Skip to content
Proof, not promises

Every engagement starts with what we found.

Three anonymised case files from our own engagements: the exact vulnerability, what we deployed to close it, and the outcome measured afterward. Filter by your industry to see the closest match.

Case file 01 · Legal

Seven ways in, found before an attacker found them first

A CRA on a practice that believed it was “covered” surfaced seven distinct entry points in under a fortnight — closed inside a six-week Shield onboarding, with no gap left for their insurer to flag at renewal.

Cyber Readiness AssessmentGMAN Shield

Vulnerability found

  • A VPN appliance exposed directly to the internet, unpatched for a known vulnerability.
  • Multi-factor authentication available but not enforced on partner email accounts.
  • Shared administrator credentials on the practice management system.
  • An unmonitored guest Wi-Fi network bridged onto the internal network.
  • Stale user accounts left active for staff who had departed months earlier.
  • No email security layer beyond default mailbox filtering.
  • Backups that ran nightly but had never been test-restored, with no offline copy.

Fixed

  • Replaced the exposed VPN with a hardened, monitored remote-access gateway.
  • Enforced multi-factor authentication firm-wide, with no exceptions for partners.
  • Eliminated shared logins and implemented individual, audited administrator access.
  • Segmented guest Wi-Fi from the internal network entirely.
  • Formalised an offboarding process tied to HR, closing the stale-account gap for good.
  • Deployed a dedicated email security layer and enterprise EDR on every endpoint.
  • Implemented tested, immutable, offline-capable backups on a monitored schedule.

Outcome

7entry points found and closed
14 mowith zero successful breaches since
100%MFA coverage, up from partial
  • Zero successful breaches in the fourteen months since the engagement began.
  • Cyber insurance renewed with no additional conditions for the first time.
  • MFA coverage moved from partial to 100% of accounts within the first month.
  • All seven findings closed inside the six-week onboarding window.

Our previous provider told us we were fine. GMAN IT found seven ways in within a fortnight. We sleep differently now.

Managing Partner, Carlton Lane Legal

A 40-person Melbourne family and commercial law practice. CRA + Shield onboarding completed in 6 weeks. Reference available by request during your assessment.

Get the full case-study PDF

The unredacted teardown — every finding, every fix, the full timeline — sent to your inbox.

Case file 02 · Financial & Accounting

A $40,000 invoice fraud attempt, stopped before the funds moved

A compromised supplier mailbox nearly redirected a routine $40,000 payment. Fortress's email-anomaly detection and a callback-verification policy caught it with zero financial loss.

GMAN Fortress

Vulnerability found

  • A supplier's mailbox had been compromised upstream and was being monitored by an attacker for live invoice threads.
  • No dedicated email security layer — default filtering does not flag a message from a previously-trusted sender.
  • No mandatory out-of-band verification process for bank-detail changes on payments.
  • No log visibility into a mailbox forwarding rule the attacker had quietly planted to monitor the thread.

Fixed

  • Deployed dedicated email security with sender-anomaly detection layered over default filtering.
  • Implemented a mandatory callback-verification policy for any bank-detail change, using independently-sourced contact numbers.
  • Enabled SIEM log monitoring across mailbox rules and forwarding behaviour, not just inbound spam.
  • Ran vCISO-led staff training on business-email-compromise red flags for the finance team.

Outcome

$40Kfraudulent transfer stopped
$0financial loss to the firm
<1 dayfrom detection to full remediation
  • The fraudulent $40,000 transfer was flagged and held before it left the account.
  • Zero financial loss to the firm or its client.
  • The forwarding rule was traced and removed within hours of detection.
  • No further business-email-compromise attempt has succeeded against the firm since.

We were a $40,000 invoice away from a payment-redirection fraud. GMAN IT caught it before the funds moved.

Finance Director, Hargreave & Co. Advisory

A mid-sized Melbourne financial advisory and accounting firm. Detected and contained same business day. Reference available by request during your assessment.

Get the full case-study PDF

The unredacted teardown — every finding, every fix, the full timeline — sent to your inbox.

Case file 03 · Manufacturing

A ransomware dropper contained before it reached the production line

A flat network had IT and operational-technology systems on the same segment when a phishing email delivered ransomware. Segmentation completed months earlier meant the production line never went down.

GMAN ShieldCyber Readiness Assessment

Vulnerability found

  • IT and operational-technology (shop-floor control) systems shared a single, unsegmented network.
  • Legacy Windows machines on the production floor had not received security updates in years.
  • No dedicated email security layer to stop the phishing email that delivered the ransomware dropper.
  • No incident-response plan specific to protecting production continuity during a security event.

Fixed

  • Segmented the network into isolated IT and OT zones, with monitored traffic between them.
  • Deployed enterprise EDR fleet-wide and patched or replaced legacy shop-floor systems where feasible.
  • Layered dedicated email security ahead of the phishing vector that had previously reached staff inboxes.
  • Rehearsed an incident-response plan built specifically around keeping production running during containment.

Outcome

0 hrsof production downtime
<15 minfrom detection to containment
$0ransom paid
  • The ransomware dropper was detected and contained on the office network segment within minutes.
  • The production line recorded zero hours of downtime throughout the incident.
  • The segmentation completed months earlier is the specific control that kept the incident from reaching operational technology.
  • No ransom was paid; no data was encrypted on either segment.

Quiet, precise, and always a step ahead. They feel less like a vendor and more like part of the firm.

Operations Manager, Foundry Works Manufacturing

A regional Victorian precision-manufacturing business running a live production line. Contained in under fifteen minutes. Reference available by request during your assessment.

Get the full case-study PDF

The unredacted teardown — every finding, every fix, the full timeline — sent to your inbox.

Across every file

The pattern never changes: found first, closed fast, proven afterward.

Every case file above started as a Cyber Readiness Assessment. None of the businesses in them knew their exposure until we showed them, in writing, exactly where it was.

0Successful breaches on our watch
<15 minCritical-incident response
0%Client retention

Your case file starts with an assessment. Not a guess.

The Cyber Readiness Assessment finds your own vulnerabilities in ten business days — credited toward your first year if you go further with us.