High-end cyber security services
What we do
We guide our customers in designing and building an efficient and effective security stack tailored to their risk tolerance.
We achieve this by combining in-depth business risk analysis with hands-on offensive cybersecurity expertise, ensuring that every layer of protection is resilient and aligns with their unique threat landscape and organisational goals.
Our Leadership Team
Skylight Cyber is founded by global pioneers in the cyber security space. Our experience includes government intelligence, Big 4 consulting and innovative cyber product development. We regularly publish original research works on the cutting edge of offensive security.
Adi Ashkenazy previously served as deputy director of an elite cyber technology department in the Israeli government, leading Israel’s finest engineers and security professionals through some of the world’s most complex cyber security challenges.
In addition, he served as VP Product for XM Cyber, where he designed the world’s first fully automated red team solution, an achievement for which the company received the world economic forum technology pioneer award and numerous patents.
As part of his broader cyber security interests and activities, Adi commonly presents his work at leading conferences such as RSA while serving as a commentator and thought leader for leading cyber security media outlets.
Mr. Ashkenazy holds a B.Sc. in computer science and M.Sc. in information technologies from Tel Aviv University, where he earned several scholarships for academic excellence and graduated summa cum laude.
Shahar Zini previously served as CTO of an elite cyber technology department in the Israeli government. He had a significant role in leading the development and enhancement of the department's technological capabilities, while mentoring the new generation of cyber security professionals.
Shahar won the Israeli Defence Award at the age of 25. In addition, Shahar served as Chief Architect at XM Cyber, a pioneer in Breach and Attack Simulation technologies, where his work received numerous awards and patents.
Shahar commonly shares his passion about cyber security with his peers through CTF events he builds, and participation in leading conferences, including RSA.
Our Services
We believe that cyber security is a continuous journey, and our role is to serve as a trusted guide. We have designed a set of services that aim to assess where you are in your cyber security journey, where you should be, and how we can get you there in the most efficient way.
Security Assessments
Security assessments aim to test the controls of an application, system or even an entire network. Our experts will identify vulnerabilities across your security stack and provide pragmatic remediation advice until issues are fully restored.
Red Team
A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.
By emulating realistic attack scenarios, Red Team exercises assess the effectiveness of the security stack in preventing, detecting and responding to cyber-attacks.
Red Team exercises balance realism with safety, helping to identify prioritised gaps in security and raising organisational awareness, ultimately strengthening overall resilience.
Our Red Team services include:
- Classic Red Team
- Advanced Red Team
- Assumed Breach
- Continuous Red Team
- CORIE
Product Security & Penetration Testing
A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications.
By targeting vulnerabilities in your infrastructure, applications, or networks, we identify weaknesses that could be exploited by malicious actors. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.
The findings allow you to prioritise and remediate these vulnerabilities before they can be exploited, ensuring your systems remain secure while enhancing your overall security posture.
Purple Team
A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.
By simulating real-world attack scenarios, the Red Team works alongside your Blue Team to define tactics, techniques, and procedures (TTPs) that should be detected and prevented by your existing security controls. Any gaps in control effectiveness are quickly identified, investigated, and addressed through iterative cycles, ensuring continuous improvement.
This collaboration not only strengthens your security defences but also raises awareness and enhances the skills of your defensive teams.
Security Uplift
A comprehensive analysis and remediation plan which aims to tangibly reduce organisational risk in the short-medium term for key cyber security scenarios.
An uplift encompasses deep analysis of threat profiles and realistic risk scenarios to define attack paths, in-depth technical testing to validate and uncover risks, and build a pragmatic plan to mitigate immediate critical deficiencies.
Incident Response
Incidents are inevitable. Our team help prepare, mitigate, eradicate incidences and provide root-cause analysis to prevent future risk.
Incident Readiness
Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents. Our incident readiness service minimises impact, enhances resilience, and ensures you're prepared for the unexpected.
Post-Incident Response Analysis and Remediation
After the incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence.
On-Call/Emergency Incident Response Retainer
Our team will identify the threat, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.
Board and Executive Tabletop Simulations
Boards and executive teams need to be prepared for a cyber incident. Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.
Strategy & GRC
We help build pragmatic risk-based strategies and perform assessments against industry best practice frameworks.
Cyber Strategy & Roadmap Development
Defining a long-term plan is important to ensuring that your organisation has a proactive approach to security.
Our team helps you define a long-term path forward based on your risk profile with a pragmatic plan and operating model to uplift and maintain security in your organisation.
Security Maturity Assessments
Our team helps you baseline your cyber security control and capability effectiveness and performance by conducting in-depth assessments including:
- NIST CSF v1.1 and 2.0
- ISO 27001/2
- CSF
- Essential 8
Technical Due Diligence
Investing in or acquiring a company carries a cyber security risk that can manifest itself in impairment to the target.
Our team uses a bespoke methodology to provide an assessment of both the existing level of risk and a quantification of the gap towards a desired target state, including a detailed remediation plan.
Cyber Risk Management
We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas.
- BAU Process
- Third-Party Risk
- Control Library
- Risk and Threat Modelling
- Cyber Reporting Metrics
- Risk Assessment Capability Design
vCISO and embedded Security Team
Our expert team can operate as an embedded part of your organisation, either as a vCISO or security team to help you uplift, mature and maintain security capabilities and controls until you are ready to make the next step for in-house security team or looking for the next CISO.
Our Approach
At Skylight Cyber, we aim to take your security posture beyond the point of economic viability for attackers. We work with you on your transformation journey by:
Understanding your business
The first step is understanding how your business works inside and out, and engaging all relevant stakeholders in the transformation process. Threats relevant to your organisation’s profile are mapped out.
Demonstrating the cyber attack path
We demonstrate real cyber attack paths that can be actively exploited in your current IT or OT environment to compromise your critical assets. Only by an offensive security approach can you determine your real exposure.
Matching your controls to your threats
Given what’s at stake, we match realistic controls to your threats to quickly and effectively reduce your risk exposure.
Building a pragmatic cybersecurity strategy
After uncovering your true security landscape, together we build a holistic cybersecurity strategy and program suitable to your resources to maintain an acceptable level of risk.
Provide ongoing advisory support as your security partner
Once you kick-off your new cybersecurity journey, we provide ongoing advisory support as your security partner when you need it. Your security strategy will also continuously evolve as the landscape changes.
Design
Assess
Enhance