Round the Clock
Security.
RTCS is an independent Australian cyber security consultancy. From offensive testing to advisory, compliance, cloud, and round-the-clock monitoring: every service delivered in-house, every byte kept onshore. Perth-founded. Australian owned.
We've Got Your Cyber Security Sorted
No matter how big or small your organisation, or what challenges you face, with RTCS you can rest easy knowing your cyber security is sorted.
View All ServicesGet Real Security Guidance From Real Security Experts
We deliver the lot ourselves: offensive testing, advisory, compliance, and the IT work most consultancies palm off. Your security shouldn't be quietly subcontracted to a stranger.
Hands-on network, web, API and social engineering testing by someone who finds real bugs for a living. Clear findings, ranked by business impact.
Manual and tool-assisted review that finds the logic, auth and data-handling flaws scanners can't see, with fixes your developers can apply.
Shipping AI features or adopting LLMs? We test how they break, from prompt injection to data leakage, and advise on adopting AI safely.
Essential Eight maturity assessments and uplift roadmaps, plus ISM, PSPF and ISO 27001 advisory. Practical, evidence-backed and audit-ready.
Fractional security leadership for organisations without a full-time CISO: strategy, board reporting, roadmaps and policy, scaled to what you need.
Azure, Microsoft 365, Intune and Entra ID assessed and hardened against CIS Benchmarks, ACSC guidance and Microsoft Secure Score.
Security built into the architecture from the start. Review and design for new systems, cloud migrations and legacy uplift, aligned to the ACSC ISM.
Worried your MSP isn't keeping you secure? We give you an impartial review with nothing to resell, plus IT strategy and roadmaps.
Most businesses have backups. Far fewer have tested that they restore. We design your recovery and test it, before you need it.
And Plenty More
Everything below is delivered in-house too. Tap any service for the detail, and if your problem isn't here, that's exactly the conversation worth having.
Tell Us Your Problem.
Whatever your security or IT challenge, get in touch and we can help.
Straight Answers
What cyber security services does RTCS offer?
We're an independent, Perth-based consultancy. Services include penetration testing, source code review, AI security, Essential Eight and compliance, vCISO advisory, security architecture, Microsoft and cloud security, incident response, and IT services like strategy, projects, and disaster recovery. Everything is delivered in-house, and all work is performed onshore.
Do you offer penetration testing in Perth?
Yes - it's one of our core services. We test networks, web applications and APIs, cloud configurations, and run social-engineering and physical assessments, from Perth and nationally. Every engagement is conducted under a signed authorisation agreement, and you get findings your team can act on.
What is the Essential Eight, and can you help us comply?
The Essential Eight is the ACSC's set of eight baseline mitigation strategies. We deliver maturity assessments, gap analysis, and uplift roadmaps to help you reach Maturity Level 1, 2, or 3 - and our compliance advisory also covers the ISM, PSPF, and other Australian government frameworks.
What is a vCISO, and do you provide one?
A vCISO (virtual Chief Information Security Officer) is experienced security leadership on a fractional or part-time basis. We cover security strategy, board reporting, policy, roadmap planning, and regulatory liaison - at a fraction of the cost of a full-time hire. Available as a retainer, interim, or project engagement.
Do you help with Microsoft Azure security and CIS Benchmarks?
Yes. We assess and harden Azure, Microsoft 365, and Intune against CIS Benchmarks, harden Entra ID, review Microsoft Defender configuration, and lift your Secure Score - as one-off assessments, remediation projects, or an ongoing posture review.
Do you offer 24/7 incident response?
Yes. We handle incident response ourselves, from readiness (plans, playbooks, tabletop exercises) through to hands-on response, and we can provide staffed 24/7 monitoring for continuous coverage. We also map your notification obligations under the NDB scheme, SOCI Act, and sector regulators.
Are you genuinely Australian-owned, and where does our data go?
Yes - RTCS is independent and Australian-owned, based in Perth and available nationally. All work is performed onshore with zero offshore data transfer, and we'll put that commitment in the engagement contract.
Which compliance frameworks do you support?
The ACSC Essential Eight, ISM, PSPF, SOCI Act, Privacy Act 1988 and the NDB scheme, ASD Cloud Controls, ISO 27001, NIST CSF, IEC 62443 for OT, and PCI DSS. Where formal certification requires an accredited external body (for example a PCI QSA), we get you ready and they certify.
Do you test mobile apps?
Yes. We test iOS and Android apps end to end: insecure data storage, the APIs behind the app, authentication, session handling, and certificate pinning. Findings are mapped to the OWASP Mobile Top 10 and scored by severity, with clear remediation advice and an optional re-test.
What is attack surface management, and do we need it?
It is the ongoing job of finding everything you have exposed to the internet before an attacker does: forgotten subdomains, exposed admin panels, stale cloud storage, and shadow IT. We map your footprint, monitor it for change, and alert you to new exposure. If you have grown quickly, run cloud, or have never had a full external review, you almost certainly need it.
What makes RTCS different from a large consultancy?
You work directly with the person doing the testing. The work is grounded in real offensive experience, including paid vulnerabilities reported to some of the largest companies in the world, and every finding is written plainly enough for your board and specifically enough for your engineers.
How much does an engagement cost?
It depends on scope, and we are upfront about it. Most work is quoted as a fixed-scope engagement, so you know the cost before we start, with retainers available for ongoing work. Tell us what you are trying to achieve and we will scope it honestly, including telling you if you do not need what you think you need.