WHO WE ARE
Brace Cyber works with organisations that take cyber risk seriously.
We support founders, boards, and leadership teams where security decisions have real consequences for growth, reputation, and valuation. Not as a compliance exercise, but as a core business concern.
Our role is to bring clarity to complex cyber risk and help organisations make confident, defensible decisions.
What We Do
We are an attacker-led cyber security advisory.
Our work is grounded in how modern attacks actually unfold. We assess, test, and design security programs based on real-world risk rather than abstract maturity scores.
This includes offensive security testing, cyber due diligence, strategy and operating model design, and targeted uplift programs. The outcome is a clear understanding of where you are exposed and what to do about it.
Our Approach
We focus on what materially affects your organisation.
That means prioritising realistic attack paths, business impact, and decision-grade insight. Not exhaustive checklists or volume-based reporting.
If something matters, we go deep. If it doesn’t, we say so.
Our work is practical, opinionated where it needs to be, and designed to be acted on by executives, not just security teams.
Who We Typically Work With
Our clients are usually organisations where the cost of getting cyber wrong is high:
Growing businesses navigating increased scrutiny or regulation
Leadership teams preparing for investment, acquisition, or scale
Organisations selling into high-trust or high-risk environments
Teams that need clarity beyond what internal or IT-led security provides
They come to us when they need confidence, not just coverage.
Meet the Founder
Since a young age I always wanted to know how things worked, pulling things apart to understand them but rarely putting them back together. That's probably what drew me to hacking and cyber security where I could pull apart software, protocols, and security controls - and companies would pay me to do it. It's now been over 15 years since I spun up my first Backtrack VM (IYKYK) and since then I have had a lot of fun working in cyber security - most of which has been REDACTED.
Later on, I moved into the private sector as a offensive cyber consultant leading a team of offensive cyber experts. Companies would hire us to really put their networks to the test. Some of our clients were world-class. Fortified with the latest and greatest tools, security controls, 24/7/365 eyes-on-glass security monitoring, AI detection systems, and any other buzz word you want. Unfortunately for them we usually took over their entire network in a matter of hours (ok sometimes it took a couple days). I'm sure we caused a few grey hairs on IT managers and CISOs. They were shook.
But here's the thing - they were thinking like corporations not like hackers.
That new anti-virus detection system they just deployed? Any attacker worth their ransom has a bypass. The security awareness training that your staff definitely took super seriously and paid heaps of attention to? Great for compliance - useless against an advanced threat. But what about the policies! The stacks and stacks of policies, frameworks, and accreditations? Don't hackers care about those?! You get my point.
So what am I saying? Are we all doomed? Well, no. We just need leaders who REALLY understand cyber security and don't get bamboozled by vendors or flashy reports. You need a trusted advisor who know how hacks works, knows where you should spend your time and resources, and can see straight through the green tick reports that says everything is fine while the server is on fire.
That's what I'm here for.
Samir Ghanem