About Cliffside Cybersecurity

Security that starts
with honest assessment.

2014

Founded in Sydney

250%

Growth in 2 years

~30

Years global experience

100%

Assessment-first

Why Cliffside?

The edge between opportunity and catastrophe.

Adri has always been drawn to cliffs. Not despite the danger — because of it. There is something about standing at the edge, where the view is breathtaking and the fall is fatal, that captures exactly what it means to run a business in the modern threat landscape.

A cliff is not just beautiful. It demands respect. To stand there and watch a sunrise, you have to manage the risk of the ground beneath you. Step carelessly, and the same place that offered you that view becomes the thing that ends you. The line between reward and catastrophe is not wide — it is a single, careful step.

That is what cybersecurity is, when done properly. Not fear. Not theatre. Not a checkbox. A clear-eyed understanding of where you actually stand, what the real risks are, and what it genuinely takes to stay safe while still moving forward. The businesses that thrive are the ones that stand at the edge with confidence — not because they ignore the drop, but because they understand it.

Cliffside was built to be that partner. Founded in 2014, and grown 250% in the last two years, we work with organisations across financial services, energy, government, healthcare and education — not with predetermined answers, but with honest assessment and practical advice that reflects where you actually stand.

The frustration that drove Adri to start the firm was always the same: security vendors arrived with a proposal before they understood the problem. The assessment was theatre. The recommendation was inevitable. Cliffside exists to do the opposite — and it always will.

Adri Leite

CEO & Founder

Adri has spent nearly three decades on both sides of the security equation — as a global cybersecurity manager for a major European corporation, embedded in the Visa payment network across South America, and as a trusted adviser to countless Australian organisations in government, financial services, energy, education and beyond. Having lived the client side of security decisions, he brings a clarity that most consultants can't: he knows what a board actually needs to hear, not what a technical team wants to say.

Off the clock, Adri is still somewhere in the Middle Ages — probably being ambushed in Age of Empires II. He is passionate about mentoring the next generation of cyber professionals and hosts Cliffside's free fortnightly sessions on our YouTube channel (opens in new tab).

Global cybersecurity manager — European multinational

Visa payment network security — South America

ISO 27001 Lead Auditor since 2008

Security architecture & vCISO practice lead

APRA CPS 234 & Essential Eight practitioner

Free fortnightly mentoring on YouTube

The team

Practitioners. Not presenters.

Cliffside is recognised for its commitment to security and quality — not just by our certifications, but by the people behind every engagement. We combine deep technical seniority with fresh thinking, and we approach every client with the same brutal honesty that defines the firm.

Having been on the client side gives us a holistic view of what a cyber priority looks like for a business — not just for the techies. Every recommendation we make is grounded in that perspective: what actually matters to the organisation, not what looks impressive in a report.

🏛

Security architects

Decades of hands-on architecture experience across cloud, hybrid, OT/IT, financial services, and critical infrastructure environments.

📋

ISO 27001 consultants

Certified lead auditors and implementers who have guided organisations through ISO 27001, 27002, and 42001 across multiple industries.

🔍

Interns & rising talent

Fresh eyes, sharp minds and a genuine eagerness to question assumptions. Our intern programme is part of the mentoring commitment we make to the industry.

🛡

Pen testers & red teamers

OSCP, CREST CRT and OSCE-certified testers who find what attackers would find — and explain it in plain language that the board can act on.

What we stand for

Six things we never compromise on.

Honest assessment

We tell you what we find, not what we think you want to hear. If you don't need something, we'll say so — even if it costs us a sale.

Independent advice

We partner with leading vendors — but if their product isn't right for you, we'll say so. Our recommendations are based on your environment and your risk, not margin or commission.

Business alignment

Security should serve the business. Every recommendation is tied to a real business outcome — not a checklist item or a compliance box.

Genuine partnership

We work alongside your team, not over them. We share knowledge, build capability, and leave your organisation stronger than we found it.

Practical outcomes

Beautiful frameworks that can't be implemented are worthless. We focus relentlessly on what can actually be done with your resources and constraints.

Community investment

We run free mentoring sessions every fortnight. Helping the next generation of security professionals isn't charity — it's the right thing to do.

Certifications & credentials

Qualified where it matters.

Cliffside is an ISO/IEC 27001 certified consultancy. Our team holds industry-recognised certifications across offensive security, governance, cloud platforms, and compliance frameworks.

Offensive Security & Testing

OSCP

OSCE

OSWE

OSWP

CREST CPSA

CREST CRT

Governance & Risk

ISO 27001 Lead Auditor

ISO 27001 Lead Implementer

CISSP

CISM

CEH — Certified Ethical Hacker

Cloud & Platform

Microsoft Azure Security

AWS Security Specialty

Microsoft 365 Security

Compliance Frameworks

APRA CPS 234 Specialist

Essential Eight Assessor

NIST CSF Practitioner

Partnerships

Strategic technology partnerships.

Microsoft

Cliffside is a Microsoft partner, enabling us to deliver deep expertise across Azure security, Microsoft 365, Defender, Intune, Entra ID, and the broader Microsoft security ecosystem.

Vanta

As a Vanta partner, we combine hands-on consulting expertise with compliance automation — helping organisations achieve ISO 27001, SOC 2, and other certifications faster.

Cybereen

We use Cybereen's Australian-built GRC platform to streamline compliance assessments across APRA CPS 234, Essential Eight, ISO 27001, and other frameworks.

Find us

Based in Sydney.
Working Australia-wide.

Our team is headquartered in Sydney's CBD, working with organisations across New South Wales, Victoria, Queensland, and beyond. We also support clients with Australian operations from international offices.

Address Level 1, 66 King Street, Sydney NSW 2000

Phone (02) 8916 6389

Hours Mon – Fri, 9am – 5:30pm AEST

Level 1, 66 King Street
Sydney NSW 2000

What clients say

Measured in outcomes, not proposals.

I feel like I've got a great cybersecurity team when I've got Cliffside. They leave no stone unturned.

Leah Christiansen — Security Manager, DeltaPAE

Cliffside has been our preferred partner for Security Architecture and Consulting services. Their ability to provide us with highly qualified architects on short notice has allowed us to manage a frequent surge in demand, delivering high quality security deliverables for large business programs involving external regulators like APRA.

Head of Security Architecture — Financial organisation

I cannot thank you enough. The team were amazing. I was 100% transparent in all aspects, which initially threw them off, but I was glad, as they provided excellent insight. This is the type of audit I have been wanting for, and we did not get this with our previous provider.

Head of Cybersecurity — NSW Government Agency

What really sets Cliffside apart is their collaborative approach. They're always available to answer questions, help us solve problems, or discuss the latest security news.

David Luchi — Head of Information Security, Australia's Largest Retail Group

Cliffside was engaged to test a health services LLM. Setup was smooth, the testing ran on time and within budget, and we had a clear report within days. The team went beyond standard OWASP style checks and developed custom tests specific to LLM risks. We would recommend them without hesitation.

Tim Glover — Healthcare organisation

Cliffside helped us move from ad hoc training to a planned campaign with clear metrics. Staff behaviour has shifted and we have better visibility of our human risk.

CTO — International Recruiting Agency

Read the DeltaPAE case study →

Ready to work
with us honestly?

Start with a free Lighthouse Assessment. No sales theatre, no predetermined recommendations — just an honest look at where you are and what you actually need.

Book your free assessment →See our client results

Security that startswith honest assessment.