Expertise

How we work, and what we find

Three areas of focused expertise. Real engagements. Real findings. Every case study on this site describes work Cyber Node has actually performed for Australian organisations, anonymised to respect client confidentiality.

By Matt Breuillac, Director, Cyber Node

From the dataset

54
Engagements delivered
May 2024 – Dec 2025
100%
Find rate. No clean
sheets, ever.
15
Distinct industry sectors
tested across the dataset
6
Recurring technical
patterns we surface
01

Manual penetration testing

Web applications, APIs, networks and cloud environments. Chained exploits, authentication bypasses, business logic flaws. What scanners can’t find on their own.

Read case studies
02

AI & cloud security

LLM-integrated applications, prompt injection, data exfiltration paths, and AWS environment reviews for misconfigured IAM and overprivileged roles.

See the approach
03

OT & ICS cybersecurity

SCADA, DCS, and historian assessments for resources and critical infrastructure. Engineering-led, not a retrofitted IT methodology.

OT capability

How we run an engagement

Four steps. Same on every job.

  1. 01

    Scope

    What's in, what's out, written down before kick-off. We tell you what your money buys, and what it doesn't, in plain language. No surprise out-of-scope upsell halfway through.

  2. 02

    Test

    Manual, hypothesis-driven. A human tester forms a theory, attacks it, and chases what doesn't add up. Scanner output is one input among many, not the report itself.

  3. 03

    Report

    Findings rated by real-world impact in the tested environment, not raw CVSS. Every finding includes evidence, exploitation path, and remediation guidance. Audit-ready when you need it.

  4. 04

    Retest

    Free within 60 days. We validate that your fixes hold against the same attack chains. PCI DSS 11.4.4 explicitly requires this; we include it on every engagement, regardless of framework.

Sectors we've tested

Fifteen industries, one consistent methodology

Cyber Node engagements span the regulated and the unregulated, the IT-native and the engineering-led. Same recurring patterns surface across all of them.

FinTech Banking EdTech / SaaS MedTech Energy utilities Industrial IoT Mining technology Aged care Real estate Government Professional services Industrial ERP Civil engineering AI SaaS WordPress services

Get started

Tell us what you need tested

Get a Quote All services