Hacker mindset. AI to OT. Human-led.

Manual cybersecurity testing for Australian organisations

Cyber Node runs three types of engagement. Fixed-price manual pen testing for FinTech, engineer-led OT assessments for industrial operators, and an A$399 Cyber Exposure Snapshot for SMBs who need a fast external scan. Every engagement is human-led. No scanner-only reports.

Get a Quote → See Our Work →

Three years on the frontline

What we’ve found inside Australian businesses

Across 18 manual penetration testing engagements spanning 15 sectors, from neobanks and AI FinTechs to state utilities, government facilities, medical devices, and EdTech, every single engagement produced findings. These are the numbers.

01 / headline

Engagements that produced findings

18 of 18, no clean sheets

02 / severity

Had Critical or High-risk findings

7 of 18 carried serious exposure

03 / volume

Distinct vulnerabilities logged

8.8 average findings per engagement

18 engagements 15 sectors 2 Critical 21 High 49 Medium 66 Low 21 Informational

Where we work

Perth / Brisbane / Sydney / Melbourne / Australia-wide

FinTech Australia Member APRA CPS 234 PCI DSS v4.0 SOC 2 Type II ISO 27001 ASD Essential 8 ASD ISM IEC 62443 GICSP AESCSF SOCI Act CDR / Open Banking OWASP Top 10 FinTech Australia Member APRA CPS 234 PCI DSS v4.0 SOC 2 Type II ISO 27001 ASD Essential 8 ASD ISM IEC 62443 GICSP AESCSF SOCI Act CDR / Open Banking OWASP Top 10

Trusted by Australian organisations

Three ways we work with you

Matched to your segment and your budget

We don’t sell a single engagement template. Pick the shape that fits your business and your compliance drivers.

For FinTech & financial services

Pen testing, compliance-aligned

Manual penetration testing of web apps, APIs, and cloud infrastructure. Scoped to APRA CPS 234, PCI DSS, SOC 2, and ISO 27001. Reports your QSA and auditor will accept. Fixed-price engagements from AUD $12k. Cyber Node is a FinTech Australia member.

Scope an engagement →

For Industrial & critical infrastructure

OT and ICS, engineering-led

SCADA, DCS, and historian assessments for resources, energy, and critical infrastructure. Led by an engineer who has worked Shell Prelude FLNG, LNG, and nuclear projects. Passive assessment and test-bench options for production plants. On-site for WA, the Pilbara, and regional Queensland.

Talk to an engineer →

For Small & mid-sized business

Cyber Exposure Snapshot

One-shot automated external scan of your public attack surface. Open ports, expired certs, forgotten admin panels, exposed services. Fast, simple, self-serve. A$399 per scan. Typical turnaround under 24 hours. See what an attacker sees before they see it.

Scan your domain →

Fourth path · for partners

Are you an MSP?

Resell CES to your clients under your own brand. Three tiers. White-label reports. Australian-hosted.

See MSP tiers →

Cyber Exposure Snapshot · April 2026 research

78% of 351 Australian businesses were rated HIGH or CRITICAL

Cyber Node scanned 351 Australian SMB domains non-intrusively. 274 came back HIGH or CRITICAL. 99% had at least one high-severity exposure. The scan surfaced 1,787 actionable findings in total.

Nothing was touched. No credentials used. No internal systems accessed. Just the drive-by view an attacker already has — and a list your MSP can close in days.

Read the research → Scan your domain →

78%

Rated HIGH or CRITICAL

351

Australian domains scanned

1,787

Actionable findings surfaced

A$399

Per self-serve scan

How we work

Four steps, no surprises

Every engagement follows the same methodology. You know what to expect at every stage, and so do your auditors.

Scope

Short call to understand your environment, compliance drivers, and what you actually need tested. Fixed-price proposal within 48 hours.

Test

Manual testing by a named human. Scanners for coverage, not conclusions. Chained findings, business logic flaws, real exploitation attempts.

Report

Findings rated by real-world impact, not CVSS alone. Executive summary for the board. Technical detail for the engineer fixing it.

Retest

Free retest on all findings within 60 days to confirm remediation worked. No charge if the fix lands the first time.

Led by

Matt Breuillac, MIEAust

Chemical and process engineer turned cybersecurity specialist. Prior work includes Shell Prelude FLNG, LNG facilities, and nuclear engineering projects. Holds a Masters in Chemical Engineering, EMBA, PMP, and AWS Certified Security Specialist. Registered member of Engineers Australia.

Read Matt’s story →

Case study

A mid-market Australian SaaS product had been tested twice by other firms. Both prior reports were scanner output with a cover page. We found a tenant isolation bypass through two chained low-severity findings neither prior test had flagged. Remediated within 72 hours.

Australian SaaS platform · manual penetration testing engagement. Read the full case study →