Security Assessments
Strategy & GRC
Incident Response
SERVICES
Red Team

A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.

AI Security Assessment

AI Security Assessments evaluate the resilience of your AI systems and help you safely deploy AI applications in your environment

Purple Team

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

Penetration Testing

A Penetration Test uses offensive expertise to simulate real-world attacks on your systems and applications, identifying and helping you remediate security gaps.

Security Uplift

A comprehensive analysis and remediation plan which aims to tangibly reduce organisational risk in the short-medium term for key cyber security scenarios.

SERVICES
vCISO

Our expert team can operate as an embedded part of your organisation, either as a vCISO or embedded security team.

Security Maturity Assessments

Our team helps your baseline your cyber security control and capability effectiveness and performance.

Cyber Risk Management

We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas. 

Cyber Strategy & Roadmap Development

Our team helps you define a long-term path forward based on your risk profile.

SERVICES
Incident Readiness

Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents.

On-Call/Emergency Incident Response Retainer

Our team will identify threats, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.

Post-Incident Response Analysis and Remediation

After an incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence. 

Board & Advisory Education

Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.  

Explore All Services

Board & Advisory Education

Executive and Board services

Boards carry the ultimate responsibility for overseeing cyber risk and ensuring the organisation’s resilience. It is their duty to define an acceptable risk threshold, understand the real-world threats their organisation faces, and ensure appropriate plans are in place to mitigate them.
 
We provide expert advisory support to boards and executives—whether as a proactive partner helping shape your cybersecurity strategy or as an on-call resource for technical and risk-driven decisions. Our role is to augment the board’s capability, offering clear, practical guidance on navigating complex cyber challenges.

Talk to us

Outcomes

Informed decision making

Access cyber security experts who can translate technical jargon to business impacts  

Regulatory compliance

With increasing requirements and liability for executives, ensure you are meeting your legal duties  

Cyber safe culture

Setting the right tone and culture from the leadership will build a long-lasting cyber safe culture 

Our Services

Prevent

  • Define acceptable cyber risk levels
  • Identify, monitor and treat cyber risks and governance
  • Interpret and distill technical security reporting to stay informed and make informed decisions

Respond

  • Independent expertise to respond to and manage a cyber crisis
  • Interpret technical incident management reports
  • Communicated effectively with management and other stakeholders

Prepare

  • Prepare and train board members on their duties and responsibilities during a crisis
  • Create incident response plans and checklists
  • Facilitate and document key decisions boards can make
  • Train and practice to improve response

Recover

  • Provide post-incident assurance of threat eradication
  • Assess effectiveness and prioritisation of remediation and recovery plans
  • Facilitate workshops to review existing procedures and processes based on lessons learned from the incident

Our Board & Advisory Education Experts

Our team works closely with boards of private and public companies helping solve real-world problems

Adi Ashkenazy

Adi Ashkenazy previously served as deputy director of an elite cyber technology department in the Israeli government, leading Israel’s finest engineers and security professionals through some of the world’s most complex cyber security challenges.



In addition, he served as VP Product for XM Cyber, where he designed the world’s first fully automated red team solution, an achievement for which the company received the world economic forum technology pioneer award and numerous patents.



As part of his broader cyber security interests and activities, Adi commonly presents his work at leading conferences such as RSA while serving as a commentator and thought leader for leading cyber security media outlets.



Mr. Ashkenazy holds a B.Sc. in computer science and M.Sc. in information technologies from Tel Aviv University, where he earned several scholarships for academic excellence and graduated summa cum laude.

Read more

Jennifer Vu

Jennifer is the Head of Advisory Services and leads the cyber strategy and GRC capability at Skylight Cyber.


As an experienced cyber security consultant, she specialises in delivering pragmatic and risk-driven cyber security strategies, assessments and cyber risk management services to her clients. Jennifer has engaged with CISOs and cyber security teams to build their security organisations and successfully gain funding for their programs. She also has experience in getting into the weeds of cyber risk management to design, implement and run client's GRC processes and capabilities.


Additionally, in her most recent previous role at NSW Government, she has helped create the 2021 NSW Cyber Security Strategy and led the development and delivery of the first NSW government-wide training sessions for executives and senior management across all departments of NSW government.


Jennifer holds a Bachelor of Information Systems (Co-op) (Honours) from the University of New South Wales (UNSW).

Read more

Jimmy Hong

Jimmy is a senior cyber security and strategy consultant, specialising in cyber risk management and governance, and cyber security strategy. He excels in customising critical industry standards such as the ISM, ACSC Essential Eight, ISO 27001, and NIST to align with the unique needs of client organisations, as well as a deep understanding of regulatory compliance requirements such as GDPR and PDPA. This ensures their cybersecurity strategies are effective and well-integrated with business objectives.

Additionally, Jimmy is skilled in information security contractual negotiations and third-party risk management, providing comprehensive safeguards and compliance strategies for organisations.


Jimmy’s consultancy work covers a broad spectrum of sectors, including government agencies, private entities, and global financial institutions. His impact is noted with significant contributions for clients across Australia, Europe, and Asia.


He holds a Bachelor and Master of Electrical Engineering with a focus in Telecommunications from the University of New South Wales.

Read more

Mischa Tanne

Mischa is senior cyber security consultant with comprehensive experience delivering governance, risk, and compliance engagements. He has worked with clients to assist them in complying with industry standards and frameworks as well as regulations and laws, including ISO 27001, NIST CSF, ACSC Essential Eight, and GDPR. Mischa has also served as a vCISO, acting as the client’s on-call cyber security expert while also coordinating efforts to increase security practically. Mischa always makes an emphasis to provide business-led cyber security advice in order to provide practical advice to uplift maturity that has the most benefit.


Mischa’s consulting experience has included engagements with national, state, and local governments, public, and private sector clients, across both the APAC and EMEA regions.


He holds a Bachelor of Economics and a Bachelor of Art from the University of Sydney with majors in Econometrics, Financial Economics, and Political Economy. In his focus on continual development, he has also attained industry certifications including CompTIA Security+, and ISC2 Certified in Cybersecurity.

Read more

Speak to our team

Talk to us

FAQs

Is the education once off or can it be programmatic?

We can tailor education programs based on the requirements of your organisation. This can be an on-going program or once-off organisational wide focus.  

How do you keep up with the evolutions in the threat landscape? 

As we work across a wide range of organisations and industries, we encounter the evolution of attack methods on a daily basis which we use to inform our education. This includes all the tools, techniques.

How do you create the scenarios for simulations?

Our simulations are a blend of what we see in the field and your unique organisational profile. We understand your organisation in-depth and tailo a highly realistic simulation to test your readiness. 

What happens if our employees or executives fail simulations?

The purpose of a simulation is not to pass or fail, but to learn to ensure readiness in the event of an attack. We use these simulations to enhance the capability of everyone in the room. 

Copyright © 2025 Skylight Cyber All rights reserved.
Privacy Policy