//penetration testing · new zealand
Expert cyber security
for NZ businesses
Cyberoptic Security helps NZ businesses identify hidden risks through expert penetration testing and security assessments. Know More, Risk Less.
//services
Security that fits how you work
Six service lines, from full penetration testing to bespoke engagements. Every engagement is carried out by a consultant.
Penetration Testing
Authorised, manual simulated attacks across your apps, networks and cloud.
- Web Applications
- AI and LLMs
- APIs
- Mobile Applications
- Internal Networks
- External Networks
- Hardware and IoT
- Cloud Infrastructure
- PCI Compliance
CyberSafe Essentials
A fixed-price assessment built for small organisations with fewer than 20 users, covering the three areas attackers target most.
- Microsoft 365 Secure Configuration Review
- Manual Security Review of Internet-Facing Assets
- Manual Security Review of Your Corporate Website
Secure Configuration Reviews
Your cloud and SaaS environments measured against security baselines.
- Amazon Web Services (AWS)
- Azure
- Microsoft 365 (M365)
- Google Cloud Platform (GCP)
- SaaS Solutions
Technical Controls Validation
A check that your defences are configured correctly and would stop an attacker.
- Denial of Service (DoS) testing
- Email security controls
- Workstation security
- Server security
- Network hardware
Vulnerability Scanning
Automated assessment of your networks and web apps, validated by a human.
- Internal Networks
- External Networks
- Web Applications
Bespoke Testing
Testing shaped around your requirements when your needs do not fit a standard engagement.
- Custom and proprietary technology
- Unusual protocols, hardware or integrations
- Scope adapted to your constraints and timelines
- Combined or multi-stage engagements
- A specific threat scenario or concern
- Reporting tailored to your stakeholders
//how we work
A clear, four-step engagement
Scope
A scoping call digs into your real risks and guides you to the testing that will genuinely help, rather than an off-the-shelf engagement. You get a fixed, transparent price.
Test
A consultant carries out the testing manually, backed by automated tooling. We stay in touch with your technical team throughout, so testing runs smoothly and findings are raised as we go.
Report
You get clear findings with the specific fixes required, prioritised by risk, written for both management and your technical team.
Retest
90 days of retesting is included. Once you have remediated, we confirm the issues are properly closed.
//flagship package
CyberSafe Essentials
For organisations with fewer than 20 users
Built for small organisations with fewer than 20 users. Each in-scope system is manually reviewed by a professional consultant to identify real-world risk and provide relevant, actionable guidance.
- Microsoft 365 Secure Configuration Review
- Manual Security Review of Internet-Facing Assets
- Manual Security Review of Your Corporate Website
fixed price
$5,200
One fixed price, agreed up front. For organisations with fewer than 20 users.
Book CyberSafe Essentials//client stories
Penetration Testing
“We engaged with Cyberoptic to carry out a full penetration test on our internal network. The findings were thorough, clearly explained, and came with practical recommendations that we could act on straight away.”
Web Application Security
“The team helped us secure our web platform before a major product launch. They found several critical issues that our developers had missed, and worked closely with us to get them fixed in time.”
Cloud Security (AWS)
“We needed a security review of our AWS environment and they delivered exactly what we needed. Their cloud knowledge is excellent, they picked up risks we hadn't considered, and helped us lock things down without breaking anything.”
Application Security Review
“We had performed a detailed security assessment of our customer-facing app. The report wasn't just full of issues, it included context, impact, and clear remediation steps. Very professional and easy to work with.”
Microsoft 365 Security Review
“The team at Cyberoptic helped us secure our Microsoft 365 tenant and understand where our risks were. It was reassuring to have someone local who knew both the tech and the business side.”
//releases
Latest from the team
How AI Actually Works: A Plain English Guide
A plain-English explanation of how modern AI works, covering everything from what a language model is to what MCP is and why it matters, without the buzzwords.
Identity Is Now the Perimeter
As cloud services and remote work erode the network boundary, stolen credentials have become the main way attackers get in. This article explains how credential theft works, why MFA alone is not enough, and which identity controls actually help.
NPM's Security Problem Isn't Going Away
A look at the history of npm supply chain attacks, why they keep happening, and practical defences for teams that use or maintain npm packages.
//about
Locally owned. Business-minded.
We're a locally owned and operated New Zealand firm. We take the time to understand how you work, both technically and commercially, so our advice fits your business. Security only works when it works for you.
More about us
Know more. Risk less.
Get a fixed-price quote for the testing your business needs.