A collective of minds.
InPhySec was founded in 2015 by three like minded individuals, Ian Fletcher, Jonathon Berry and Marc Barlow. They saw an opportunity to put their collective experience and skills together for the greater good and, so, InPhySec was born.
The rationale for InPhySec was simple. Between them they had significant, comprehensive and relevant real-world understanding of cyber and information security. By bringing their skills, knowledge and experiences under one roof they could offer a compelling, intelligence led option to a fast growing market.
The Security market has become crowded with many 'me-too' security consultancies that are typically a splinter from a larger, existing organisation that likely isn't a specialist in the field. Unlike many of these, we offer a genuine point of difference.
We believe no other consultancy offers the unique blend of skills and experience that InPhySec offers to our clients.
Technology manages the symptoms.
Governance manages the cause.
Our Directors and core team have an extensive government history, in particular within the GCSB and the formation of its cyber-defence unit, the National Cyber Security Centre (NCSC). Our Directors represent the full NCSC stack from front line cyber defence analysts to senior management. They were intimately involved in advising and informing the government's understanding and approach to cyber security. During this period of our history our Directors have represented New Zealand at numerous global multi-agency cyber-defence forums. In fact, in many ways they pre-date cyber - at one of the earliest forums attended by an InPhySec Director it was called Electronic Attack! Cyber was yet to be used in this context.
During these government years our team of Directors pioneered cyber investigation and incident response within the government security and intelligence sector. One of the most important learnings was that incident response and ongoing prevention is not just a technical response. At InPhySec, we talk about the information assurance continuum and the influence this has on overall security management. Our Directors found that in many ways security governance and risk management was equally, and if not more, important than technology responses for continued security management.
Transferrable, real world skills
Between government and InPhySec our Directors spent a couple of years in the wilderness gaining commercial sector experience. They quickly found that their collective skills and experiences from government were very relevant. Unlike many of InPhySec's contemporaries, they had first-hand operational experience managing cyber and information security opposing state level threats at a national level. Managing commercial threats is a much more straightforward proposition. At InPhySec we don't just theorise about cyber attack, we know what it looks like and we know how to manage it. Our risk assessment work is based on real experiences. Our advice is proportional and relevant to the threats faced by our customers.