendations
  • Independent assurance against ACSC guidance
Learn more

Essential Eight Uplift & Preparation

Our consultants work with organisations to design and implement practical uplift programs aligned to Essential Eight maturity targets.

We support remediation activities across identity management, endpoint security, application control, patching, backups, and operational governance.

  • Maturity uplift planning
  • Security remediation guidance
  • Technical control implementation advisory
  • Operational policy alignment
  • Ongoing assurance support
Learn more

ISM & PSPF Alignment Assessments

SolStak provides assessments and advisory services aligned to the Australian Government ISM and Protective Security Policy Framework (PSPF).

We assist organisations in understanding compliance obligations, improving governance maturity, and preparing for government security expectations.

Learn more

Advisory & Governance Services

Our services span independent assessments, remediation and uplift programs, ongoing security advisory, and secure engineering assurance.

CISO as a Service

Experienced security leadership through flexible fractional and virtual CISO engagements.

  • Security strategy development
  • Executive and board advisory
  • Risk management oversight
  • Security program governance
  • Compliance and assurance leadership
Learn more

IT Security Advisor as a Service

Embedded security expertise across projects, cloud transformations, software delivery programs, and operational environments.

  • Security advisory support
  • Solution and architecture guidance
  • Project security reviews
  • Vendor and third-party risk input
  • Operational security uplift
Learn more

Security Governance as a Service

Sustainable governance practices that support ongoing compliance and operational maturity.

Policy governance, risk tracking, audit coordination, executive reporting, and security program management.

Learn more

Cloud & DevSecOps Security

Software Factory & DevSecOps Assurance

Assessment of software factories, CI/CD pipelines, and DevSecOps operating models — security integration across build, deploy, secrets, dependencies, and developer practices.

  • DevSecOps maturity assessments
  • Secure SDLC reviews
  • Pipeline security assurance
  • Secrets and credential management reviews
  • CI/CD governance assessments
Learn more

Cloud Security Assessments

Independent cloud security reviews across AWS, Microsoft Azure, Microsoft 365, hybrid, and containerised environments.

  • Cloud security posture assessments
  • Landing zone security reviews
  • Microsoft 365 security assessments
  • Kubernetes and container security reviews
  • Identity and access management assessments
Learn more

Infrastructure-as-Code (IaC) Security Reviews

Review of IaC implementations to identify security risks before deployment to production — Terraform, Bicep, CloudFormation, GitHub Actions, Azure DevOps, and related automation tooling.

Learn more

Security Documentation & Audit Readiness

Security Documentation Uplifts

Development, review, and uplift of security documentation aligned to regulatory frameworks and best practice.

  • Security policies and standards
  • Incident response procedures
  • Access control procedures
  • Cloud security standards
  • Operational security processes
  • System Security Plans (SSPs)
Learn more

Audit Readiness Programs

Structured readiness programs that improve evidence quality, governance maturity, and operational preparedness for audits, regulatory reviews, and assurance activities.

Learn more

Continuous Assurance Services

Continuous Security Assurance

Ongoing assurance services that help organisations maintain compliance, track remediation progress, and continuously improve security posture.

  • Ongoing control reviews
  • Remediation tracking
  • Security governance reporting
  • Continuous compliance support
  • Risk and assurance monitoring
Learn more

Security Program Uplift Roadmaps

Actionable, prioritised uplift programs that align security investment with operational and business risk.

Practical guidance for improving maturity over time while balancing organisational priorities and delivery constraints.

Learn more

Need IRAP readiness, an assurance uplift, or delivery-side security engineering? Talk to our team for a tailored briefing.

Speak to an assurance specialist