Security Assessments
Strategy & GRC
Incident Response
SERVICES
Red Team

A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.

Purple Team

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

Penetration Testing

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

Security Uplift

A comprehensive analysis and remediation plan which aims to tangibly reduce organisational risk in the short-medium term for key cyber security scenarios.

SERVICES
vCISO

Our expert team can operate as an embedded part of your organisation, either as a vCISO or embedded security team.

Security Maturity Assessments

Our team helps your baseline your cyber security control and capability effectiveness and performance.

Cyber Risk Management

We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas. 

Cyber Strategy & Roadmap Development

Our team helps you define a long-term path forward based on your risk profile.

SERVICES
Incident Readiness

Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents.

On-Call/Emergency Incident Response Retainer

Our team will identify threats, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.

Post-Incident Response Analysis and Remediation

After an incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence. 

Board & Advisory Education

Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.  

Explore All Services
SECURITY UPLIFT

A risk-driven, pragmatic approach to enhancing your organisation’s security posture

A Security Uplift is a process that aims to discover, assess and mitigate significant cyber security risks in an organisation. The main goal of the uplift is to buy down the short to medium term cyber risk, providing the organisation an opportunity to build longer term cyber capabilities with reduced exposure. 


Talk to us

Benefits

Tangible reduction in cyber security risk correlated to prioritised risks and relevant threats 

Improved communication with C-Suite and board when discussing cyber risk and remediation

Increased technical and threat landscape know-how of the internal security teams  

How it works

The process involves an initial study of how the organisation functions, identifying critical assets for its success and key cyber risk scenarios that would put those assets at risk. Rigorous technical testing is then utilised to assess the likelihood of each scenario materialising, and the main security deficiencies enabling it. The coin is then flipped to identify cost-effective ways of preventing identified attack-paths from materialising, resulting in a prioritised and pragmatic remediation plan. Further analysis is conducted to identify the root-cause of technical deficiencies, uncovering higher-level issues commonly pertaining to processes and culture.  

01

Business Analysis  

Interviews are conducted with key stakeholders and existing documentation is reviewed to map core business flows and identify critical assets essential to the healthy operation of the business.

02

Risk and Threat Profile

Key cyber risk scenarios that carry a significant potential impact to the organisation’s critical assets are identified and articulated, aligned to relevant threat actor motivations. 

03

Technical Risk Assessment

Offensive cyber specialists will apply technical testing to assess the likelihood of risk materialisation  for each of the prioritised risk scenarios. 

04

Remediation Analysis

The security issues identified throughout the engagement are analysed through various lenses, identifying both technical face-value issues as well as systemic and strategic deficiencies.  

Best Suited For

Organisations of all sizes and industries. Note that with larger organisations, it is often best to scope specific business units. 

Best Suited When

  • The organisation’s current risk is out of its risk appetite, and interim measures are needed to quickly buy down the risk while creating longer term capabilities. 
  • After major technological or security posture changes. 
  • After a long period in which no rigorous technical testing was conducted (18-24 months). 

Our Security Uplift Experts

We bring unparalleled expertise in offensive security to the Australian and global market. 

Shahar Zini

Shahar Zini previously served as CTO of an elite cyber technology department in the Israeli government. He had a significant role in leading the development and enhancement of the department's technological capabilities, while mentoring the new generation of cyber security professionals. Shahar won the Israeli Defence Award at the age of 25.

In addition, Shahar served as Chief Architect at XM Cyber, a pioneer in Breach and Attack Simulation technologies, where his work received numerous awards and patents.

Shahar commonly shares his passion about cyber security with his peers through CTF events he builds, and participation in leading conferences, including RSA.

Read more

Alex Hill

Alex is an offensive security specialist with a wide range of domestic and international experience. He previously led PwC’s Sydney-based cyber security team as a team lead, mentor, and technical cyber specialist. He personally designed and executed hundreds of bespoke offensive technical assessments and cyber uplifts for some of Australia’s biggest brands.

He prides himself on being able to not only break IT systems though – he also does the hands on building and fixing. Alex has been a go-to cyber specialist for Sydney’s fintech/ startup scene as a security architect – building mature, zero-trust corporate and cloud-only product environments.

He has personally operated live incident response teams for public companies performing the hands-on attack investigation, timelining, and remediation. And he filled in as a virtual CISO for one of Australia’s mid-tier banks for a little over a year.

Over the last few years Alex has continued to focus on the offensive red-team space where he excels at getting the most out of exercises by engaging closely with blue teams. As someone with experience breaking, building, and investigating, Alex is the ideal person to provide technical training to upskill defenders and help them get the most out of their tools.

Alex holds a Bachelor of Information Technology (Co-op) from the University of Technology Sydney and a list of cyber-specific testing and architecture certifications.

