dotSec: Learn more about us

A brief history

dotSec started out in January of 2000. Back then, infosec (now we call it cyber) was relatively new in the commercial world, and so our first clients were mostly at the big end of town: Federal government (really just one department), Telcos, regulators and software/system developers. Some of our initial projects included:

Assistance with security for the national mobile number portability scheme.
Support for cryptographic services for APRA’s D2A project.
Security architecture work.

Now, a quarter of a century later, cyber security is generally understood to be important to the ongoing viability and resilience of all businesses and individuals. There is a lot that is new (consider for example AI, Cloud-services and post-quantum crypto) but there’s also a lot (software supply-chain risks and, who could forget, passwords!) that remains pretty much the same.

What has certainly changed though is that security now is big business! And where there is lots of money to be made, there is lots of temptation to cut corners and push silver-bullet solutions for a percentage cut. That’s where dotSec is different. For over 25 years, we have worked as a collaborative partner, enhancing our clients’ capabilities and working together to support security-maturity improvements, even if there are no licenses or products to be sold. But don’t just take our word for that: We’ve worked with our oldest client for over 20 years, our average client-retention time is around 10 years, and we have lots of references that we can share to bona fide enquiries.

25 years in and we’re still improving our processes, skills, knowledge and effectiveness. We look forward to working with you.

dotSec's culture

dotSec’s culture, summarised in one sentence:

“A good working environment for smart people to achieve great outcomes”

But what does “good”, “smart” and “great” mean?

Good

A good working environment is one where everyone is encouraged to grow, collaborate and excel, where everyone is treated with respect and dignity, and where people can grow their professional careers without putting their personal lives and interests at risk or on hold.

Smart

Smart people think deeply and consider consequences and alternative approaches before acting; they also crave knowledge and intellectual challenge, and so training is integral to the dotSec vision of creating a good working environment for smart people. To that end, dotSec provides significant opportunities for training and staff are highly qualified to deliver assessment and testing, managed security, and governance, risk and compliance services.

dotSec’s team members hold degrees and credentials from leading universities, industry suppliers and organisations, including:

Payment Card Industries Security Standards Council (PCI SSC) Qualified Security Assessor (QSA)
Splunk; Enterprise Administrator, Enterprise Security Administrator, Cyber Security Defence Analyst
Professional Evaluation and Certification Board (PECB); ISO/IEC 27001 Lead Implementer, and Lead Auditor
Information Systems Audit and Control Association Certified Information; Systems Auditor (CISA), Security Manager (CISM), Risk and Information Systems Control (CRISC), and Data Privacy Solutions Engineer (CDPSE)
Bachelors, Masters and PhD degrees in computer science, mathematics and physics.

Our training program is aggressive, and we spend lots of time and money to improve the skills of everyone that works in our team.

Great

Which leads us to great outcomes. Great outcomes are achieved when smart people collaborate in a good environment, and when the customer’s expectations are met or exceeded in every engagement, project or task.

DotSec can only rely on our customer’s feedback to know for sure that great outcomes have been achieved, and the testimonials (included below) that have been provided indicate that is the case.

OUR CYBER SERVICES

ISO 27001 consulting

Practical and experienced Australian ISO 27001 and ISMS consulting services. We will help you to establish, implement and maintain an effective information security management system (ISMS).

Penetration tests

DotSec’s penetration tests are conducted by experienced, Australian testers who understand real-world attacks and secure-system development. Clear, actionable recommendations, every time.

PCI DSS

dotSec stands out among other PCI DSS companies in Australia: We are not only a PCI QSA company, we are a PCI DSS-compliant service provider so we have first-hand compliance experience.

WAF and app-sec

Web Application Firewalls (WAFs) are critical for protecting web applications and services, by inspecting and filtering out malicious requests before they reach your web servers

Identity management

Multi-Factor Authentication (MFA) and Single Sign-On (SSO) reduce password risks, simplify access, letting verified and authorised users reach sensitive systems, services and apps.

Vulnerability management

dotSec provides comprehensive vulnerability management services. And we analyse findings in the context of your specific environment, priorities and threat landscape.

Phishing and soc eng

We don’t just test whether users will click a suspicious link — we also run exercises, simulating phishing attacks that are capable of bypassing multi-factor authentication (MFA) protections.

Penetration testing

DotSec’s penetration testing services help you identify and reduce technical security risks across your applications, cloud services and internal networks. Clear, actionable recommendations, every time!

Managed SOC/SIEM

dotSec has provided Australian managed SOC, SIEM and EDR services for 15 years. PCI DSS-compliant and ISO 27001-certified. Advanced log analytics, threat detection and expert investigation services.

Secure configuration

We provide prioritised, practical guidance on how to implement secure configurations properly. Choose from automated deployment via Intune for Windows, Ansible for Linux or Cloud Formation for AWS.

Secure cloud hosting

Secure web hosting is fundamental to protecting online assets and customer data. We have over a decade of AWS experience providing highly secure, scalable, and reliable cloud infrastructure.

Essential eight

DotSec helps organisations to benefit from the ACSC Essential Eight by assessing maturity levels, applying practical security controls, assessing compliance, and improving resilience against attacks.

Advisory services

We have over 25 years of cyber security experience, providing practical risk-based guidance, advisory and CISO services to a wide range of public and private organisations across Australia.