About Toowoomba Grammar School

Founded in 1875, Toowoomba Grammar School (TGS) is one of Queensland’s oldest and most prestigious boys’ schools. Serving over 1,200 students from Prep to Year 12, including 300 boarders, the school balances academic excellence with a strong commitment to innovation, care, and values-led leadership.

Recognised as a Microsoft Lighthouse School, TGS continues to invest in future-ready infrastructure, including a new Design, Engineering, and Technology Centre focused on robotics, VR, and collaborative learning. With its large staff base, historic campus, and critical responsibility for student data, cybersecurity is a school-wide priority.

The Challenge

In late 2021, TGS identified a growing need for greater cybersecurity visibility, better after-hours protection, and clearer cyber risk reporting. The school’s internal IT team, already managing a busy mix of infrastructure and day-to-day support, needed a way to reduce alert fatigue and focus on long-term goals.

While the school had protective controls in place, there was limited capability to detect or respond to incidents occurring outside business hours, a critical gap for a boarding school with 24/7 operations. The internal team needed assurance that if something slipped past defences, it would still be caught and actioned quickly.

The school wanted a trusted partner who could bring both technical capability and practical understanding of the education sector.

The Results

Secure ISS worked closely with TGS’s IT leadership team to review their existing controls and align monitoring priorities with real risks. This included onboarding all critical infrastructure, from servers and firewall logs to Microsoft 365 and staff endpoints, into the Secure ISS Managed SIEM platform.

This data is continuously analysed by the Secure ISS Security Operations Centre (SOC), providing live visibility into system events and proactive notifications when anything unusual occurs.

Trusted Cybersecurity Advisory

From the outset, TGS turned to Secure ISS as a go-to partner for trusted advice, not just technology. Ron, the Head of IT, regularly engages Secure ISS leaders for input on everything from board reporting to broader cyber strategy.

“What I value most about working with Secure ISS is the people. When I pick up the phone, I know someone I trust will answer, and they’ll understand the school, our environment, and what we’re trying to achieve. Whether I need input on strategy or help in the moment, the response is always thoughtful, clear, and timely.” — Ron, Head of IT, Toowoomba Grammar School

Layered Security with Continuous Insight

Secure ISS first deployed Security Event Monitoring (SIEM/SOC), giving the school real-time visibility into its environment, particularly important outside business hours.

Additional capabilities have been added overtime, including Continuous Vulnerability Assessment and Tripwire to monitor file integrity on key systems. While TGS uses Sophos for endpoint protection, Secure ISS also deployed SentinelOne IR licences on critical assets.

In 2024, Secure ISS implemented vRx, an automated vulnerability and patch management tool that continuously scans for unpatched software and applies updates safely. This has reduced manual patching effort and closed common attack paths faster. Ron has since shared the benefits of vRx with other schools in the region, highlighting its ability to improve security posture while reducing operational overhead.

What the Data Shows

Over the past year, Secure ISS has logged:

• 7.2 billion+ events across firewall, endpoints, Microsoft 365, and more
• 67,000+ interactions with known malicious IPs, mostly from the Guest Wi-Fi network
• 54 confirmed offenses, including suspicious login attempts and misconfigured admin privileges
• Zero high-impact incidents requiring escalation beyond SOC containment

Real-Time, Human-Led Response

The Secure ISS SOC operates under a strict Service Level Agreement (SLA):

• Critical (P1): Acknowledged within 30 minutes, client notified within 60 minutes
• High (P2): Acknowledged within 60 minutes, client notified within 2 hours
• Medium (P3): Acknowledged within 4 hours
• Low (P4): Acknowledged within 8 hours

Each incident, no matter the severity, is reviewed and resolved collaboratively with the school’s IT team. Secure ISS ensures key stakeholders are looped in early, and remediation is guided by context, not just alerts.

Personalised Support That Builds Trust

One of the biggest differentiators for TGS has been Secure ISS’s responsiveness and personalised approach. Monthly meetings, ad hoc support calls, and open lines of communication mean the school team always feels supported, and never like just another client.

Secure ISS also shares knowledge across the sector, helping Ron and his team stay ahead of education-specific risks and trends.

A Security Partner That Understands Schools

For TGS, the partnership with Secure ISS has gone beyond dashboards and alerts. It’s about peace of mind, knowing someone’s watching, and ready to act.

At Secure ISS, we believe Australia is secure when Australian talent defends it. That’s why our 24/7 Security Operations Centre is fully sovereign and staffed by local experts. We combine AI-accelerated detection with human-led response, grounded in legal and cultural context.

For schools like TGS, that means fast support, trusted advice, and confidence their systems are protected by people who understand both cybersecurity and education.

Looking for a security partner who understands your school? Learn how Secure ISS can support you