Read more

Chris Archimandritis

With well over a decade of cybersecurity experience, and almost twenty years of experience in different aspects of IT, Chris has led complex security assessments across every industry, spanning three continents. His experience includes both planning and executing sensitive engagements that encompass, among others, critical infrastructure, industrial and residential hardware, core financial and banking systems, purpose-built devices, and cutting-edge smart deployments.

During this time, Chris has also delivered trainings, workshops, and talks for conferences across the world and the APAC region, such as DefCon and AusCERT.

His previous experience as part of academic research groups has provided the tools to tackle any novel problem and assist organisations with cutting edge solutions and platforms.

Having performed engagements on all levels of abstraction, he not only able to both work on the tools as well as analyse and evaluate high level design, but most importantly is able to bridge the gap of management and engineers to provide the best possible strategy to enhance an organisation’s security posture.

His most recent research interests revolve around hardware security, industrial IoT, smart devices and enterprise data platforms.

Chris holds a Bachelor of Computer Science and a master’s degree in Information Systems and has attended several trainings by some of the world's foremost security experts.

Read more

Peter Szot

Peter is a senior penetration tester at Skylight Cyber specialising in Red Team and advanced persistent threat simulations. He has conducted several highly successful Red Team engagements against both locally and internationally situated clients with varying levels of security maturity, whilst achieving stealthy compromise of critical assets.

Constantly striving to improve methodologies, Peter regularly researches new vulnerabilities, and pushes the boundaries of existing technology stacks to circumvent protective measures and help security teams harden systems against modern threats.

Peter previously worked at several cybersecurity consulting companies, working on a vast range of products, from bespoke applications to critical telecommunication hardware.

As such, he has accumulated extensive experience in penetration testing and security assessments across several programming languages and development frameworks.

Peter graduated with Honours (first class) from the University of Sydney and holds a Bachelor of Information Technology.

Read more

Speak to our team

Talk to us

FAQs

What is the difference between a Security Uplift and a Red Team?
  • Scope & Objectives – a Security Uplift and a Red Team will both look at the organisation or business unit as a whole. However, the red team will aim to test the immediate effectiveness of the security stack, trying to find one way to compromise assets. A Security Uplift on the other hand will have a wider breadth, aiming to identify all key ways to materialise risks in the organisation.
  • Testing Methodology - a Red Team is most commonly performed covertly in a black-box manner, i.e., with no prior knowledge of or access to the target environment. A Security Uplift on the other hand is conducted as a white-box exercise, with knowledge of the environment and privileged access. A by-product of the methodology differences is that red teams provide a better assessment of overall security effectiveness and are better suited for testing detection capabilities versus a Security Uplift.
  • Customer resources – Red teaming, due to its covert nature is extremely light on customer resources throughout the engagement. A Security Uplift requires interaction with key stakeholders in the initial phase of business analysis as well as provisioning of access and documentation. Once those have been provided, the rest of the engagement requires little to know resources from the customer.
How can I benefit from a Security Uplift if I already have a cyber strategy and program of work? 

A Security Uplift is designed to temporarily and significantly buy down the risk as you are building your longer-term capabilities, giving the opportunity to build them right the first time. In addition, with a strong focus on technical testing, we often find that a Security Uplift identifies many issues that are not necessarily covered in an existing program of work and helps prioritise those that are. 

What is the duration of a Security Uplift?

The overall duration of a Security Uplift is a function of organisation size, sophistication of reference threats and IT estate complexity. In most cases, an uplift can be completed within 6 to 10 weeks. 

What are the requirements from the customer-side to run a Security Uplift? 

A Security Uplift is conducted as a white-box, i.e. with full knowledge of and access to systems and processes. In the initial phase of the uplift, we would require access to key stakeholders to assist us in better understanding the business and the risks it faces. In addition, we would require privileged access to conduct the technical testing. Once those are provided, little to no further intervention is required from the customer until the draft results are available. 

What are the key outputs to the uplift? 
  • Enumeration of key cyber risk scenarios tailored to the business, alongside rationalisation for likelihood of materialization and impact. 

  • Analysis of threat landscape and identification of the most relevant reference threats.
  • Identification of detailed technical issues as well as higher-order systemic issues. Commonly this would include a visualisation of available attack paths in the network.
  • Tiered and prioritised remediation plan, including detailed technical guidance.
How long does it usually take to remediate issues discovered in a Security Uplift? 

The remediation program will usually consist of 2-3 phases, starting with quick wins that can be remediated within the first three months. The next phases focus on changes that require more effort, such as network architecture, infrastructure changes and processes, commonly bringing the entire remediation plan to approximately 12 months.  

How do I know that issues have been remediated effectively and risk has been reduced?

An important component of the Security Uplift is a post-remediation validation. Based on our experience, we find that a few rounds of validation are necessary to ensure effective remediation. 

Copyright © 2024 Skylight Cyber All rights reserved.
Privacy Policy