Due to the sensitive nature of the subject matter, this case study has been anonymised at the request of the organisation involved. If you’d like to hear more about the experiences of other satisfied clients, we’re happy to arrange verbal references to help you feel confident in your decision to partner with Kaon Security.

Penetration Testing

About

This NSW-based local government authority provides a wide range of services to its community, including infrastructure management, regulatory functions, and community development. The organisation relies heavily on technology and faces increasing pressure to meet regulatory requirements, maintain service continuity, and protect against evolving cyber threats.

Background

The organisation has approximately 500 users operating in a hybrid IT environment across cloud and on-premises infrastructure, including systems that are critical to daily operations. With this complex hybrid environment, maintaining visibility over potential vulnerabilities is a key priority for the IT team.

Challenges

As part of annual audit requirements and regulatory obligations, the organisation conducts regular penetration testing to assess its security posture. The IT team were particularly concerned about both external and internal threats and wanted to better understand the risks that had changed over time.

“We’d worked with other providers before, but their reports lacked the detail and practical guidance we needed,” comments the IT Manager. “We were looking for a partner who could not only carry out the testing but also explain the findings in a way that supported meaningful action.”

Solution

“We reached out to a number of providers on the LG procurement panel and ultimately opted to go with Kaon Security for their flexibility, experience with the local government sector, and clear guidance.” said the IT Manager.

The organisation engaged Kaon Security to conduct a grey-box penetration test incorporating red team tactics, covering networks, infrastructure, web applications, wi-fi, and social engineering. Kaon Security worked closely with the team to scope the engagement, ensuring that the test addressed the organisation’s unique requirements and environment.

“The testing process was well-managed with minimal disruption to our internal teams. The initial prerequisites were fairly painless, and the tester was largely self-sufficient. They also notified us of critical issues identified during the assessment, allowing us to act quickly.”

Benefits

“Working with Kaon Security delivered tangible outcomes, including a clearer understanding of vulnerabilities prioritised by risk severity. We were able to remediate critical and high-risk issues with urgency, create a structured roadmap for addressing medium risks, and verify that all fixes had been successfully implemented.”

“I’ve worked with other pen testing providers, and Kaon Security stood out for their comprehensive findings and ability to identify issues others had missed.” adds the IT Manager.

Leadership

The test findings have been used to engage the Executive Management Team - helping to clearly communicate identified risks, add relevant issues into the organisation’s risk register, and secure additional budget to address current vulnerabilities and plan for future improvements. The results also demonstrate to auditors that the organisation is proactively managing its cyber risk exposure and taking strategic steps to strengthen its IT security posture.