Untapped Cyber
Untapped Cyber is a social enterprise dedicated to protecting business by providing the full spectrum of cyber services, or deploying entire teams.
Untapped can help build the talent pipeline and provide everything, from a Virtual CISO to junior analysts. We are committed to solving the cyber skills crisis by creating and supporting excellent cyber workers through their careers.
Our Services
Untapped Cyber is the full spectrum cybersecurity practice within the Untapped Group. Founded on the principles of creating a sustainable cybersecurity workforce, including neurodiverse, First Nations, veterans and returning-employees, especially women and carers. Untapped Cyber are able to deliver the full range of cybersecurity services, with dedicated Blue Team, Red Team and Purple Team.
We value inclusion, and our services are provided by people who “think differently”. We are proud to support our communities and constituencies with positive potential. Our clients include BHP, ANZ Bank, National Australia Bank, the Australian Federal Police, Pacific Defence Services and the Department of Home Affairs.
We can provide expertise for the following areas:
-
Penetration testing, vulnerability assessments, social engineering attacks, physical security assessments, incident response testing, adversarial simulation, wireless network assessment, red team exercises, web application testing, security awareness training, IoT security assessments, cloud security assessments, endpoint security evaluations, cyber range exercises, business email compromise simulations, critical infrastructure attack simulations, insider threat simulations, threat intelligence analysis, VoIP security assessments, cross-site request forgery testing, API security assessments, cryptographic evaluation.
-
Threat monitoring and detection, incident response, vulnerability management, patch management, security architecture and technical reviews, security configuration, threat intelligence analysis, traffic analysis and anomaly detection, data loss prevention solutions, security tools – firewalls, intrusion detection and prevention (IDS/IPS), endpoint protection platforms (EPP), information and event management (SIEM).
-
Essential 8 uplift, ISO27001 implementation and audit, DISP implementation, NIST CSF implementation and audit, cybersecurity reviews, SOCI and SLACIP assessments, compliance management, policy development and review, cybersecurity strategy and governance, audit support and coordination, third party risk assessment, data privacy and protection, training and awareness programs, incident response planning and coordination, vendor assessments, cyber insurance documentation, business continuity planning, IT governance and controls, legal and regulatory research, security and privacy impact assessments, open source intelligence, ESG reporting, CSR reporting, stakeholder communications and crisis management.
Talent Capability.
In addition to offering a full suite of cyber services, we can help source and build the “untapped” talent pipeline for Cyber Talent. We can help find, assess, and match individuals to roles they will thrive in, bringing innovation and elevating competitiveness. We offer talent capabilities such as:
We can source and build talent for the following areas:
-
Services:
• Vulnerability assessment, network penetration, web application testing, social engineering, reports
-
Services:
• Threat actor profiling, indicators of compromise, data collection and analysis, TTP asssessments
-
Services:
• Incident detection and analysis, containment and eradication, forensic investigations, documentation, coordination and communications
-
Services:
• Security monitoring and alerting, SIEM management, log analysis, malware analysis, device management, threat hunting
-
Services:
• Network design and segmentation, cloud security, identity and access management, controls implementation
-
Governance, Risk, and Compliance (GRC) refers to a framework that ensures an organisation effectively manages its IT strategy, aligns it with business objectives, addresses risks, and complies with regulations.
Untapped offer services such as:
• ISO27001, Essential 8, DISP, DSPF, PSPF, NIST, 3rd party assessments, awareness and training programs.
Why implement GRC?
Improved cybersecurity posture: it assists organisations proactively manage and mitigate cybersecurity risks, reducing the likelihood of breaches and associated costs.
Enhanced business alignment: it ensures that cybersecurity practices are aligned with business goals and objectives, driving strategic decision-making.
Regulatory compliance: it assists organisations meet regulatory requirements and industry standards, avoiding penalties and reputational damage.
Cybersecurity Training
Untapped have developed a ‘Building Cybersecurity Awareness’ training module targeted towards uplifting baseline cybersecurity awareness and protecting both organisations and individuals from cyber threats.
This module teaches common cyber threats, best practices for individuals, and case study examples. Contact us to learn more.
Awareness Campaigns
Untapped Cyber have expertise in delivering customised outreach resources and educational campaigns for clients that reinforce critical cybersecurity practices. Liaising with graphic designers to distribute curated physical and/or digital handouts, we target crucial vulnerabilities with engaging methods that enhance understanding and retention. We can produce awareness campaigns such as:
Social Engineering Poster
Endpoint Breach Posters
Multi-Factor Authentication Poster
Phishing Poster
Artificial Intelligence
Untapped Talent is at the forefront of innovation in the AI landscape, providing comprehensive services designed to help organisations navigate the complexities of integrating Large Language Models (LLMs) within their organisations. Our expert team offers a range of services, from framework integration and gap analysis to AI management system implementation, all tailored to ensure regulatory compliance and robust risk management. With a deep understanding of leading GRC frameworks such as NIST CSF 2.0, COBIT 2019, ISO 27001:2022, and ISO 42001:2023, Untapped Talent is uniquely positioned to assist businesses in leveraging the opportunities presented by LLMs while mitigating potential risks. Our offerings include readiness assessments, risk and opportunity analysis, regulatory compliance advisory, and continuous monitoring, ensuring that your organization remains at the cutting edge of AI innovation with a secure and compliant approach.
We offer the following comprehensive AI services:
-
Service Description: Analyse and integrate cybersecurity GRC frameworks (NIST CSF 2.0, COBIT 2019, ISO 27001:2022, and ISO 42001:2023) for organisations adopting Large Language Models (LLMs). Provide a detailed gap analysis to identify and address inadequacies in LLM risk oversight.
-
Service Description: Assess the readiness of an organisation to adopt LLMs in terms of existing cybersecurity frameworks and identify the necessary steps to achieve compliance and mitigate risks.
-
Service Description: Evaluate the risks and opportunities associated with integrating LLMs within an organisation's current cybersecurity framework. Provide strategies to leverage opportunities while minimising risks.
-
Service Description: Provide advisory services to ensure that the adoption of LLMs aligns with relevant regulatory requirements, including the European Union AI Act, and other international standards.
-
Service Description: Assist organisations in implementing AI management systems based on ISO 42001:2023, ensuring comprehensive facilitation for LLM opportunities and robust risk management.
-
Service Description: Enhance existing cybersecurity frameworks to better incorporate LLM oversight and management, ensuring all identified gaps are addressed.
-
Service Description: Provide expert validation and qualitative content analysis services to organisations to help them understand the integration readiness of their cybersecurity frameworks for LLM adoption.
-
Service Description: Develop and deliver training programs to increase awareness and understanding of LLM integration, associated risks, opportunities, and compliance requirements within the organisation.
-
Service Description: Design and implement custom AI governance solutions tailored to the specific needs of an organisation, ensuring alignment with the most relevant GRC frameworks and regulatory standards.
THE FACTS
An estimated 47% of Australians have been cybercrime victims, including online abuse, malware infection, identity theft and misuse, and other online fraud and scams.
There is on average one cyber report every 7 minutes in Australia.
The average cost of cybercrime for small business is $46,000.
Highest victimisation rates were among young people, First Nations, non-English speakers and people with a disability.