Discover how St John WA, Australia’s largest ambulance service, transformed its cyber governance and board reporting with Avertro CyberHQ®. Streamlining compliance, improving visibility, and driving executive confidence in every decision.
For more than 130 years, St John WA has been at the heart of Western Australia’s health and emergency response system. As the state’s primary ambulance provider and the largest single ambulance service in the world by geography, the organisation also delivers first aid training, urgent care, patient transport, and a wide range of community health services.
Behind this legacy of care sits a modern cybersecurity challenge safeguarding the sensitive health data of millions of Western Australians whilst ensuring ambulances, clinics, and digital systems remain operational every second of the day.
“Our mission is to protect the community’s data and ensure the ambulance service is always available when lives depend on it,”
Andrew Bullen, Manager of Cyber Security, St John WA.
Like many large, long-established organisations, St John WA’s governance and risk management practices had become fragmented over time. Key information lived across spreadsheets, Word documents, and various internal tools, making it difficult to maintain a single, accurate view of its cyber posture.
“You end up cobbling together tools just to keep up,” Bullen explained. “Reporting to the board or responding to audits meant digging through multiple systems and manually compiling data. It was time-consuming, slow, and not dynamic.”
As a highly audited organisation operating under government contract, St John WA needed a way to centralise its cyber data, align risk and compliance, and provide consistent visibility to executives, the board and auditors alike.
Legacy GRC tools were too cumbersome and costly for a small internal team to utilise. Spreadsheets, meanwhile, couldn’t scale or provide structure. The organisation needed a cyber-specific governance platform that provided real-time data, something powerful enough to manage risk and compliance, but intuitive enough for day-to-day use.
After a competitive review, St John WA selected Avertro’s CyberHQ® for its unique ability to bring together cyber posture, risk management, issue tracking, and program management into one platform.
“CyberHQ® gave us the middle ground we were missing. It puts everything in one place, our maturity, risks, issues, and improvement programs and makes it easy to show exactly how our initiatives reduce risk and improve posture,” Bullen said.
Implementation was swift. Within days, the Avertro team provisioned an environment and provided hands-on training. Within a week, the cybersecurity team had mapped its maturity against the NIST Cybersecurity Framework, customised its risk view to reflect internal impact categories, like health outcomes and public safety and began tracking improvement projects directly within the platform.
“The board doesn’t care what tool I use, they care about the quality of information,” said Bullen. “With CyberHQ®, I can answer questions in seconds and demonstrate how a project directly reduces risk.”
Since deploying CyberHQ®, St John WA has achieved measurable gains in efficiency, visibility, and decision-making:
“Our GRC specialists came from large environments using legacy GRC Solutions” said Bullen. “They were surprised by how intuitive CyberHQ was. It’s built for cybersecurity professionals, it does what it’s designed to do, and it does it exceptionally well.”
Among the most valued capabilities is Avertro’s Threat Modelling feature, which overlays the MITRE ATT&CK framework to map potential threat actors against controls, instantly revealing coverage gaps and priority areas.
“It’s the kind of feature you don’t expect in a tool like this, but it’s incredibly powerful,” said Bullen.
For St John WA, Avertro aren’t just a vendor, they’re a partner. The CyberHQ® team has consistently incorporated customer feedback into its product roadmap, releasing features that directly reflect real-world needs.
“They’ve surprised us time and again with new features,sometimes things I didn’t even know I needed until I saw them,” said Bullen. “It’s a two-way street. They listen, respond, and evolve the platform to make our jobs easier.”
Recent updates, including AI-driven insights, continue to enhance how the organisation prioritises risk and communicates cyber investment value.
CyberHQ® has become a foundational platform for St John WA’s cybersecurity function,driving more informed decisions, faster governance cycles, and greater executive assurance.
“It makes my life easier in managing the cybersecurity function and builds confidence with our board and executive team,” Bullen concluded.
Join organisations like St John WA who are transforming how they manage cyber risk, compliance, and executive reporting with Avertro’s CyberHQ®. Discover how you can centralise visibility, automate assurance, and make cyber decisions that drive business confidence with a platform that is built for GRC professionals and specific for cybersecurity.
Interested in learning more about CyberHQ®, schedule a demo or book a discovery call today: https://www.avertro.com/contact
Experience the power of a connected, automated platform that empowers you to Simulate Attack Paths, Automate Compliance, and Quantify Risk centrally.
28 Geary St, Ste 650 #1686
San Francisco, CA 94108 United States
81-83 Campbell Street
Surry Hills NSW 2010 Australia
