With a goal to advance Indigenous employment and economic development in Australia, Chris Goldsmith, an Indigenous business executive with extensive experience in a variety of industries and David Glavonjic, a seasoned executive with extensive CEO and board experience joined forces to form the Dreamtime.

Dreamtime’s vision is to develop an Indigenous business built on strong ICT capabilities and specialising in Cyber Security for Government and for business. Its services include monitoring, evaluation, documentation, integration, auditing and consulting.

Dreamtime specialises in delivering:

IT support and management, simply priced

Security Incident and Event Management as a Service (SIEMaaS).

Dreamtime’s Security Incident and Event Management as a Service (SIEMaaS) offering has been designed to provide convenient, enhanced security event visibility to organisations in order to provide context across the client’s IT landscape. Dreamtime has partnered with three industry leading providers of SIEM technology to create SIEMaaS that can be tailored to the clients current and proposed future states.

Find Out More

ICT Security Business as Usual (BAU) as a Service.

Dreamtime can provide the complete range of ICT security services for your day to day security needs, from embedding specialist security consultants within your project or ICT Security team, to providing an external independent assessment service.

Find out more

Email Gateway and Protection.

Dreamtime provides a comprehensive email gateway protection utilising Sophos Cloud Email Security services. Sophos Email Security comes with all the features required to ensure your email is protected.

Find Out More

Server and Desktop Application Whitelisting.

Application Whitelisting is a security approach designed to protect against malicious code (also known as malware) executing on systems. When implemented properly it ensures that only authorised applications (e.g. executables, software libraries, scripts and installers) can be executed.

While Application Whitelisting is primarily designed to prevent the execution and spread of malicious code, it can also prevent the installation or use of unauthorised applications.

Dreamtime provides an Australian Cyber Security Centre (ACSC) compliant Application Whitelisting managed service. Dreamtime utilises Airlock Digital as the whitelisting enforcement system.

Find Out More

Governance, Risk and Compliance (GRC) Support.

Dreamtime GRC services are designed to assist an organisation’s executives, management and ICT security teams to develop or enhance an overall program to manage organisational risk.

Our specialised ICT security experts will provide an independent assessment of the clients’ current information security program and policies, which can lead to better risk mitigation and business delivery optimisation, and enhanced communication and elevated reputational advantage. Our GRC services can provide organisations with a baseline assessment against ASD ISM, including Essential 8 maturity modelling or any other standards.

Dreamtime can also review or develop Security Threat Governance Frameworks, and other documentation necessary to meet regulatory or compliance requirements.

Find Out More

IRAP Assessments.

Dreamtime provides IRAP assessments as per ASD’s Information Security Registered Assessors Program (IRAP).

This service can be used for providing advice for, and assessments of:

  • Systems delivering services to Federal and State Governments;
  • Gateways;
  • Specialised Government network connections;
  • Government systems;
  • System documentation, and
  • Risk mitigation.
Find Out More

Penetration Testing.

Dreamtime can review and test the security of an application, whether a web application, a thick-client, a mobile application, or other application type.

Conducted through a combination of design review, code review, and application penetration testing, Dreamtime can help clients understand a system’s risk profile, and where relevant, reduce the risk before going ‘live’.

A Penetration Test (also known as Ethical Hacking) is an authorised intrusion attempt targeting an organisation’s ICT infrastructure, applications and staff, with the aim of gaining access into its virtual assets. The purpose of this test is to harden security defences by eliminating vulnerabilities and advising on areas that are susceptible for compromise.

Find Out More

Security Documentation.

Security documentation can be used to define an organisation’s cybersecurity strategy and how to protect their systems.

Security documentation, such as the system security plan, incident response plan, continuous monitoring plan, security assessment report and plan of action & milestones, support the accurate and consistent application of policies, processes and procedures for systems.

As such, it is important that they are developed by personnel with a good understanding of security matters, the technologies being used and the business requirements of the organisation.

Find Out More


Contact us