Welcome to Novera!

Every successful business today has a significant digital footprint. Operating digitally involves risks – from AI systems, cyber criminals, and data breaches. We offer strategic advisory, assessment and consulting services to help our clients navigate the digital risk world with confidence.

Get in touch »

From AI

AI is now embedded across business operations, delivering efficiency gains through automation and smarter decision-making. However, with these benefits come new and often less visible risks. The data organisations input into AI, often rich in sensitive, personal, or proprietary information, can raise significant privacy and intellectual property concerns. Leaders must take a deliberate approach to understanding how AI is used across their enterprise, ensuring risks are identified, managed, and governed in line with evolving regulatory and ethical expectations.

From Cyber

Cyber risk is an evolving challenge, driven by increasingly sophisticated threat actors and rapid technological change. Any organisation that relies on digital systems is exposed, whether through data, infrastructure, or third-party relationships. Leaders must understand where their specific vulnerabilities lie and take decisive steps to address them. Mitigation isn’t always about complex technology; it often starts with clear policies, sound governance, and a culture of risk-aware decision-making.

From IT

IT risk evolves continuously as systems become more interconnected and businesses grow more reliant on digital operations. Any organisation using technology to manage data, deliver services, or communicate is exposed to a range of operational and strategic risks. Understanding the specific IT risks facing your business is essential to maintaining continuity, compliance, and performance. Effective responses may involve robust governance frameworks, or simply clear policies and procedures to ensure technology is used responsibly and reliably.

Novera can help protect businesses because in addition to our technical skills detailed below, we understand their needs. We have many years’ experience advising organisations’ senior leadership. We understand the risks and consequences they face through technology, operations, and governance and offer practical advice to help manage those risks in the simplest ways possible.

Tony Vizza has been involved in information technology, information security, privacy and compliance for more than 25 years, most recently as partner leading cyber advisory services at a large advisory firm, undertaking cyber risk advisory work for ASX50 firms and others. He provides expert evidence services in matters relating to cybersecurity breaches.

Tony has completed a Bachelor of Science in Computing Science from the University of Technology, Sydney, a Global Executive MBA from the University of Sydney, a Juris Doctor law degree and a Graduate Diploma in Legal Professional Practice from the University of New South Wales. He is a Fellow of the Governance Institute of Australia, holds numerous cybersecurity, risk management, privacy and AI certifications, is a senior member of the Australian Computer Society (ACS) and is a Teaching Fellow at the University of New South Wales.

Luke Scerri has more than 25 years experience in cybersecurity, information technology, and risk management, specialising in critical infrastructure and enterprise security.

He has held leadership roles in major cybersecurity and IT consulting firms. In these roles, he spearheaded cybersecurity assessments, governance frameworks, and risk management programs for critical infrastructure, government organisations, and SMEs. He has advised boards and executives, presenting tailored risk uplift roadmaps to enhance compliance and resilience.

Luke has directed the creation of tailored cybersecurity uplift roadmaps, enabling organisations to address vulnerabilities and enhance resilience and has conducted risk assessments for critical infrastructure assets across Australia. He holds a Bachelor of Information Systems from the Australian Catholic University and major certifications listed below.

• AI risk assessments for organisations already using or considering the use of AI technologies
• AI management systems (AIMS) compliance assessments and uplift support for international standard ISO/IEC 42001
• Regulatory compliance for organisations planning to use AI systems
• Cybersecurity and privacy advisory for AI systems

• Cybersecurity strategy and roadmap development implementation
• Cybersecurity compliance support
• Third party cybersecurity assessments, policy development and/or implementation
• Virtual or Fractional CISO services (vCISO)
• Risk, gap and maturity assessments using the NIST Cybersecurity Framework, the ASD Essential Eight, SOCI, IRAP and APRA CPS-234
• Readiness assessments and advisory services for international standard ISO/IEC 27001
• Data breach readiness including incident response planning.
• Board and senior management training and education
• Subject matter expertise and expert opinion reports for legal matters

• Digital transformation advisory
• IT governance reviews
• IT strategy and roadmap development
• Advisory support to achieve assurance and compliance to operational requirements and compliance with requirements such as APRA CPS-230.
• Virtual Chief Information Officer (vCIO)
• Virtual Chief Technology Officer (vCTO)

Our technical credentials

Many IT providers promise to be experts in AI, cybersecurity, and privacy. These are specialist areas that require knowledge beyond the installation of new software or hardware, which may not even be necessary.

Our qualifications include degrees in information technology, computer science, business administration and law. Our certifications include:

• CISSP (Certified Information Systems Security Professional), ISC2
• CCSP (Cloud Certified Security Professional), ISC2
• CIPP/E (Certified Information Privacy Professional / Europe), IAPP
• CISM (Certified Information Security Manager), ISACA
• CRISC (Certified in Risk and Information Systems Control), ISACA
• ISO/IEC 27001 Senior Lead Auditor, PECB
• Senior membership of the Australian Computer Society (MACS)
• Fellowship of the Governance Institute of Australia (FGIA)

Our court expert status

In addition to our technical expertise, we are experts as recognised by the justice system. Should a matter end up in court and expert testimony is required, we are able to appear in court to support legal argument.

We have the recognition, skills, knowledge, and experience to present evidence that will withstand legal scrutiny and the ability to operate effectively under cross-examination. This includes the ability to write reports covering complex material in simple but accurate language for investigations and proceedings.

Here are some examples of how Novera provide tangible value and outcomes to organisations every single day

Mitigating AI risk for a large financial services provider

The specialist provider of mortgage and loan products became concerned about their cyber risk after several small-scale breaches. During our assessment, we discovered staff were routinely using public generative AI tools in conducting their business. They were unaware that this could lead to the inadvertent widespread dissemination of sensitive personal customer information through AI technologies — to their competitors as well as publicly.

