Much good work is lost for the lack of a little more.

Professional Services

We combine the tradecraft intelligence of the best offensive and defensive cyber operators in the world with a team of world-class researchers and data scientists to engineer analytic capabilities to help protect our client’s digital assets.

We provide expert consultancy and professional services including cyber security advisory services, analytics, threat intelligence, penetration testing, incident response and incident readiness services based on industry driven best practices.




At iTechWorks, we seamlessly deliver cyber resilience by enabling organizations to build high-performing and effective security, risk and compliance management programs. We ensure security controls enable the increasingly connected world and digital economy to overcome constantly changing security challenges.

We Are

Security Experts

Security can be overwhelming, with a growing numbers of threats and increased threat complexity. Added to this, organizations are facing a global skills shortage of security experts.

At iTechWorks, we focus 100% on Holistic Security – it’s all we do. Our people bring with them real-life experience at all business levels – from professional security officers to specific compliance and technology specialists, dedicated to developing and building world-class security services for our customers.

Our team includes certified engineers and threat and incident analysts, incident response teams who can quickly contain, manage and remediate security incidents, and world-class researchers and developers, focused on using technology to build platforms, systems, applications and customer portals.

What We Do

Security Assessment and Penetration Testing Services

Our tailored approach helps you achieve the level of cyber security maturity your organization needs.

iTechWorks provides security assessments and penetration testing services that help you understand which threats and vulnerabilities pose the most risks to your organization due to infrastructure gaps, people, environmental issues or third-party exposure. We offer assessment and testing services for organizations of all sizes and across all industries.

Penetration testing is part of a recognized approach to identify and quantify risk. Through testing we actively attempt to exploit vulnerabilities in your infrastructure, applications and business processes. We provide context around identified vulnerabilities, their impacts and the likelihood of a breach of an asset.

Our team is trained to think and act as if they were real-world malicious attackers. This approach helps your organization fully understand how it would hold up during an actual attack. The results of our engagements proactively identify and quantify vulnerabilities so you can measure and determine the acceptable level of risk your organization is willing to take on.

Our Security Assessment and Penetration Testing services provide insight into all aspects of an organization’s environment, but not limited to and include:

Infrastructure Testing

External Infrastructure

An external infrastructure assessment provides a snap shot of the current security posture and state of Internet facing systems. By choosing this type of assessment you would be implementing a proven test which replicates what an attacker would initially implement prior to an external attack. This enables you to establish the attack surface of your external internet facing infrastructure.

Internal Infrastructure

This type of assessment will allow you to understand the potential impact of an attacker with a foothold within your network or a malicious or disgruntled employee. With the exception of cloud services, almost all sensitive information is held within the perimeter of a typical infrastructure. By understanding which areas are vulnerable to attack (such as internal email, databases or financial information), you can begin to protect those assets.

Cloud Infrastructure

With the data centre being slowly moved from within the company network to being hosted by third parties, a new challenge arises in how to secure access to these critical assets. With extensive experience in performing cloud infrastructure, segregation testing and access control, iTechWorks can work with third parties to ensure confidentiality, integrity and availability of your critical infrastructure and data.


From the starting point of a standard user, iTechWorks will determine the actions that could be taken to affect the confidentiality, integrity and availability of your critical assets. Can the user escalate privileges to that of Domain Admin? Are sensitive files available without any access restrictions? Can a malicious actor attack impersonate other users? Breakouts can be performed from on-site desktop, remote access solutions such as Citrix, and from within VPNs.

Application Testing


iTechWorks works on different methodologies to ensure consistent coverage and depth of testing. Our team has a wide range of experience of external and internal applications covering financial, telecommunications, retail, national infrastructure and government sectors.


While some architecture can be similar between mobile and web applications, the deployment of a mobile application introduces a greater attack surface. Does the application correctly store data on the device? Can the application detect use on a ‘rooted’ or ‘jailbroken’ device? iTechWorks has experience with Android, iOS and wearable devices.


