Frenchelephant is a Brisbane-based cyber security consultancy specialising in identity, governance, and security strategy for Australian organisations navigating an increasingly contested digital landscape.
Most cyber programs fail not on technology, but on translation — between technical risk and board accountability, between vendor promises and operational reality. Frenchelephant exists to close that gap.
Founded by a senior practitioner with deep experience across enterprise identity, security architecture, and Australian regulatory frameworks, Frenchelephant brings vendor-independent counsel to organisations who want clarity, not catalogues.
The practice draws on more than a decade of work alongside Australian enterprises, government, and financial institutions — and on continuing engagement with the global identity and zero-trust ecosystem.
Engagements are deliberately small in number and senior in delivery. You work with the principal, not a team you've never met.
Engagements are scoped to specific outcomes — a board paper, an architecture decision, a vendor short-list, a recovery plan — rather than open-ended retainers.
Strategy, architecture, and vendor selection for organisations re-platforming or maturing their identity estate.
Translating cyber risk into language that boards can govern and executives can fund.
Independent assessment of identity, endpoint, and security platforms — without channel incentives.
Trusted counsel for directors, CEOs, and CISOs facing material cyber decisions — informed by AICD governance practice.
Formal credentials matter; lived experience matters more. Both are listed here.
Certified Information Systems Security Professional — ISC². The benchmark certification for senior security practitioners.
Graduate of the Australian Institute of Company Directors — formal grounding in director duties, governance, and board practice.
Sustained governance experience in the Australian not-for-profit sector, including federated structures and ACNC compliance.
Regional responsibility across identity security, customer engagement, and partner ecosystem development in Australia and New Zealand.
Architecture and consulting engagements across financial services, government, and large enterprise customers.
Governance leadership of a federated Australian not-for-profit, including policy, member frameworks, and council oversight.
Occasional writing on identity, governance, and the practical reality of running cyber programs in Australia.
As autonomous agents move from demo to deployment, the identity questions shift from "who is using this" to "what is acting on whose behalf, and with what authority."
Coming soon · 6 min readThe Essential Eight is necessary but rarely sufficient as a board narrative. A short note on the metrics that translate, and the ones that quietly mislead.
Coming soon · 8 min readA practitioner's view of the platforms, partners, and patterns shaping identity programs across Australian enterprises this year.
Coming soon · 10 min readInitial discussions are confidential and without obligation. Whether you have a specific decision in front of you or a vaguer sense that something needs to change, a thirty-minute call usually clarifies whether and how Frenchelephant can help.