About — DaveOnCyber | AI Governance & Cybersecurity Advisory
AI Governance · SaaS Security · Cyber Education

The inside view.
Applied commercially.

Built on careers inside Australia’s largest financial institutions, this practice translates deep enterprise security architecture into practical governance outcomes for Australian mid-market organisations.

Book a diagnostic call View AI Governance Advisory →
Dave Krunal

CISSP · AI Governance & SaaS Vendor Risk Advisor

  • Security architect at NAB and ANZ — board-level risk decisions from the inside.
  • CISSP-certified with enterprise experience across financial services, government, and healthcare.
  • Aligned to NIST AI RMF, APRA CPG 234, and the Australian Privacy Act 1988.
  • Fixed-fee, structured engagements — no retainers, no scope creep.
Who we are

Experience no framework can replicate.

This practice was built from the inside out. With careers as security architects at NAB and ANZ, we sat at the table where AI governance decisions were made — and where they were deferred, ignored, or delegated without accountability. We know the difference between a defensible governance position and a document that won’t survive an audit.

We work with Australian financial services firms, professional services practices, healthcare organisations, and ASX-listed mid-caps. These are businesses that carry genuine regulatory exposure — APRA, Privacy Act, incoming AI regulation — and need a real advisory relationship, not a templated output from a generalist consulting firm.

Every engagement is fixed fee, structured, and delivered to board standard. Our approach is grounded in the NIST AI Risk Management Framework and calibrated to the Australian regulatory context. We do not lock clients into retainers. We earn ongoing relationships by delivering outcomes that matter.

We bring one consistent discipline to every engagement: clarity over complexity. Executives do not need frameworks explained to them. They need a defensible position, a clear accountability map, and confidence when the auditors arrive.

NIST AI RMF APRA CPG 234 Privacy Act 1988 CISSP ISO/IEC 42001
15+

Years of enterprise security architecture across Australia’s largest institutions.

4 wks

Typical delivery timeline for board-ready AI governance foundations.

0

Junior consultants. Every engagement is delivered by the principal advisor.

Expertise

Three disciplines. One commercial focus.

Our practice sits at the intersection of AI governance, vendor risk, and security capability. All three point toward the same outcome: reducing organisational exposure before it becomes a board issue.

AI Risk & Governance

Structured AI use inventories, risk registers, accountability frameworks, and board-ready governance policies aligned to NIST AI RMF and Australian regulatory expectations.

SaaS & Vendor AI Risk

Due diligence frameworks for SaaS vendors using embedded AI. Assess third-party AI risk before it creates APRA or Privacy Act exposure — not after a vendor incident forces the question.

Security & AI Education

CISSP preparation, responsible AI awareness, and SaaS vendor due diligence training delivered at every level of the organisation — on-site or on-demand.

Who we serve

Built for Australian mid-market organisations.

We work with businesses that carry real regulatory exposure and need genuine expertise — not generalist reports. Typical clients sit between 200 and 2,000 employees.

Financial services — non-Big 4 banks, credit unions, insurers
Professional services — law, accounting, consulting firms
Healthcare & aged care organisations
ASX-listed mid-cap companies
Government-adjacent and regulated entities
Organisations preparing for APRA, ISO 27001, or SOC 2 review
Our philosophy

Clarity over complexity.

Most governance problems are not technical problems. They are accountability problems. We do not add complexity — we remove it. Every engagement ends with a clear position your board can stand behind and your auditors can examine.

“If your auditors asked tomorrow to see your AI governance framework — what would you show them?”

— The question that opens most of our engagements
Advisory Offer

AI & Risk Advisory Governance

Board-ready AI governance — delivered in four weeks, fixed fee. No scope creep. No junior consultants. A defensible governance position your directors can stand behind.

AI Governance Foundations

NIST AI RMF aligned · APRA CPG 234 · Australian Privacy Act

Fixed Fee · 4 Weeks · Board-Ready
What you receive
  • AI use inventory — shadow AI audit & approved tools register
  • AI risk assessment — likelihood, impact, accountability gaps
  • AI governance policy — fit-for-purpose, plain English
  • Vendor AI risk framework for SaaS & third-party tools
  • Board and executive one-page AI risk summary
  • Governance accountability map — who owns what
  • 90-minute board or executive team briefing
  • Gap analysis against NIST AI RMF GOVERN function
Delivery

4 weeks. Structured interviews, document review, gap analysis, policy drafting, and executive presentation.

Who it is for

CRO, CISO, CDO, COO and risk-accountable leaders at Australian mid-market firms.

Engagement model

Fixed fee. 50% upfront. No retainer lock-in. Retainer available at engagement close.

Book 30-min discovery call Full offer details →

Start with a conversation.

A Book 30-min discovery call. No sales pitch. Just the right questions.

Book a diagnostic call