We undertook a bespoke AI risk assessment, first to understand how, when and why staff were employing generative AI tools. This identified several high impact risks. Generative AI tools were granted access to internal workloads and resources, and staff were uploading sensitive information and documents into public generative AI tools to create executive summaries. Our solution was to help the provider implement technical controls that would mitigate the key risks. This included a company-wide AI use policy and user awareness training to ensure that staff understood the risks associated with generative AI tools and used them in accordance with that policy.

The financial services provider now has a far better understanding of the types of tools its staff are using, and how they are using them. Critically, the provider is benefitting from the advantages that AI tools bring, while managing the security and privacy risks associated with these tools.

Reducing cybersecurity risk around Big 4 bank institutional clients

The ‘big 4’ Australian bank provides wholesale and retail banking services across the Asia-Pacific region. After several publicised breaches (including some within its client base), they became concerned at the potential risk they faced if their wholesale, or ‘second tier’ clients were not adequately protected from cyber attack.

Our solution was to develop a bespoke cybersecurity risk assessment tool they could use to assess their clients’ cyber risk. The desktop tool provided visibility on how the clients were managing their own risk and allowed us to assess the Big 4 bank’s exposure and how that could be improved.

The bank is now able to manage its own risk and improve that of its clients – something they value greatly.

ISO/IEC 27001 Accreditation for a global firm

The firm, a major provider of software and support services to tertiary education institutions globally, merged with an overseas entity. The merged entity was required to align information security management systems to maintain its ISO/IEC 27001 accreditation across jurisdictions.

The solution was to adapt policies, procedures and practices to ensure that they met the strict requirements of ISO/IEC 27001 consistently in North America and Australia. We helped the client prepare for their certification audit and ensured they reattained the ISO/IEC 27001 certification on the first audit.

Privacy in the health and wellness sector

The health and wellness services provider had been experiencing theft in its studios, so set up cameras to deter potential thieves. However, clients complained in relation to privacy.

We undertook a privacy impact assessment to help the client understand the privacy and legal implications of operating cameras within an environment where its clients had legitimate privacy concerns. We worked with the client to develop appropriate privacy policies and processes that informed and reassured its clients.

Equally important, however, was the issue of confidential client data, which had not been considered by the client. We helped the provider establish appropriate data retention policies, procedures and security to protect confidential data.

Helping a jewellery retail chain protect its other assets

The high-profile boutique jewellery retailer offers high-end jewellery to a prestigious client base of wealthy individuals though multiple exclusive  outlets on Sydney’s north shore. The organisation wanted to protect confidential client data.

We investigated their business processes to assess their cybersecurity risk and discovered several areas for improvement. Our recommendations allowed them to improve their data security and protect their sensitive client and proprietary information. We developed a roadmap for the improvements aligned with the business context, available funding and operational requirements.

Subject matter expertise for a global cybersecurity association

Our client, one of the world’s largest association of certified cybersecurity professionals, delivers a globally recognised suite of certifications and learning pathways that shape the industry’s standards. With a commitment to excellence and credibility, the association sought to strengthen the integrity and security of its certification lifecycle and digital learning environments.

We provided deep subject matter expertise for their education and certification assessment programs.

Our recommendations were grounded in technical rigour and aligned with the organisation’s strategic objectives and global reputation. We delivered timely, comprehensive outcomes that prioritised enhancements based on impact, feasibility, and resource alignment—ensuring that the association can continue to lead with confidence in an increasingly complex digital environment.

vCISO services for a multi-billion dollar Australian financial services provider

An Australian super fund, managing a multi-billion dollar investment portfolio on behalf of members, engaged Novera to provide virtual Chief Information Security Officer (vCISO) services, seeking expert guidance to strengthen its cyber resilience and meet evolving regulatory expectations.

Our engagement began with a comprehensive gap assessment against the requirements ofAPRA CPS 234, identifying areas where existing controls needed enhancement to meet the standard’s expectations for information security capability, testing, and governance. Working closely with internal stakeholders and board-level risk committees, we developed aprioritised roadmapthat aligned compliance obligations with practical, resourced initiatives. This included a completerestructure of the fund’s Information Security Management Strategy, ensuring it was risk-based, fit-for-purpose, and integrated with the broader enterprise risk management framework.

Through our vCISO model, the fund gained access to deep subject matter expertise, regulatory insight, and pragmatic leadership—without the overhead of a full-time executive appointment. The result is a clearer security posture, stronger governance, and greater confidence in the fund’s ability to protect member data and maintain regulatory compliance.

Consulting expertise for a contractual legal dispute

A leading law firm engaged Novera to provide consulting expert services in a high-stakes litigation matter involving a significant data breach that caused substantial financial harm to their client. The proceedings centred on the adequacy of the affected organisation’s cybersecurity controls and the obligations of a third party that contributed to the breach.

Novera’s role was to deliver independent, defensible insight into the technical and governance failures that contributed to the breach. This included a detailed assessment of the breached party’s security posture, policies, incident response capabilities, and alignment with recognised standards and regulatory expectations, including theAustralian Privacy Act 1988,APRA CPS 234, and industry-accepted cyber risk frameworks.

Working closely with the legal team, we provided expert analysis that translated complex cybersecurity issues into clear, actionable findings relevant to the court. Our involvement supported the development of legal arguments, informed discovery strategy, and ultimately strengthened the case for accountability and redress.

Novera’s ability to bridge legal and technical domains enabled the legal team to present a compelling narrative, grounded in industry-standard expectations and objective evidence of control failures.