Building Cyber Resilience That Lasts
Helping you embed cybersecurity into culture, processes and strategy so your organisation is ready for whatever comes next.
About Me
I’m Luke Hally, a cybersecurity leader and consultant specialising in emerging areas of cybersecurity — where people, processes and technology intersect. With a background in government and human centred design, I help organisations embed security into the way they work, not just the systems they use.
-
Cybersecurity leader, strategist, consultant -
Socio‑technical security, culture and systems thinking focus -
Government, startup and community group experience -
Bridging research and practice to build organisational resilience.
Education & Expertise
Academic
-
Master of Cyber Security Leadership (UNSW) – with Excellence -
Graduate Certificate in AI for Business (Deakin, in progress) -
Research focus on cybersecurity culture and socio‑technical cybersecurity.
Standards & Frameworks
-
International: NIST CSF, NIST SP 800-83, NIST SP 1300, ISO27K, CISA zero-trust maturity model, Mitre ATT&CK -
Domestic: Essential 8, Protective Security Policy Framework (PSPF), Information Security manual (ISM), LATICE.
Expertise
-
Aligning and embedding cybersecurity into organisational processes -
Cybersecurity uplifting -
Systems thinking approach to cybersecurity -
Post-quantum readiness, PQC transition planning.
Cybersecurity is a socio-technical discipline, it needs non-technical as well as technical solutions. I can help you navigate this challenge.
Focus Areas
Socio-Technical Resilience
Technical controls such as firewalls and patching are critical to cybersecurity, but it’s more than that — it’s a socio‑technical discipline, one that depends on how your people, processes and technology work together.
People are essential to this system, treating it solely as a technical problem can actually weaken your security, so embedding security into your ways-of-working is key.
How
-
Identity information flows that occur outside of secure systems -
Assess organisational security policy and reality -
Uplift as required -
Embed security into organisational ways-of-working
Benefits
-
Improve security and compliance -
Reduce human error -
Improve productivity -
Build resilience against evolving threats
Post-Quantum Readiness
Quantum computers will soon render today’s encryption obsolete, with adversaries already harvesting encrypted information in the hope of breaking it later.
This is why the Australian Signals Directorate (ASD) have released guidance to aid organisations in transitioning to Post-Quantum Cryptography. They recommend transitioning by end-2030, and having a transition plan in place by the end of 2026. I will work with you to achieve this timeline.
Post-Quantum Cryptography is expected to be an active area of change for some time, so treating post‑quantum readiness as an ongoing part of your security culture — cryptographic agility — rather than a one‑time project is critical.
How
-
Aligned with ASD guidance -
Assess your readiness -
Build a Cryptographic Bill of Materials (CBOM) -
Create a plan to achieve the ASD timeline
Benefits
-
Protect your data against Harvest-Now, Decrypt Later (HNDL) threat -
Embed cryptographic-agility -
Meet ASD requirements -
Be future ready
Socio-Technical Resilience
Technical controls such as firewalls and patching are critical to cybersecurity, but it’s more than that — it’s a socio‑technical discipline, one that depends on how your people, processes and technology work together.
People are essential to this system, treating it solely as a technical problem can actually weaken your security, so embedding security into your ways-of-working is key.
How
-
Identity information flows that occur outside of secure systems -
Assess organisational security policy and reality -
Uplift as required -
Embed security into organisational ways-of-working
Benefits
-
Improve security and compliance -
Reduce human error -
Improve productivity -
Build resilience against evolving threats
Post-Quantum Readiness
Quantum computers will soon render today’s encryption obsolete, with adversaries already harvesting encrypted information in the hope of breaking it later.
This is why the Australian Signals Directorate (ASD) have released guidance to aid organisations in transitioning to Post-Quantum Cryptography. They recommend transitioning by end-2030, and having a transition plan in place by the end of 2026. I will work with you to achieve this timeline.
Post-Quantum Cryptography is expected to be an active area of change for some time, so treating post‑quantum readiness as an ongoing part of your security culture — cryptographic agility — rather than a one‑time project is critical.
How
-
Aligned with ASD guidance -
Assess your readiness -
Build a Cryptographic Bill of Materials (CBOM) -
Create a plan to achieve the ASD timeline
Benefits
-
Protect your data against Harvest-Now, Decrypt Later (HNDL) threat -
Embed cryptographic-agility -
Meet ASD requirements -
Be future ready
How I Can Help
Cyber Resilience
Strategy
Integrate security and resilience into your organisation in a practical way to meet compliance and build lasting maturity.
Cybersecurity
Awareness
Workshops and real-world story based to improve security across your organisation and individuals’ daily lives.
Post Quantum
Readiness
Prepare your organisation for the arrival of quantum computers, so you are secure now and into the future.
An embedded cybersecurity culture empowers people and creates resilience, enabling organisations to adapt to a changing world.
Latest Insights
Explore my latest thinking on cyber culture, resilience and the socio‑technical landscape. Here are three recent posts.
Let’s Work Together
Ready to build a cybersecurity culture that strengthens your resilience — not just your technology? Or do you want to prepare for a post-quantum world?
Let’s start the conversation.