We've all seen the headlines.

It doesn't matter what your business is - if you have staff, customers, or intellectual property you are in the information management business.

The security boundary has shifted. It was your network edge. It's now your information edge.

We understand this.

We also understand it is a business problem and not a technical problem.

So while we can help you with your technology, we want to help you with your business.


Protecting the information boundary.

Security Governance

Security Governance is a cornerstone of our practice and we believe strong governance is critical to effective security management.

We can help you with security policy assessment or development.

Our Security Governance services include:

  • Policy gap analysis
  • Policy development
  • Security framework development
  • Define or help establish roles and responsibilities

    For those customers who decide to not resource a CISO or CSO role from internal resources, we offer a specialist virtual CISO or CSO service. This service taps into the capabilities and experiences from across our company to offer you highly qualified, well-reasoned security advisory at an executive level that meets the business focus expected from a role at these levels.


    Our vSecGov service is for those customers who seek to outsource their security governance function in its entirety. This service can be structured to provide all security features including governance, management, monitoring, and advisory. The strength of this service is that is leverages our experiences and provides a service that is most likely wider and deeper than can be resourced internally.

    Threat and Risk Management

    Threat Management

    A well-considered and accurate threat position is essential to a properly calibrated risk position. Without it your organisation may struggle to accurately position itself against its threat profile. It can be difficult to justify security programs and expenditure if you do not understand what you are defending against.

    Our threat intelligence program will help you to understand who and what is interested in your organisation and why they may be interested. You have a need to protect yourself from malware, but you have a greater need to protect yourself from people.

    Our Threat Management services include:

  • Adversary evaluation
  • Asset identification and evaluation
  • Threat Intelligence evaluation
  • Risk Management

    We consider poor risk management as one of the greatest security risks most organisations face. A correctly considered risk assessment is a powerful tool. However, we have seen too many that are cursory, high level, and with a focus on making risks green.

    We have no interest in delivering you a high level risk assessment that informs you of a need for anti-virus. We do have an interest in delivering you a properly considered, justified, and targeted risk assessment that is contextual and calibrated against your threat. We want to help you correctly identify your risks that help you make informed and supported security investments.

    Our Risk Management services include:

  • Risk identification
  • Risk evaluation
  • Risk treatment/mitigation
  • NZISM Certification and Accreditation

    We can help you with all aspects of NZISM and PSR Certification and Accreditation.

    Our Partners hold a deep and long term association with the NZISM - some of us have even written or reviewed parts of earlier releases.

    If you are seeking a security partner that can provide you with a sensible interpretation and implementation of the NZISM, then look no further. We are quite possibly the only security company to have staff who have held positions as system auditors, owners, Certifiers, and Accreditors of systems at all classifications.

    We understand the NZISM.


    For our private sector customers who are less interested in NZISM compliance.

    We can help you to prepare for ISO27001 audit. For those who do not wish to undertake an audit, but do wish to ensure their security practices are aligned, we can undertake an alignment project to identify any gaps, suggest remediation, and help with your organisational security culture.

    Incident Response

    Having set up the National Cyber Security Centre (NCSC) Incident Response capability we have the experience to help you with most incident scenarios that you may face.

    Our services include:

    Incident Response

  • Incident coordination and management
  • Incident investigation
  • Security Monitoring services

  • Advisory

  • Design incident response procedures
  • Review existing processes
  • Security Operations design and review
  • Security Investigation

    Our Directors and staff have extensive experience running security investigations. Between us we have been involved with most kinds of investigations including cyber, fraud, theft, and personnel investigations. We are familiar with judicial processes and evidential requirements.

    Our security investigative services include:

  • Cyber investigations
  • Information theft
  • Network compromise
  • Operational planning
  • e-discovery
  • Forensic Examination

    Digital forensic examination is one of our core services. Our forensic services operate to evidential standards and will meet judicial requirements. Our methods and techniques are drawn from the best of law enforcement and government security experiences.

    Our forensic examination services include:

  • Data collection
  • Computer compromise analysis
  • Data theft analysis
  • Network forensics
  • Malware analysis
  • e-discovery
  • Managed Services


    The secret to successfully managing your security is knowing when things have gone wrong and when incidents have occurred. This requires a monitoring solution that notifies you when required.

    We have partnered with world leading detection technology companies to bring you an international quality security monitoring service based right here in Wellington, New Zealand. We combined our knowledge of adversaries and attack methodologies, and our previous experiences investigating extremely complex and sophisticated attacks with the right technology. We overlayed this with our detection and analysis techniques to bring what we believe is a world leading, cost effective security monitoring service.

    Please talk to us about our vSOC. It could very well be the best security decision you make.

    Why InPhySec

    Our History

    Our backgrounds are drawn exclusively from law enforcement, defence, intelligence and security agencies. All of our directors and consulting partners have engaged in cyber security issues at a global level. Between us we have:

  • Led significant government cyber security initiatives and organisations
  • Investigated and managed extraordinarily complex cyber security events
  • Provided thought leadership to government and industry

  • We have considered cyber security at a macro level and enacted cyber security at a micro level.


    We believe our assembly of cyber and information security specialists is unique within the New Zealand market, and rare in the global market.

    Our people, techniques, and, most importantly, thinking come from the leading edge of cyber security.

    Who We Are

    We have assembled an executive team that is unrivalled in its cyber security expertise and experience. In previous roles our staff have led our national efforts and contributed to international cyber security efforts. We have a clear sense of what can be done, and more importantly what cannot be done.

    As a business advisory, we can help you understand the threat and risks, calibrated to your business, and help you formulate a sensible and appropriate plan to manage these risks.

    Ian Fletcher

    Managing Partner

    Ian is widely known for his role as Director of the GCSB, where he led the organisation through great change, including transforming its legislation and core focus to allow for national cyber defence initiatives.

    Ian's other initiatives may be less well known, but are no less remarkable. He is a highly experienced organisational leader and diplomat, who is highly regarded for his organisational change management work. He has led organisations as diverse as the GCSB, UK Patent Office, Queensland Department of Employment, Economic Development and Innovation, UK Diplomat to Kosovo, and chaired a G8 committee on intellectual property.

    If your governance Board is grappling with cyber security, Ian may be able to help bring the issues into focus and into perspective - and in a business context the board will appreciate. While cyber security is important, Ian understands it is not the only risk your business faces.

    Jonathon Berry

    Consulting Partner

    With over two decades in the military and GCSB security sector leadership, Jonathon has the knowledge and experience to help you develop and achieve an information security program that is proportional to your business needs. Jonathon has led major system security audits and developed remediation programs that have helped organisations measurably improve their security position.

    Jonathon's specialities are Governance, Risk and Compliance with an emphasis on audit to recognised standards such as NZISM or ISO27001.

    Marc Barlow

    Consulting Partner

    With a major in forensic investigation and incident response and a minor in policy development and risk management, Marc will be able to help you understand the technical context within a business risk. Having spent 13 years with the New Zealand Police forensic services and around ten years information and cyber security with the GCSB, including establishing and managing the cyber forensic investigation and incident response capability, Marc has the skills and experiences to help develop an appropriate cyber security program.

    Our Methods

    Our methods are simple. We get to know you, your business, and your (security) needs. We help you achieve these needs. In a way that will enhance your business. We firmly believe security should be an enabler. We don't say 'no'.

    Our Partners

    We have partnered with some genuine world leaders in the security market. Announcements are coming....


    Please get in touch for a no-obligation chat. We would like to get to know you and explore ways we might be able to help.

    Email: [email protected]

    Phone: +64-(0)27-870-0619