About Vitals Cybersecurity
Cybersecurity expertise built on a genuine understanding of how healthcare works.
Curtis Smart, CISSP
Vitals Cybersecurity is a one-person consultancy. When you work with us, you work directly with Curtis — not a project manager or a junior analyst.
Curtis holds the Certified Information Systems Security Professional (CISSP) certification and has 9+ years of experience across cybersecurity consulting, risk assessment, and security policy development. He is also part of the team at Miga (Medical Insurance Group Australia), where he works alongside the medical indemnity sector — giving him a sharp understanding of the regulatory and risk landscape that Australian healthcare providers navigate.
Before moving into cybersecurity, Curtis worked as a hospital orderly. That experience — the early mornings, the patient handovers, the constant busyness of a clinical environment — shapes how he approaches every engagement. He understands that a medical practice is not a tech company, and that the people working in it are focused on patient care, not IT.
Certification
CISSP (Certified Information Systems Security Professional)
Experience
9+ years in cybersecurity consulting, risk, and policy
Also works at
Miga — Medical Insurance Group Australia
Healthcare background
Former hospital orderly — understands clinical environments firsthand
Location
Adelaide, South Australia
Why healthcare?
Most cybersecurity consultants treat a medical practice like any other small business. It isn't.
Genuinely understands the environment
Having worked in a hospital, Curtis knows what a busy clinical day looks like. Security guidance that ignores the realities of patient care doesn't get followed — and that's a security risk in itself.
Knows the regulatory landscape
Through both specialist cybersecurity work and his role at Miga, Curtis understands the Privacy Act, APPs, NDB scheme, RACGP Standards, and the unique obligations that apply to healthcare providers.
Speaks plainly
Practice managers and GPs shouldn't need a glossary to understand their security risks. Advice is given in plain language, with clear priorities and practical next steps — not a wall of technical jargon.
How we work
Every engagement is structured to be straightforward, with no surprises on scope or cost.
Practical, not theoretical
Recommendations are grounded in what's actually achievable for a medical practice — not best-case-scenario advice that looks good on paper but isn't actionable.
Fixed-fee pricing
Every engagement is scoped and priced upfront. No hourly billing surprises, no scope creep charges. You know the cost before we start.
Healthcare-specific
Our work is built around the regulatory frameworks, systems, and operational realities of Australian medical practices — not recycled from a generic cybersecurity template.
Direct and accessible
You work directly with Curtis throughout the engagement. Questions get answered promptly, and advice is given in plain language your team can act on.
Ready to have a conversation?
Start with a free online security check, or get in touch directly to discuss your practice's needs.