dotSec started out in January of 2000. Back then, infosec (now we call it cyber) was relatively new in the commercial world, and so our first clients were mostly at the big end of town: Federal government (really just one department), Telcos, regulators and software/system developers. Some of our initial projects included:
Now, a quarter of a century later, cyber security is generally understood to be important to the ongoing viability and resilience of all businesses and individuals. There is a lot that is new (consider for example AI, Cloud-services and post-quantum crypto) but there’s also a lot (software supply-chain risks and, who could forget, passwords!) that remains pretty much the same.
What has certainly changed though is that security now is big business! And where there is lots of money to be made, there is lots of temptation to cut corners and push silver-bullet sales. That’s where dotSec is different. For over 25 years, we have worked as a collaborative partner, enhancing our clients’ capabilities and working together to support security-maturity improvements, even if there are no licenses or products to be sold. But don’t just take our word for that: We’ve worked with our oldest client for over 20 years, our average client-retention time is around 10 years, and we have lots of references that we can share in response to bona fide enquiries.
25 years in and we’re still improving our processes, skills, knowledge and effectiveness. We look forward to working with you.
dotSec’s culture, summarised in one sentence: “A good working environment for smart people to achieve great outcomes”. But what do we mean by “good”, “smart” and “great”, and how do those words apply to dotSec?
Good: A good working environment is one where everyone is encouraged to grow, collaborate and excel, where everyone is treated with respect and dignity, and where people can grow their professional careers without putting their personal lives and interests at risk or on hold.
Smart: Smart people think deeply and consider consequences and alternative approaches before acting; they also crave knowledge and intellectual challenge, and so training is integral to the dotSec vision of creating a good working environment for smart people. To that end, dotSec provides significant opportunities for training and staff are highly qualified to deliver assessment and testing, managed security, and governance, risk and compliance services.
dotSec’s team members hold degrees and credentials from leading universities, industry suppliers and organisations, including:
Our training program is aggressive, and we spend lots of time and money to improve the skills of everyone that works in our team.
Great: Which leads us to great outcomes. Great outcomes are achieved when smart people collaborate in a good environment, and when the customer’s expectations are met or exceeded in every engagement, project or task.
DotSec can only rely on our customer’s feedback to know for sure that great outcomes have been achieved, and the testimonials (included below) that have been provided indicate that is the case.
dotSec provides cyber security services in three main areas: GRC, testing and assessment, and managed security services. Each of those three lines of business are led by one of our team leaders. You’ll enjoy working with them!
Head of Governance, Risk & Compliance
Gautham started at dotSec nearly a decade ago. He has extensive cyber security knowledge and works closely with organisations to identify and address control or compliance gaps and to assist clients with their PCI DSS and/or ISO 27001 implementation or certification.
Gautham assists organisations with PCI DSS and ISO/IEC 27001 compliance, helping to define a scope of assessment, select appropriate risk-based and best-practice controls. He also conducts informed security reviews using frameworks including the NIST CSF and CIS Essential Controls.
Gautham is a PCI DSS Qualified Security Assessor (QSA) and is also an ISO/IEC 27001 Lead Implementer and Lead Auditor. Gautham holds relevant certifications including CISA, CISM, CRISC and CDPSE. He also holds a Master of Information Technology (Computer Networks and Information Security).
When Gautham is not sorting out a GRC compliance puzzle, he’ll be tending one of his many fish tanks, or testing out his current/favourite AI service.
Head of Assessment and Testing
Tim has over two decades of cyber security experience, starting from his time at DSTC where he helped to implement the first Java Cryptographic Library and Architecture (JCE/JCA) outside of the United States.
Tim has since worked at dotSec, applying his inquisitive mind to great effect in the testing and assessment arena. Tim has conducted hundreds of penetration tests against web sites, networks, web services, network infrastructure, and just about any other target you can think of.
Tim has also developed and deployed proof-of-concept software that has evaded some of the highest-profile commercial EDR products you read about today.
Tim has a PhD in mathematical fields of symmetric functions and algebra, focusing on applications in theoretical physics.
When Tim is not sneaking down a cyber chimney somewhere on the Internet, you’ll probably find him sampling a choice IPA or testing the traction controls in his electric speedster… not at the same time, of course!
Head of Managed Security Services
Prabal has worked at DotSec for nearly four years and has extensive knowledge of security across a range of areas including incident detection, management and response, social engineering, informed security maturity assessments (NIST CSF and CIS Essential Controls) and GRC.
Prabal takes the lead on all of our managed services (MSIEM, MDR and MWAF) work. In this role he coordinates the SLAs and BAU activities for all our SLA-contracted customers, and is responsible for liaising with third parties to coordinate custom-search development, DLP-prevention measures and red-team coordination.
Prabal is a ISO/IEC 27001 Lead Implementer and Lead Auditor, Splunk Enterprise Security Certified Admin and Splunk Enterprise Certified Admin. He also holds a Master of Cyber Security and a Bachelor of Technology in Electrical & Electronics Engineering.
When Prabal is not expanding his ever-improving exfiltration-detection rules you’ll find him at his favourite gym… those biceps won’t grow themselves, you know!
Founder and Head of Finance & Ops
Fiona manages DotSec’s project and financial operations, providing administration oversight and ensuring seamless interactions with customers, suppliers, and partners. This work results in financial processes that run smoothly; it also means that clear documentation for quotes, orders and invoicing are received by dotSec’s customers and suppliers within appropriate time frames.
Fiona also manages project structuring and execution using Jira Software, Jira Service Management, Confluence, Big Picture and Tempo, facilitating effective and low-overhead planning, communication and collaboration between dotSec staff and customers.
Fiona previously achieved her CCNA and currently holds a PhD from the University of Queensland.
When Fiona is not sorting out something in Jira, you’ll find her chasing Halo around a park… or enjoying a lunch with the accountants!
Founder and Director
TimR is responsible for dotSec’s strategic (sometimes tactical!) goals and direction.
Prior to starting dotSec, Tim spent three years coordinating the security unit at the Distributed Systems Technology Centre (DSTC), a leading CRC at that time. It was during that time that Tim thought it would be great to be part of a business where smart people could work in good company, build their career with a strong work-life balance, and achieve great outcomes of which they could be proud.
Nowadays, and contrary to cruel rumour, Tim does still do some security work, and has recently helped to achieve great outcomes for customers in some DLP, GRC and maturity assessment projects.
Tim has a PhD from the University of Queensland and a BSc (Hons 1A) from JCU.
When Tim is not embracing his laptop, you might find him trying to learn from Julia Child or Antonio Carluccio!
dotSec prides itself on the level of training it provides for all employees! And we’re serious about walking the cyber walk, so we maintain organisational certifications including ISO/IEC 27001:2022. We are a PCI DSS-compliant service provider, and we operate our managed SIEM and SOC services to a standard consistent with its intent (there is no certification) of CPS 230. dotSec’s Service Practice Statement is available to bona fide enquiries. And last of all we’re a member of CREST AU/NZ, Australia’s ethical testing and assessment organisation.
