0%
Engagements that produced findings
18 of 18, no clean sheets
Ethical hacking. Real findings. Manual expertise.
Manual cybersecurity testing for Australian organisations
Cyber Node runs three types of engagement. Fixed-price manual pen testing for FinTech, engineer-led OT assessments for industrial operators, and an A$399 Cyber Exposure Snapshot for SMBs who need a fast external scan. Every engagement is human-led. No scanner-only reports.
Three years on the frontline
What we’ve found inside Australian businesses
Across 18 manual penetration testing engagements spanning 15 sectors, from neobanks and AI FinTechs to state utilities, government facilities, medical devices, and EdTech, every single engagement produced findings. These are the numbers.
0%
Had Critical or High-risk findings
7 of 18 carried serious exposure
0
Distinct vulnerabilities logged
8.8 average findings per engagement
Where we work
Perth / Brisbane / Sydney / Melbourne / Australia-wide
FinTech Australia Member
APRA CPS 234
PCI DSS v4.0
SOC 2 Type II
ISO 27001
ASD Essential 8
ASD ISM
IEC 62443
GICSP
AESCSF
SOCI Act
CDR / Open Banking
OWASP Top 10
FinTech Australia Member
APRA CPS 234
PCI DSS v4.0
SOC 2 Type II
ISO 27001
ASD Essential 8
ASD ISM
IEC 62443
GICSP
AESCSF
SOCI Act
CDR / Open Banking
OWASP Top 10
Trusted by Australian organisations
Three ways we work with you
Matched to your segment and your budget
We don’t sell a single engagement template. Pick the shape that fits your business and your compliance drivers.
For FinTech & financial services
Pen testing, compliance-aligned
Manual penetration testing of web apps, APIs, and cloud infrastructure. Scoped to APRA CPS 234, PCI DSS, SOC 2, and ISO 27001. Reports your QSA and auditor will accept. Fixed-price engagements from AUD $12k. Cyber Node is a FinTech Australia member.
Scope an engagement →For Industrial & critical infrastructure
OT and ICS, engineering-led
SCADA, DCS, and historian assessments for resources, energy, and critical infrastructure. Led by an engineer who has worked Shell Prelude FLNG, LNG, and nuclear projects. Passive assessment and test-bench options for production plants. On-site for WA, the Pilbara, and regional Queensland.
Talk to an engineer →For Small & mid-sized business
Cyber Exposure Snapshot
One-shot automated external scan of your public attack surface. Open ports, expired certs, forgotten admin panels, exposed services. Fast, simple, self-serve. A$399 per scan. Typical turnaround under 24 hours. See what an attacker sees before they see it.
Scan your domain →Fourth path · for partners
Are you an MSP?
Resell CES to your clients under your own brand. Three tiers. White-label reports. Australian-hosted.
Cyber Exposure Snapshot
95% of Australian SMBs had significant exposures
Over 1,000 automated scans across Australian businesses revealed a consistent pattern. Expired certificates. Forgotten admin panels. Misconfigured services. Open ports that shouldn’t be open.
CES was built to surface these issues before an attacker does. Research is free to read. A full scan of your own domain is A$399.
95%
SMBs with significant exposures
1,000+
Domains scanned
A$399
Per CES scan
24h
Typical turnaround
How we work
Four steps, no surprises
Every engagement follows the same methodology. You know what to expect at every stage, and so do your auditors.
01
Scope
Short call to understand your environment, compliance drivers, and what you actually need tested. Fixed-price proposal within 48 hours.
02
Test
Manual testing by a named human. Scanners for coverage, not conclusions. Chained findings, business logic flaws, real exploitation attempts.
03
Report
Findings rated by real-world impact, not CVSS alone. Executive summary for the board. Technical detail for the engineer fixing it.
04
Retest
Free retest on all findings within 60 days to confirm remediation worked. No charge if the fix lands the first time.
Led by
Matt Breuillac, MIEAust
Chemical and process engineer turned cybersecurity specialist. Prior work includes Shell Prelude FLNG, LNG facilities, and nuclear engineering projects. Holds a Masters in Chemical Engineering, EMBA, PMP, and AWS Certified Security Specialist. Registered member of Engineers Australia.
Read Matt’s story →Case study
A mid-market Australian SaaS product had been tested twice by other firms. Both prior reports were scanner output with a cover page. We found a tenant isolation bypass through two chained low-severity findings neither prior test had flagged. Remediated within 72 hours.Australian SaaS platform · manual penetration testing engagement. Read the full case study →