Contact us

Security engineering · Australian small to mid-market

Get the security you're already paying for.

RG Labs is a boutique security engineering firm for the Australian small to mid-market. We start with the Microsoft stack most organisations already own — then engineer the wider controls that matter: EDR, vulnerability management, application control, network policy. Project-based. We implement, tune and hand over. No ongoing management, no lock-in.

Start a conversation View engagements
Microsoft-led, multi-vendor by design Fixed-scope projects, defined hand-over Senior engineers only

01 · Approach

Implement, tune, hand over.

We're engineers, not a managed service. We design and deploy your controls, tune them to your environment, document everything, and train your team to run them. You keep the keys.

01

Assess

A short, honest look at what you own, what's actually configured, and where the real exposure sits — against Essential Eight, CPS 234, ISO 27001 or PCI-DSS.

02

Engineer

Design and deploy the controls — Microsoft-first, multi-vendor where it's the right tool. Migrations, build-outs, policy uplift, done properly.

03

Hand over

Documentation, runbooks and knowledge transfer so your team operates it confidently. Optional time-boxed advisory if you want a hand later — never a lock-in.

02 · Capabilities

Tools are interchangeable. Judgement isn't.

Microsoft is the anchor — it's the stack the Australian small to mid-market already owns. Around it, we engineer the controls that matter, choosing the right platform for your environment — never to satisfy a partner quota, and never kept if a better fit exists.

  1. Endpoint & XDR

    We run both platforms in production and migrate either direction without coverage gaps — and when staying put is the right call, we'll say so.

  2. Application control

    The highest-leverage Essential Eight control — and the one most often abandoned halfway. Default-deny only works when it's tuned to the business, not against it.

  3. Identity, devices & data

    The perimeter is an identity now. Conditional Access is the policy engine; Intune and Purview make it enforceable on every device and every document.

  4. SIEM & detection

    A SIEM either earns its ingest bill or becomes very expensive storage. We onboard the sources that matter, cut the rest, and leave detections your team can read.

  5. Vulnerability management

    Deliberately scanner-agnostic. The tool is a fifth of the outcome — the operating model that closes findings is the rest. We build both.

  6. Network & access

    Firewall and secure-edge policy that reflects how the business actually works — reviewed, rationalised and documented, not accreted.

  7. Cloud & AI security

    Copilot is arriving whether security is ready or not. We make sure your data boundaries hold before the rollout — posture, governance and monitoring included.

Already invested in a platform? We work with what you have. We choose tools by fit, not by partner quota — and if someone else is better placed, we'll tell you.

03 · Engagements

Fixed scope. Defined finish.

Productised projects with a defined start, end and deliverable. We scope it, build it, document it and hand it over — then your team runs it.

Best starting point

Security Posture Assessment

A clear-eyed read on what you own, what's actually configured, and where the real exposure sits — benchmarked against the Essential Eight and your regulatory drivers.

Typical2–3 weeks
You getWritten report + prioritised remediation roadmap

EDR Migration & Uplift

Move or modernise endpoint detection without coverage gaps — Defender ↔ CrowdStrike, assessment through to cutover, both agents handled cleanly.

Typical4–8 weeks
You getDesign, migration & runbooks

Application Control Rollout

Default-deny, done right. ThreatLocker or WDAC allowlisting from pilot to enforcement, tuned so it stops threats without stopping the business.

Typical4–6 weeks
You getPolicy set, rollout plan & handover

Vulnerability Management Program

From scan noise to a program that actually closes risk. Qualys, Tenable or Rapid7 deployed with the process and reporting to keep the backlog down.

Typical6–10 weeks
You getDeployment, operating model & reporting

Sentinel & SIEM Onboarding

See the right signals and cut the rest. Log source onboarding, tuned detections and hunting queries across Microsoft and SaaS sources.

Typical3–6 weeks
You getConnected sources + tuned detections

Copilot & AI Security Review

Adopt Microsoft 365 Copilot without opening holes. Purview, Conditional Access and monitoring set up so AI access respects your data boundaries.

Typical2–3 weeks
You getRisk review + control set

04 · Why RG Labs

Built for delivery, not for billing hours.

Boutique by design — senior engineers with deep enterprise experience, working directly with your team. No account-manager layer, no offshore handoffs, no managed-service lock-in. Just controls, engineered and handed over.

90%
vulnerability backlog reduction delivered on a national enterprise program
5 vendors
production delivery across Microsoft, CrowdStrike, Qualys, Palo Alto and ThreatLocker
Senior-only
direct access to the engineers doing the work

Certified to the depth the work demands: CISSP · CCSP · Microsoft AZ-500 · CompTIA Security+ & CySA+

05 · Where we focus

The Australian small to mid-market.

Big enough that security matters. Lean enough that nobody owns it full-time. That's where we do our best work.

  • 50–2,000 staff — established operations, lean security headcount
  • Microsoft E3 or E5 already on the books, rarely fully deployed
  • No full-time security architect — and no appetite to hire one yet
APRA CPS 234Banking, insurance & superannuation
Essential EightACSC maturity uplift
ISO 27001Certification & audit readiness
PCI-DSSPayments & cardholder data

06 · Contact

Let's talk.

If you're paying for security tooling and aren't sure you're getting your money's worth, that's the conversation to start.

Replies come from an engineer, not a sales team.