Our Company

Our Founding

elttam was founded by three partners in 2015 - each bringing extensive technical security experience in both industry and academia.

We each identified with a similar passion for information security, appreciating the vast technical challenges along with the strengths and weaknesses facing current industry practices. We realised together we could drive forward the status quo.

Thus, we created elttam - an independent and specialised security firm, with a technical R&D core and progressive company culture. We deliver quality security services to our customers in Australia and abroad.


Our Team

Ben Cambourne

Ben is a Security Researcher at elttam. He has over a decade of professional experience in both offensive and defensive roles.

He enjoys (over-)engineering elegant solutions, solving challenges, honing his craft and sharing with others. When not getting a tan from his 7 screen Swordfish setup he likes adventuring outdoors.

Sydney, Australia - GMT+10

Ben Cambourne

Security Researcher

Charlie

"Charlie" (or Gina) is our Business Administrator at elttam. She has a mix of experiences from working in IT through to business entrepreneurship.

She helps ensure everything is running smoothly in the background and that everybody is kept in line... mostly Matt.

Sydney, Australia - GMT+10

Charlie

Business Administrator

Daniel Hodson

Daniel is a Partner at elttam. He has over a decade of professional experience in offensive security roles.

He enjoys finding new and interesting vulnerability classes, writing exploits for physical systems, and exploring the wilderness from his kayak.

Brisbane, Australia - GMT+10

Daniel Hodson

Partner

Luke Jahnke

Luke is a Security Researcher at elttam. He has extensive experience performing security assessments and running training.

He enjoys working on new exploitation techniques, running the Bitcoin CTF challenges, and taking over table tennis tables.

Melbourne, Australia - GMT+10

Luke Jahnke

Security Researcher

Matt Jones

Matt is a Partner at elttam. He has over a decade of industry experience in both offensive and defensive roles.

He enjoys problem solving, data-based analysis, and trying to come up with ways to incorporate whisky into cooking.

Melbourne, Australia - GMT+10

Matt Jones

Partner

Mike Pritchard

Mike is a Security Researcher at elttam. He brings with him unique knowledge of avionic and electrical systems, including RADAR, GPS, electro-optics and RF.

With elttam, he is helping to develop engaging training environments, undertakes R&D projects, and critiques the 'atmosphere' of elttam team functions

Melbourne, Australia - GMT+10

Mike Pritchard

Security Researcher

Pedram Hayati

Pedram is a Partner at elttam. He brings over a decade of experience in academia (Dr. Pedram, tyvm) & industry.

He enjoys performing applied research and attending meetups. He doesn't enjoy when his kite-surfing kites are destroyed while surfing.

Sydney, Australia - GMT+10

Pedram Hayati

Partner


Our FAQ

I don't know what service I need. Help?

Feel free to contact us to talk through what you're thinking – we’ll advise on possible options and whether there's something we can do to help.

Why do you offer white-box penetration testing as opposed to black-box?

A black-box testing methodology is a common security assessment approach but it can suffer from some limitations including an overfocus on standard implementation vulnerabilities, a lack of identifying systemic issues, and a lack of understanding potential ways to apply best practice security considerations.

The white-box testing methodology provides an in-depth application security assessment approach that leverages complete access to source code, documentation, and test environments. This combines manual secure code review, automated security analysis, and traditional penetration testing to achieve optimal coverage and insight. It also allows for the identification of specific ways to improve secure development and threat management activities, which help to pragmatically reduce the risk of threats moving forward.

I'm using SaaS/PaaS/IaaS/Cloud for my application. Can you test it?

Yes, we can.

I need a (PCI/XYZ/ABC) Penetration Test Performed. Help?

If you're purely seeking a compliance or penetration test checkbox, we're not the right firm for you.

We like to work together with our clients on real problems, deliver high quality results, and evolve your security.

Do you offer public training courses?

Yes, we do. Please visit training page for more information.

I'm a non-profit Australian organisation. Do you do pro-bono work?

Yes we do. But, there's a little catch. We will use this as a development exercise for one of our internees, under the supervision of one of our mentors, to gain experience performing real world penetration testing.

If you're interested in this and meet the requirements (Australian non-profit), please get in touch so we can talk and work out the next availability.

Do you offer internships and if so what's the go?

We certainly do! But we have limited capacity, as we want to make sure there's some decent mentoring.

Interns apply via our common job roles process as advertised. Solve the Capture-the-Flag challenge and we'll have a chat.

How can you allocate 20% or more of your team's time on Research and Development?

Our business model isn't to have everyone on back-to-back delivery. Instead we listen first, and then offer a solution which meets our customers needs using correctly skilled team members.

These same team members tend to enjoy performing R&D, and want to work at a company which encourages curiosity and education. So we guarantee this time.

It just happens to have the nice side effect of continually improving our knowledgebase and quality of service.

I have a really limited budget and need a penetration test performed. Help?

It depends, we try to only focus on high-quality deliverables.

If you're a startup doing something a bit different to the norm (technically different), and are genuinely seeking a firm with more specialised skills to perform a security review - please get in touch and we may be able to offer an initial discount.

Why aren't you XYZ certified?

We don't believe XYZ certification is valuable to our customers or consultants. We like to help by doing things differently (and hopefully better).

Please contact us if you have any questions on data privacy or methodologies.

What do you think of the term "cyber"?

It hurts.

Interested in joining our team?

See Roles