Red Bridge Cyber sells one thing: scanning and plain-English reporting. Everything else on this page is a relationship we do not earn money from — and we would rather over-disclose than have you wonder.
01What we refer out
Some customers need work we explicitly do not do. For three categories of work, we maintain a small, vetted list of independent Australian providers and will introduce a customer on request:
- Full penetration testing. When a customer genuinely needs a full penetration test — active exploitation, not our outside-only reconnaissance — we refer them to independent Australian pen-testing firms.
- Compliance and governance assessments. ASD Essential Eight, ISO 27001, NIST CSF, SMB1001, or ISM assessments — or an ongoing governance and advisory engagement — go to independent Australian cybersecurity consultancies.
- Managed security operations. Security Operations Centre, 24/7 monitoring, and incident response go to independent Australian MSSPs.
We do not accept referral fees, kickbacks, or revenue share from any of those firms — ever. Referrals are made on the basis of past delivery quality only, not on any commercial arrangement. We do not publish the list: it is small, it changes as delivery quality changes, and a named directory would read as an endorsement product, which it is not. If you need an introduction, contact us and we will connect you directly.
02No affiliate links
There are no affiliate or referral-revenue links anywhere on this site — not on marketing pages, not in Improve articles, and not in a customer scan report or PDF snapshot.
So in simple terms — never.
When we link to a product or service, it is because we think the link is useful, and for no other reason. Nobody pays us for placement, and we receive nothing if you click through or sign up.
This is deliberate. Plenty of free scanning tools fund themselves by upselling the fixes for the problems they report. Our findings stay credible only if no recommendation in them can earn us a commission.
03Services we use and may link to
Three organisations come up in our own infrastructure and in Improve articles often enough to deserve a standing disclosure. We use them, we recommend them on merit, and we may link to them in Improve articles — never in the core product or in customer reports:
An Australian cybersecurity firm providing vulnerability management as a service for organisations that need ongoing, vendor-independent governance of their public attack surface. VMAAS is a related party — see the disclosure below.
An Australian domain registrar and web host. We use VentraIP for some of our own infrastructure and have found it consistently well-suited to Australian small businesses. We are not part of any VentraIP affiliate or reseller program.
A global DNS, CDN, and web-security provider. We use Cloudflare in our own infrastructure and frequently reference it in articles about DNS, DNSSEC, and performance. We are not part of any Cloudflare partner or reseller program.
No data-sharing arrangements exist with any of them. If you choose to engage one of these organisations, any data you provide is provided by you, directly to them — we share nothing. Our Privacy Policy stands in full.
04Related-party disclosure
Our founder, Adam Burgess, is a director of VMAAS Australia Pty Ltd and holds a financial interest in that company. This is the one exception to the arms-length rule everywhere else on this page, so we state it everywhere it could matter — on our About page, and here.
VMAAS and Red Bridge Cyber address different problems: VMAAS sits in the regulated, governance-heavy end of the market; Red Bridge Cyber sits at the small-business end. We do not refer to VMAAS inside scan reports or findings. If we ever suggest VMAAS to a customer whose needs sit in that space, we flag the related-party interest at the time of the referral — you will never discover it after the fact.
05Free tools we cite
We acknowledge and link to MXToolbox, SSL Labs, Google PageSpeed Insights, Mozilla Observatory, and securityheaders.com in our findings where they make sense. We have no commercial relationship with any of them. They are independently operated and we receive nothing for the references.