Internal applications can suffer from multiple vulnerabilities around network traffic, memory usage and operating system vulnerabilities. We will perform an in depth assessment, hooking into the application to understand how it interacts with network resources, authenticates users and secures data while in use on the desktop.

Web Services

Web applications are increasingly required to communicate with other web applications to provide and retrieve sensitive information. Testing is performed in a similar manner to user interactive web applications, searching for incorrect configurations, injection attacks and other vulnerabilities.

Network Device Configuration Review

iTechWorks will review the configurations of firewalls, switches, routers and proxies to ensure that their configuration is performing the intended function and adheres to industry standard best practices. Gaps in filtering rules could allow an attacker to traverse a network, exfiltrate data and hamper investigations should logs not be captured correctly or securely. The majority of network devices are covered and reviews can be performed on-site for secure environments.

VPN/Remote Access Services

Virtual Private Networks can fall short of best practices when configured as default, by ensuring that encryption, password policies, two factor authentication and user/access management are correctly configured you can help protect network traffic when traversing the internet.

Stolen Laptop Assessments

Theft or loss of a laptop can be devastating. Organizations often find themselves asking: What information was available? Can a malicious actor gain access to our network? Do the policies to ensure data encryption work as required? We answer those questions and can give remediation advice to prevent your critical assets from falling into the wrong hands.

Build Reviews

A build review provides a detailed review of the installation and configuration of a company’s base operating system. By choosing this type of assessment you would be implementing a proven test which ensure that systems have been built, configured and deployed with respect to industry standards or corporate policy.

Red Team

Our Red Team services are intelligence-led by security professionals and threat researchers who have real-world experience with nation-state-level cyber operations. Our experts go above and beyond a penetration test, using complete knowledge of your network and customized stealth techniques to emulate advanced persistent threats. These types of engagements are designed to help a client’s internal teams become more effective in the identification and prevention of such attacks in the future.

Database Reviews

A database review provides a review of the deployment and configuration of an organization’s database servers. With the importance of database systems in today’s business environment it is important to review their configuration before deployment and at regular intervals.

Physical Security Assessments

Physical penetration testing attempts to infiltrate an organization’s facilities through various means which may include access via secured doors; the evasion of motion sensors, security cameras and checkpoints and even obtaining passwords written on post-it notes. The aim of the engagement is to identify weaknesses in the physical security controls and areas where staff and/or polices can be strengthened to identify intruders.

Social Engineering

Social engineering relates to coercing individuals within an organization to inadvertently grant access to information to someone who does not have proper authorization. Examples of social engineering may include phishing, phone campaigns, and impersonation. Social penetration testing may be a component of a physical penetration test.

Custom Engagements

iTechWorks offers additional assessment and testing services around other key components of an organization’s IT infrastructure and specialized systems. iTechWorks can assess supervisory control and data acquisition (SCADA), industrial control systems (ICS), internet of things systems (IOT) and radio frequency transmissions such as Bluetooth, Zigbee, etc. among many others.

Configuration & Code Reviews

Many security vulnerabilities can be found in how IT systems such as networks, servers, gateways and applications are configured or coded. iTechWorks’s team of infrastructure experts review and assess these systems to help ensure they are properly configured to inhibit an individual or group from easily accessing the inner workings of your IT environment. We are able to provide configuration review services for all of the areas listed below.



Open TCP and UDP ports

Service permissions

Operating system and third party software patch level

User accounts (Local and Group)

Security policies (Local and Group)

Network shares and permissions

Available network interfaces

Storage mechanism of password (are they stored securely), including cached credentials and password history and policy

Antivirus products installed, configured correctly and kept up to date

Host-based IDS/IPS/Firewalls

Application Code


Presence of developer test code/files (not removed)


Session handling

Input validation

Parameter & variable checking

Cookie parameters and hidden fields (if applicable)

Read/ Write call to files (permission checks)