100%
Engagements that produced findings
54 of 54, no clean sheets
Manual penetration testing. Australia.
Cybersecurity for the people who actually have to fix it
Cyber Node tests the systems your business runs on, from web apps and APIs to cloud estates, AI agents, and OT plants. Every engagement is delivered by a senior practitioner. No offshore delivery, no scanner output dressed up as a pen test.
Pick your path
Where do you start
Three doors. The same operator scopes every engagement. Pick the one that matches your reason for being here.
Path 1
I run an industrial site
Engineer-led OT and ICS testing for resources, energy, water, and SOCI-covered operators. IEC 62443 and AESCSF scoped.
Talk to an engineer →Path 2
I have a compliance deadline or an auditor asking
Manual penetration testing and vCISO support scoped to APRA CPS 234, ISO 27001, SOC 2, PCI DSS, and Essential Eight. Reports your auditor will accept.
Scope an engagement →Path 3
I am putting AI into production
Manual testing for LLM apps, RAG pipelines, and agentic systems. Prompt injection, tool-use abuse, RAG leakage, model supply chain.
Scope an AI review →
Led by
Matt Breuillac, MIEAust
Chemical and process engineer turned cybersecurity specialist. Prior work includes Shell Prelude FLNG (Western Australia), Albemarle Kemerton lithium hydroxide refinery, AREVA nuclear projects, and Kazakhstan ISL uranium operations. Holds a Masters in Chemical Engineering, EMBA, PMP, and AWS Certified Security Specialist. Registered member of Engineers Australia. The same operator scopes every engagement, regardless of which path you took to get here.
Read Matt’s story →Three years on the frontline
What we’ve found inside Australian businesses
Across 54 manual penetration testing engagements spanning 15 sectors, from neobanks and AI FinTechs to state utilities, government facilities, medical devices, and EdTech, every single engagement produced findings. These are the numbers.
39%
Had Critical or High-risk findings
21 of 54 carried serious exposure
477
Distinct vulnerabilities logged
8.8 average findings per engagement
Where we work
Perth / Brisbane / Sydney / Melbourne / Australia-wide
IEC 62443
AESCSF
SOCI Act
APRA CPS 234
PCI DSS
ISO 27001
IEC 62443
AESCSF
SOCI Act
APRA CPS 234
PCI DSS
ISO 27001
Trusted by Australian organisations
Engagements with state utilities, financial services, government facilities, EdTech platforms, and industrial operators across Australia. Confidentiality is the default. Named-client references available on request.
Cyber Exposure Snapshot · April 2026 research
78% of 351 Australian businesses were rated HIGH or CRITICAL
Cyber Node scanned 351 Australian SMB domains non-intrusively. 274 came back HIGH or CRITICAL. 99% had at least one high-severity exposure. The scan surfaced 1,787 actionable findings in total.
Nothing was touched. No credentials used. No internal systems accessed. Just the drive-by view an attacker already has, with a list your MSP can close in days.
78%
Rated HIGH or CRITICAL
351
Australian domains scanned
1,787
Actionable findings surfaced
A$399
Per self-serve scan
How we work
Four steps, no surprises
Every engagement follows the same methodology. You know what to expect at every stage, and so do your auditors.
01
Scope
Short call to understand your environment, compliance drivers, and what you actually need tested. Fixed-price proposal within 48 hours.
02
Test
Manual testing by a named human. Scanners for coverage, not conclusions. Chained findings, business logic flaws, real exploitation attempts.
03
Report
Findings rated by real-world impact, not CVSS alone. Executive summary for the board. Technical detail for the engineer fixing it.
04
Retest
Free retest on all findings within 60 days to confirm remediation worked. No charge if the fix lands the first time.
Case study
A mid-market Australian SaaS product had been tested twice by other firms. Both prior reports were scanner output with a cover page. We found a tenant isolation bypass through two chained low-severity findings neither prior test had flagged. Remediated within 72 hours.Australian SaaS platform · manual penetration testing engagement. Read the full case study →