Security Assessments
Strategy & GRC
Incident Response
SERVICES
Red Team

A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.

Purple Team

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

Penetration Testing

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

SERVICES
vCISO

Our expert team can operate as an embedded part of your organisation, either as a vCISO or embedded security team.

Security Maturity Assessments

Our team helps your baseline your cyber security control and capability effectiveness and performance.

Cyber Risk Management

We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas. 

Cyber Strategy & Roadmap Development

Our team helps you define a long-term path forward based on your risk profile.

Technical Due Diligence

Our team uses a bespoke methodology to provide an assessment of both the existing level of risk and a quantification of the gap towards a desired target state.

SERVICES
Incident Readiness

Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents.

On-Call/Emergency Incident Response Retainer

Our team will identify threats, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.

Post-Incident Response Analysis and Remediation

After an incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence. 

Board & Advisory Education

Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.  

Product Security & Penetration Testing

Uncover hidden vulnerabilities in critical systems

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications.

By targeting vulnerabilities in your infrastructure, applications, or networks, we identify weaknesses that could be exploited by malicious actors. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

The findings allow you to prioritise and remediate these vulnerabilities before they can be exploited, ensuring your systems remain secure while enhancing your overall security posture.  

Talk to us

Outcomes

Identify and remediate system specific security gaps

Uncover and remediate vulnerabilities in critical systems before threat actors can exploit them.

Increase overall security resilience

Strengthen overall organisational security by preventing attack through specific systems and networks.

Ensure regulatory compliance

Penetration testing is often required to meet various industry-specific regulatory standards (e.g., GDPR, PCI-DSS) by validating the effectiveness of security controls. 

Reinforce customer trust 

Demonstrate your organisation’s security maturity through the depth, breadth and frequency of your testing. 

Key Services

Programmatic Product Security & Penetration Testing 

Regular and on-going product security and penetration testing across defined areas, as part of your cyber program.

  • Web applications
  • Mobile applications
  • Internal networks
  • External networks
  • Wireless networks
  • Hardware and IOT

Custom Testing

Security testing on any technological component or large-scale system that requires deep expertise and a tailored approach.  

Our Product Security & Penetration Testing Experts

We bring unparalleled expertise in offensive security to the Australian and global market.

Shahar Zini

Shahar Zini previously served as CTO of an elite cyber technology department in the Israeli government. He had a significant role in leading the development and enhancement of the department's technological capabilities, while mentoring the new generation of cyber security professionals. Shahar won the Israeli Defence Award at the age of 25.

In addition, Shahar served as Chief Architect at XM Cyber, a pioneer in Breach and Attack Simulation technologies, where his work received numerous awards and patents.

Shahar commonly shares his passion about cyber security with his peers through CTF events he builds, and participation in leading conferences, including RSA.

Alex Hill

Alex is an offensive security specialist with a wide range of domestic and international experience. He previously led PwC’s Sydney-based cyber security team as a team lead, mentor, and technical cyber specialist. He personally designed and executed hundreds of bespoke offensive technical assessments and cyber uplifts for some of Australia’s biggest brands.

He prides himself on being able to not only break IT systems though – he also does the hands on building and fixing. Alex has been a go-to cyber specialist for Sydney’s fintech/ startup scene as a security architect – building mature, zero-trust corporate and cloud-only product environments.

He has personally operated live incident response teams for public companies performing the hands-on attack investigation, timelining, and remediation. And he filled in as a virtual CISO for one of Australia’s mid-tier banks for a little over a year.

Over the last few years Alex has continued to focus on the offensive red-team space where he excels at getting the most out of exercises by engaging closely with blue teams. As someone with experience breaking, building, and investigating, Alex is the ideal person to provide technical training to upskill defenders and help them get the most out of their tools.

Alex holds a Bachelor of Information Technology (Co-op) from the University of Technology Sydney and a list of cyber-specific testing and architecture certifications.

Chris Archimandritis

With well over a decade of cybersecurity experience, and almost twenty years of experience in different aspects of IT, Chris has led complex security assessments across every industry, spanning three continents. His experience includes both planning and executing sensitive engagements that encompass, among others, critical infrastructure, industrial and residential hardware, core financial and banking systems, purpose-built devices, and cutting-edge smart deployments.

During this time, Chris has also delivered trainings, workshops, and talks for conferences across the world and the APAC region, such as DefCon and AusCERT.

His previous experience as part of academic research groups has provided the tools to tackle any novel problem and assist organisations with cutting edge solutions and platforms.

Having performed engagements on all levels of abstraction, he not only able to both work on the tools as well as analyse and evaluate high level design, but most importantly is able to bridge the gap of management and engineers to provide the best possible strategy to enhance an organisation’s security posture.

His most recent research interests revolve around hardware security, industrial IoT, smart devices and enterprise data platforms.

Chris holds a Bachelor of Computer Science and a master’s degree in Information Systems and has attended several trainings by some of the world's foremost security experts.

Peter Szot

Peter is a senior penetration tester at Skylight Cyber specialising in Red Team and advanced persistent threat simulations. He has conducted several highly successful Red Team engagements against both locally and internationally situated clients with varying levels of security maturity, whilst achieving stealthy compromise of critical assets.

Constantly striving to improve methodologies, Peter regularly researches new vulnerabilities, and pushes the boundaries of existing technology stacks to circumvent protective measures and help security teams harden systems against modern threats.

Peter previously worked at several cybersecurity consulting companies, working on a vast range of products, from bespoke applications to critical telecommunication hardware.

As such, he has accumulated extensive experience in penetration testing and security assessments across several programming languages and development frameworks.

Peter graduated with Honours (first class) from the University of Sydney and holds a Bachelor of Information Technology.

Speak to our team

Talk to us

FAQs

What is the difference between a Red Team and a Penetration Test? 

A penetration test focuses on identifying and exploiting vulnerabilities in specific systems, networks, or applications, typically with a relatively narrow scope and timeframe. It simulates attacks to assess the security of specific elements of your environment. 


A red team engagement is broader and simulates a real-world, multi-faceted attack over a longer period. It tests not only technical controls but also the organisation’s people, processes, and overall security stack effectiveness. Red teams often operate covertly, mimicking sophisticated attackers to test how well an organization can detect and respond to threats across various vectors, including social engineering.

How is Penetration Testing different from vulnerability scanning? 

Vulnerability scanning is an automated process that identifies potential security issues, while penetration testing involves manual and automated testing by experts who actively try to exploit vulnerabilities to assess their real-world impact

 What types of systems can be tested?

Our penetration testing services cover a wide range of systems, including web applications, mobile applications, cloud environments, network infrastructure, and APIs.

How is the scope of a Penetration Test defined?

The scope of a penetration test is defined through a collaborative process between the client and the testing team. It involves identifying which systems, applications, networks, or data will be tested, and which areas are excluded. 

How long does a Penetration Test take?

The duration depends on the complexity of your systems and the scope of the test. Typically, a test can range from a few days to a few weeks. 

How often should Penetration Tests be performed?

It’s recommended to perform penetration tests at least annually or after significant system changes, such as updates, new deployments, or major infrastructure changes.

Is Penetration Testing mandatory for compliance?

In many industries, penetration testing is required to meet compliance standards like PCI-DSS, GDPR, and HIPAA. Even when not mandatory, it’s often strongly recommended for maintaining a strong security posture.

Copyright © 2024 Skylight Cyber All rights reserved.
Privacy Policy