Shea Security

IT and security are constantly changing and evolving - we strive to ensure we do also.

Let's talk

As a Melbourne based service company deeply committed to making organisations more secure, our work involves testing the security of computer systems, applications and networks. Additionally, we provide education and training to software developers and IT professionals based on our testing and research.

We have considerable experience in solving security problems as in-house staff and as outside consultants for some of Australia’s most widely known companies. This includes working closely with security engineers and managers as they continuously adjust and improve the security of their systems.

About

Our organisation is run by leading industry professional Pamela O’Shea, she has a unique background in information technology and extensive experience in information security. Pamela has an exceptional perspective on how the human resources available in the Australian information technology field are being applied to solve modern security problems.

Pamela O'Shea

Services

As technical security experts we research and frequently identify circumstances that can lead to exploitation by malevolent actors. Our extensive security experience makes us highly skilled penetration testers, it also means we have great insights when it comes to security training.

A standard job with us includes:

Scoping

We pride ourselves in working with clients as they determine the nature and extent of the security services they feel are appropriate for them. We like to discuss the background of a client’s project, the measures previously taken to improve their security and the future plans they have in regards to new developments and enhancements.

Security Testing

Our testing techniques incorporate exploits and industry research for your deployed technologies. We build upon the requirements of the Open Web Application Security Project (OWASP) and the Penetration Testing Execution Standard (PTES).

All of our penetration testing and vulnerability assessments are performed by professional penetration testers and are commonly used to fulfil the Payment Card Industry Data Security Standards (PCI-DSS) mandated testing requirements.

We focus on delivering tailored security testing for your:

  • Web applications
  • Mobile applications
  • Application Program Interfaces (APIs)
  • Networks
  • Physical products including IOT and embedded devices
  • Perimeter testing and monitoring of your externally facing assets
  • Source code reviews

Training and Education

Building secure software and secure systems takes time and a positive internal security culture. Wherever you are on this journey, from just starting to more mature, we can help deliver programmes to strengthen your internal security culture among software developers, engineers, managers and general staff.

We have experience running internal private events and longer term programmes for some of Australia’s largest companies to uplift technical security training and awareness. Some of the events we have run include Capture the Flag competitions (CTFs), regular code review challenges plus security awareness for non-technical staff on anti-phishing, malware and password management best practices. We provide private training spanning a number of months or shorter bootcamp style classes that might run for several days or even one day.

Tailored Reporting

Our report options range from a full technical report, business report, spreadsheet or a list of issue tracking tickets for traceability. We emphasise the importance of providing root cause explanations and common denominator remediation advice in order to avoid recurring security issues. We are happy to discuss findings and suggest a course of action with both management and technical staff.

Blog

Competing in the BSides Canberra 2023 CTF

by Sijing Zheng on 2 November 2023

Introduction to OAuth Security

by Chuanshu Jiang on 6 October 2023

Competing in the International Cyber Security Challenge 2023

by Chuanshu Jiang on 5 September 2023