DotSec is a professional information security organisation, with over 22 years of solid infosec experience. From our beginnings in early 2000, we have assisted national and international clients across most industry sectors. We also provide assistance to all tiers (from local to national) of government. We provide a range of testing and assessment services, from vulnerability analysis and pen testing, through to GRC and maturity-improvement work (primarily based on ISO 27001, the ASD E8 maturity model, and the CIS Essential Controls), and on to red and purple-teaming exercises with the occasional social-engineering test thrown in for fun. DotSec is a Payments Card Industry (PCI) Qualified Security Assessor (QSA) company and provides ISO/IEC 27001 implementation and preparedness services. DotSec provides audit and remediation advice for APRA’s CPS 234 and ACCC’s CDR. We have a strong IRAP history, assisting companies to become compliant with controls from Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF), and we deliver a wide range of managed security services, from Managed SIEM to training. DotSec infosec professionals are certified AWS and Splunk Architects, PCI QSAs, ISO 27001 implementers, CISSP, CISM professionals, and some of us have computer science and maths degrees (from undergrad to PhD). What draws us together is that we all have a strong history in the design, delivery and management of secure-hosting services for national brands and government.