// CAPABILITIES

Cyber capability modules

Each engagement is built from modular capability blocks. We scope what you need — nothing more, nothing less.

Module 01

Penetration testing

What it covers: Controlled attack simulation against infrastructure, applications, and people.

Typical outputs: Technical findings register, risk-rated vulnerability report, remediation roadmap.

Best suited for: Organisations needing to validate defensive posture or meet compliance testing requirements.

Related phase: Assess → Attack simulation

Module 02

Infrastructure security

What it covers: Network architecture review, segmentation analysis, firewall rule audit, and hardening recommendations.

Typical outputs: Architecture assessment, segmentation recommendations, hardening checklist.

Best suited for: Operators of critical infrastructure, data centres, and complex network environments.

Related phase: Assess → Defence engineering

Module 03

Incident response

What it covers: Preparedness planning, tabletop exercises, playbook development, and active incident support.

Typical outputs: Incident playbook, tabletop exercise report, incident response retainer.

Best suited for: Organisations that need to be ready before something happens, not after.

Related phase: Incident preparedness → Respond

Module 04

Security architecture

What it covers: Design review for new systems, cloud migrations, infrastructure changes, and zero-trust adoption.

Typical outputs: Architecture review notes, design recommendations, security control mapping.

Best suited for: Teams building or migrating critical systems who need security input early.

Related phase: Defence engineering

Module 05

Threat monitoring

What it covers: Ongoing visibility into threats targeting your sector, attack surface monitoring, and anomaly detection.

Typical outputs: Threat intelligence briefings, exposure alerts, monitoring dashboard.

Best suited for: Organisations that need continuous awareness without building internal SOC capability.

Related phase: Continuous monitoring

Module 06

Compliance readiness

What it covers: Gap analysis against ACSC Essential Eight, ISO 27001, SOC 2, and sector-specific frameworks.

Typical outputs: Compliance gap report, remediation roadmap, control implementation guidance.

Best suited for: Organisations preparing for audit or needing to demonstrate security maturity to partners.

Related phase: Assess → Defence engineering

// OPERATION PIPELINE

How we work

Surface analysis

Map your attack surface, identify exposure points, and establish operational baseline.

Attack simulation

Controlled testing against infrastructure, applications, and people to validate defences.

Defence engineering

Practical hardening recommendations and implementation support for critical findings.

Incident preparedness

Playbook development, tabletop exercises, and response readiness planning.

Continuous monitoring

Ongoing threat visibility, exposure tracking, and operational awareness.

// DELIVERABLES

What you receive

Every engagement produces actionable outputs. No vague recommendations. No filler pages.

Standard deliverables

  • Executive risk summary
  • Technical findings register
  • Remediation plan
  • Architecture notes
  • Incident playbook / tabletop report (where relevant)

Need a specific capability?

Tell us what you're dealing with. We'll scope what's needed.

Request assessment View sectors