Decorative dot pattern
POSTED ON 26-March-24

In the heart of Australia's capital, a boutique cyber security firm is making waves with its proactive approach to safeguarding critical assets. Meet Proactive Labs, a team of seasoned professionals dedicated to fortifying businesses and organisations against cyber threats.


Their mission is to help protect their client's critical assets and sensitive information by identifying vulnerabilities in their networks, systems, and applications. With extensive professional experience, they have an in-depth understanding of the dynamic Canberra market.


We sat down with the team at Proactive Labs to tell us more about why they do what they do!


How did you get into cyber security?

I’d say all our backgrounds are exactly what you would expect, we’ve all been in various roles but ultimately working towards building up our skills as offensive security specialists over the years. Whether it was taking things apart when we were younger, or the adversarial/critical analysis of systems, all the warning signs of a career in offensive security were there.


Matt, started out working as a systems administrator over 17 years ago, has written a bunch of software, worked in the Federal Government doing various defensive team roles, then moved over to offensive security over 10 years ago.


Sam ran a red team at a prominent Canberra based cyber security consultancy, Connor led a pentesting team at another large organisation with a larger media presence, and Ethan has been shelling everything he can get his hands on.


We’ve probably been each other's bosses at some point in our careers, but ultimately, we’ve known each other for quite some time, so there is a lot of trust and shared respect between each other, alongside sharpening our tradecraft together for nearly a decade. We have been working behind the scenes, and have been involved in things you’ve seen, have made the news, or use daily – to say in short, we’ve been doing this for a while, and we’ll continue to produce high quality outcomes for our clients for years to come.


What are your areas of expertise and capability?

Penetration Testing

Proactive Labs conduct thorough assessments to identify and assess potential vulnerabilities in our client's networks, systems, and applications. We discover these vulnerabilities and provide tailored, specific advice for remediation, working with stakeholders internally to help contextualise risk and remediation.


Proactive Labs does not provide templated testing or recommendations and spend significant time ensuring that our reports result in a meaningful change to our client's posture. We offer typical penetration testing services such as Web Applications, internal networks and external networks, as well as more specialised services. These specialised tests typically focus on scenario-based attacks (I.e. A malicious or compromised insider attempting to steal trade secrets, an external attacker with limited knowledge of the organisation, or an attacker sitting in a partnering network).


Threat Emulation

Proactive Labs have extensive experience emulating the real threats that our clients face. With in-house tooling, we can accurately assess the resilience of our clients from a variety of threat actors. Proactive Labs spend time understanding our client's needs, their core business and the threats they face.


We then use our expertise and internal resources to determine the most likely threat actor targeting our clients. We emulate how the threat actor operates, rapidly identifying the gaps in our clients' posture as a whole. Our staff are experienced in targeting both the largest Government agencies and smaller bespoke entities.


What advice do you have for those who wish to pursue a career in the industry?

Pick something you want to do and do it. It’s early in your career and you can make mistakes, and those mistakes will teach you a lot about how things work. Reverse engineer things, experiment, write code, build a distributed system, find bugs in open source software – there is no better way of learning, just pick something up and do that thing.


Study the history of how things got here, look at UNIX philosophy, read manuals and information pages. Really learn computers inside and out - know what is beneath the abstractions; know the lower levels of how Kubernetes works - you should be thinking of kernel namespace(7), capabilities(7), not command line arguments to higher level tools or YAML blobs. If you’re interested in AI/ML, understand the mathematics behind it – linear algebra, analytic geometry and probability/basic statistics are key. Find something you want to learn more about, find people who are *the* experts on it, look at their observations and learn what you can from those.


Does your organisation have career opportunities and career pathways available?

We’re always on the lookout to have a chat with people, head over to Proactive Labs careers page for more info.