Experts in Cybersecurity for Critical Infrastructure
and High-threat environments
and High-threat environments
To help organisations better understand, prepare, and respond to cybersecurity threats, ensuring safety and reliability of essential services.
We are a credible and capable authority in cybersecurity.
We deliver confidential, discrete, and relevant services and pragmatic advice.
We solve cybersecurity challenges holistically.
Optimise cybersecurity return-on-investment and protect your most valuable assets - your customer's trust.
World Class Expertise
We are leaders in critical infrastructure and high-threat cybersecurity, where the consequences of failure can be catastrophic. Our leadership extends to participating in developing industry standards and research initiatives.
Tobruk helps the Rail Industry improve cybersecurity
Tobruk’s CEO, Duncan Unwin, has been working with the rail industry to develop the first national standard for cybersecurity. AS7770 developed by the Rail Industry Safety Standards Board (RISSB), provides comprehensive guidance on developing an effective cybersecurity management framework in a rail operator.
Tobruk’s research on cyber-threats to rail publish by the Institute of Mechanical Engineers
The Journal of Rail and Rapid Transit, has published an article on Tobruk’s research into rail cyber-safety. The article “Railway cyber safety - an intelligent threat perspective” was authored by Duncan Unwin and Dr Louis Sanzogni, from Griffith University. This journal is a scientific peer-reviewed journal on rail systems. The paper reports on the results on using wargaming approaches to understand emerging threats to these complex cyber-physical systems.
Tobruk participating in the Australian working group on control system cyber safety
Gideon Parker, Senior Consultant, has been providing technical advice to the Australian working group of the ISA/IEC 62443 standard. This standard is one of the most central to the core cybersecurity of control systems, and Gideon’s participation reflects his reputation in control system cybersecurity.
Tailored Defence Strategies informed by Risk Assessment.
The design of cyber-defences should be based on the sophistication and motivation of attackers you are facing, and the consequences of being hacked. We use concepts developed in the military intelligence domain, to better understand the motivation, identify and tactics, technique, and procedures of likely attackers. We then use this knowledge to design efficient, effective, and resilient security architectures.
Military intelligence has much to teach cybersecurity professionals about knowing the threat faced by an organisation. Rather than relying on generic statements about threat environments, the Tobruk approach is to use processes developed by military intelligence (S2) to understand your enemy.
One we understand this picture, we can construct cybersecurity architectures that deal with the level of threat that an organisation is likely to face. Duncan Unwin, our CEO, has used his experience from 25 years in Signals to help organisations understand their threats and implement smart defences. For example, when facing sophisticated threat agents, we recommend not only conventional controls to prevent, detect and respond to threats, but also active defence measures that provide positive warning that an organisation is being targeted for attack.
We don’t consider a document or slide pack to be the end of our mission. We take strategies and architectures, and using our extensive programme and project management expertise, work with your IT delivery partners and your organisation to implement them. Our holistic approach addresses governance, policies and standards, people and organisation, technology, and operations. We can do this using classical engineering project management methodologies or Agile and Lean management approaches.
A Cloud Identity Access Architecture for a Bank
In 2019, Valdemar Jakobsen, our Chief Information Security Officer, worked with a mid-tier bank to design a cloud-based identity and access management solution, that would connect all their systems with a single administration process for Staff needing granular access to customer information. He worked with Microsoft and Ping Identity to develop a solution that was comprehensive yet practical, and which can be progressively rolled out to all the core systems in the bank.
Tobruk helps a start-up in a high-threat environment
Duncan Unwin, Tobruk’s CEO, has been helping a start-up crypto-currency exchange to implement effective cybersecurity controls on a limited budget. “It’s a real challenge for them, as there is really no higher-threat environment and they are a small team with no cybersecurity staff. With these restrictions, we have helped them reducing their risk for the least investment.”