Proven. Experienced. Professional.

New Zealand owned. 100%.

In the Beginning

To truly explain our history, we need to look beyond InPhySec. Our core team has an extensive government history, and importantly with the GCSB and the formation of its cyber-defence unit, the National Cyber Security Centre (NCSC). Between us we represent the full NCSC stack from front line cyber defence analysts to senior management. We were intimately involved in advising and informing the government's understanding and approach to cyber security. During this period of our history we have represented New Zealand at numerous global multi-agency cyber-defence forums. In fact, in many ways we pre-date cyber - at one of the earliest forums attended by an InPhySec Director it was called Electronic Attack! Cyber was yet to be used in this context.

During these government years our current team pioneered cyber investigation and incident response within the government security and intelligence sector. One of our most important learning was that incident response and ongoing prevention is not just a technical response. We talk about the information assurance continuum and the influence this has on overall security management. We found in many ways security governance and risk management was equally and if not more important than technology responses for continued security management.

Technology manages the symptoms. Governance manages the cause.

The Wilderness Years

Between government and InPhySec our Directors spent a couple of years in the wilderness gaining commercial sector experience. It is fair to say we joined with some trepidation, as there is a mistaken belief that government is behind the commercial sector. We quickly found that our skills and experiences were very relevant. Unlike many of our contemporaries, we had first-hand operational experience managing cyber and information security opposing state level threats at a national level. Managing commercial threats is a much more straightforward proposition. We don't just theorise about cyber attack, we know what it looks like and we know how to manage it. Our risk assessment work is based on real experiences. Our advice is proportional and relevant to the threats faced by our customers.

Government leads the commercial sector.


Our rationale for InPhySec was simple. Between us we had a significant, comprehensive and relevant real-world understanding of cyber and information security. When separated our skills and experience were diluted, so by bringing our skills, knowledge and experiences back under one roof we offered a compelling option to our customers.

The security market has become crowded with many 'me-too' security consultancies that are typically a splinter from an existing organisation. We felt that unlike many of these, we offer a genuine point of difference. We believe no other consultancy offers the unique blend of skills and experience that we offer to our clients.

Relevant, real-world experience.

The Future

Our future is very bright. We will continue to innovate and to partner with the best tools and technologies. However, we are less interested in security trends and more interested in security results.

Our clients are safe in the comfort that they being looked after by a team of security professionals with a genuine interest in making sure our clients are protected.

Please give us a call and join our community of clients.

Simple affordable security, that is most importantly effective.