Founder & Managing Director
Marc Mendis
Advising Australia's most consequential organisations at the intersection of sovereign technology, artificial intelligence, and critical infrastructure resilience.
Background
Marc Mendis brings 15+ years of experience in enterprise technology, cybersecurity strategy, and digital infrastructure to his role as Founder and Managing Director of ITCSAU. His career spans the full arc of Australia's digital transformation, from early enterprise architecture engagements through to the current convergence of artificial intelligence, energy systems, and national sovereignty.
His advisory practice focuses on the strategic challenges that emerge when technology becomes critical infrastructure. This includes sovereign compute architecture for government and defence, AI governance frameworks for regulated industries, and the complex energy demands of next-generation data centres. Marc's work is grounded in the conviction that Australia's digital future requires deliberate architectural choices, not passive adoption of foreign platforms.
Marc holds deep expertise across the Australian regulatory landscape, including Essential Eight maturity modelling, SOCI Act compliance frameworks, and IRAP assessment methodologies. He advises boards and executive leadership teams on translating these requirements from compliance obligations into genuine organisational capability, ensuring that security posture and strategic ambition remain aligned.
Domains of Expertise
Sovereign AI
Architecting domestically-controlled AI infrastructure and governance frameworks for government and critical industry.
Cybersecurity & Resilience
Essential Eight maturity, critical infrastructure protection, and translating compliance into genuine operational capability.
Energy Grid Intelligence
Strategic advisory on the convergence of energy systems, AI compute demand, and grid modernisation across the NEM.
Authored Perspectives
Strategic insights and analysis on sovereign technology, AI governance, and critical infrastructure.
Powering the AI Ambition: Grid Readiness and the Data Centre Energy Challenge
Australia's AI ambitions hinge on energy grid capacity. AEMO-commissioned forecasts project data centre demand tripling by 2030. Strategic implications for enterprise investment.
The Storage Threshold: Public Capital, Private Assets, Missing Telemetry
Australia's battery rebate funded private storage without grid telemetry. December 2025 addressed capacity; coordination is the next step.
State-Sponsored Cyber Pre-Positioning: Board Imperatives
ASIO's November 2025 warnings on state-sponsored actors targeting Australian critical infrastructure demand immediate board action. Governance framework inside.
Building Resilient Supply Chains in Digital Systems
Strategic framework for C-suite leaders to secure software supply chains, manage vendor risks, and build resilient digital infrastructure governance.
Sovereign AI Infrastructure for Australian Government
Strategic frameworks for building resilient, domestically-controlled AI infrastructure as government agencies navigate unprecedented foreign technology dependency.
The Board's Guide to AI Governance: Moving Beyond Fear and FOMO
AI governance is about accountability, not technology. A five-pillar framework for boards navigating shadow AI, regulatory change, and sovereign AI dependencies.
Electrification of Transport and Industry: The Sponge Effect
The grid does not need more baseload demand; it needs flexible load. The winners of the next decade will be energy users who reshape consumption to match renewable abundance.
The Energy Trifecta: Data Centres, Renewables, and AI
Three forces are converging to reshape energy infrastructure. The AI consuming gigawatt-hours may be the only technology capable of managing the grid it is destabilising.
From Compliance to Capability: Rethinking Essential Eight
Checkbox compliance did not prevent Optus or Medibank. The Control Drift Diagnostic and resilience framework for organisations seeking genuine security capability.
SOCI Act Compliance: Beyond the Checklist
A compliant Risk Management Program will not stop a nation-state actor. True operational resilience demands strategic reframing and honest assessment of board liability.
Begin a Conversation
If your organisation is navigating sovereign technology decisions, AI governance, or critical infrastructure strategy, Marc welcomes the conversation.
Begin Conversation