Manual pen testing and vCISO. Australia.

Cybersecurity and compliance, scoped to your auditor

Most engagements start because an auditor, a regulator, an insurer, or a procurement contract has asked a hard question. Cyber Node delivers manual penetration testing and supporting advisory work scoped to APRA CPS 234, ISO 27001, SOC 2, PCI DSS, and Essential Eight. Every engagement is run by a senior practitioner against a defined scope. Fixed-price engagements from AUD $12k. Free retest within 60 days of the final report. FinTech Australia member.

By Matt Breuillac, Director, Cyber Node

Scope an engagement Pen test vs vuln scan
Matt Breuillac, founder of Cyber Node

Led by

Matt Breuillac, MIEAust

One operator across every Cyber Node path. Chemical and process engineer turned cybersecurity specialist. Shell Prelude FLNG, Albemarle Kemerton lithium hydroxide, AREVA nuclear, Kazakhstan ISL uranium. Masters Chemical Engineering, EMBA, PMP, AWS Certified Security Specialty. Engineers Australia member.

Read Matt’s story

Frameworks

What auditors, regulators, and insurers actually accept

FinTech and financial services

APRA CPS 234

Penetration testing scoped to paragraph 27. Reports written for the APRA-aligned internal audit conversation. Often paired with PCI DSS where card data is in scope.

Open

SaaS and B2B platforms

SOC 2 & ISO 27001

CC4.1 and CC7.1 evidence for SOC 2 Type II. A.8.8 and A.8.29 evidence for ISO 27001:2022. Aligned with Vanta or Drata pipelines if you are running one.

SOC 2 ISO 27001

Card payments and government

PCI DSS & Essential Eight

PCI DSS v4.0.1 Requirement 11.4 testing for merchants and service providers. Essential Eight Maturity Level technical validation for government, government-adjacent, and SOCI-covered entities.

PCI DSS Essential Eight

Trust signals

What sits behind the engagement

  • 54 manual penetration testing engagements delivered. 477 distinct findings logged.
  • 100% of engagements produced findings. 39% carried Critical or High severity.
  • FinTech Australia member. Australian-owned, Australian-operated, no offshore delivery.
  • Lead practitioner credentials: AWS Certified Security Specialist, AWS Solutions Architect Associate, OSCP-equivalent practical exploitation experience.
  • Fixed-price proposal within 48 hours of scoping call. Free retest within 60 days of the final report.

Mis-routed

On the wrong page?

Have OT, ICS, SCADA, or industrial control systems in scope? Start at OT and Industrial →

Putting AI agents into production and worried about prompt injection or model leakage? Start at AI Security →

Go deeper

Cyber and compliance pages

Methodology

How we test

Named-technique disclosure. Worked case studies. Recurring patterns from 54 engagements.

Open

Vertical

FinTech penetration testing

National FinTech anchor. APRA CPS 234 plus PCI DSS plus SOC 2 in a single engagement where the scope supports it.

Open

Decision aid

Cyber insurance readiness

A cyber policy is not a security control. It is a payout contingent on you having done the controls. Two-day Essential Eight gap assessment maps to it.

Open

Where we work

Cities

Perth

WA-based delivery anchor. Resources, government, FinTech.

Sydney

FinTech and financial services hub. APRA-aligned engagements.

Melbourne

FinTech and technology firms. SOC 2 and ISO 27001 buyers.

Brisbane

QLD anchor. Resources sector and government adjacencies.

Scope an engagement

Audit-ready evidence, fixed price

Tell us the framework, the scope, and the deadline. We respond with a fixed-price proposal within 48 hours.

Scope an engagement Scan my domain for A$399