In the midst of the pandemic, Deloitte consultants and security architects Matt Lowth and Peter van Oosterom decided to plunge headfirst into the security advisory space with their own business.
That move has paid off. Today, their 45-person Melbourne-based security consultancy Astralas is making a name for itself in the utilities, private health and banking sectors.
Offering security architecture, engineering, automation, identity access and management, and cloud consulting, Astralas more than doubled its revenue to $7.2 million in the 2022-23 financial year, earning it tenth place in the 2023 CRN Fast50.
We spoke with Lowth about the firm’s origins and rapid growth.
“Peter van Oosterom and I started a small business doing security architecture and advisory style work,” he said.
“I think we wanted to try our own thing and see how we might be able to provide a service to customers that was perhaps a little bit different to what other people in the industry are doing.”
“…we had a customer in healthcare that was willing to give us a go, which was wonderful, and then I was doing some work at one of the banks at the time, and from there, it's one of those things; you help people and do a good job and hopefully when a customer goes somewhere they bring you with them.”
“Most of our work is in strategies, planning and design and build phases, so a large portion of our work is to help a client with…their security strategy or their business or their tech strategy, but obviously, with a predominately security focus.”
“We spent quite a lot of time working with customers on that strategic…the front-end of security, the direction roadmap, and the nature of the work we [did] really resonated.”
The company has also built an impressive team.
“We've got the highest collection of very senior security professionals in a company [that’s equivalent to a company] double or triple our size,” he said.
“We're very specialised and very highly technically competent, so we tend to get tapped on the shoulder for the planning, the strategy type work.”
“I think the other thing too is there's been a big uptick in interest in demand around the government's [Security of] Critical Infrastructure Act, and obviously board obligations around cybersecurity.”
“[The Act] covers energy, it covers financial services, it covers health care, it covers education. This is the beauty of that sort of stuff; it wasn't just a single sector for us, it was a bunch of different sectors.”
“The government has just released a new cybersecurity strategy, and so I think there'll be a big focus on that and a bunch of things in the coming year as well.”
Problem solvers
“I'm sure there's many companies that do [similar work to Astralas] and some do that quite well, but I think the way we do it, we focus on problem solving, rather than product selecting,” Lowth said.
“While we work in all of the clouds, and we work with all of the products, we don't really sell any specific products, other than people and advice and our own IP.”
“That allows us to be candid about what we do and don't like, and while there's a wealth of amazing products out there, it's not always the right tool; so not every client needs the same product, right?”
“I think that sort of thing is quite helpful, so we really slot into that trusted advisor role.”
“We do engagements where we're part of a broader team of a collective of third parties. We work in projects where we're assisting the team and we do things where we're on our own.”
“I don't think we have a monopoly on one outcome versus another. But I think the nature of the stuff we do tends to mean we get engaged for the more deeply technical problems.”
“I'm really, really proud of the team that's got a reputation now.”
“We're starting to have people recognise the nature of the people we have, the nature of the work we do, and that opens doors for us as well.”
Lowth wanted to help clients think about security earlier in their strategic planning, “because that's where I think the real value is.”
“The reality is everybody is spending more of their time worrying about cybersecurity, so the more people that think about that at the start of their broader business and technology strategies, the less expensive it is to do.”
“Tacking security on at the end of the project is very expensive; thinking about it from the outset means you get that built in rather than tacked onto the side. That seems to be a lot more cost effective.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
