01
Practitioners, not resellers
We carry no product quota and no vendor allegiance. The only thing we sell is judgment, so every recommendation is the one we would make for ourselves.
Resilience at every layer
Cyber resilience as a business advantage.
We partner with leadership teams across APAC to turn security from a cost line into an operating edge: advisory, offensive testing, compliance, and a 24/7 managed SOC.
01 Who we are
Forged in the US & EU. Delivered across the region.
Unmewt is a team of security engineers, ethical hackers and former heads of security who spent their careers attacking and defending organizations at both ends of the spectrum: Fortune 500s, banks, telcos and exchanges, and the startups moving fastest. That work spans Indonesia, Singapore, Malaysia, Australia, Hong Kong, the US and Europe.
We brought that bench together for one reason: most companies don’t need more checklists. They need people who’ve actually done the work, can read risk in business terms, and stay until the posture genuinely improves.
02
Offense informs defense
Our team has spent careers breaking into systems legally. We secure yours the way attackers actually approach it, not the way a checklist imagines it.
03
Measured, not assumed
Coverage tests, detection metrics, and KPIs your board can read. If an improvement can’t be demonstrated, we don’t call it an improvement.
Certified, not just certifying.
Our own operations are certified to ISO/IEC 27001:2022 by BSI (certificate IS 833676), covering the delivery of our consulting and managed security services. Our consultants audit to the same standard as certified ISO 27001 Lead Auditors.
Team credentials
CISSP · CCSP · ISSAP
ISC2
OSCP · OSEP · OSWE
OffSec
CISM · CISA
ISACA
ISO 27001 Lead Auditor
ISO/IEC
Registered SMPI Implementor
BSSN
Sectors we’ve supported FintechBankingTelcoHealthcareCryptoInsuranceManufacturing
02 What we do
From first assessment to fully-run operations.
Advisory & vCISO
01Board-level strategy, run by people who’ve owned the seat.
Security strategy and roadmaps, risk management, policy design, threat modelling, vulnerability management, cloud security, data protection and crisis preparedness, delivered at the altitude your leadership needs.
Offensive security
02We test like real adversaries, then close what actually matters.
Penetration testing, red teaming, source code review, smart-contract audits, phishing simulation, cloud posture review and hardening checks, with findings ranked by exploitability rather than page count.
Compliance & certification
03Certifications that fall out of real security. No theater.
ISO 27001:2022, SOC 2, PCI-DSS, OJK/POJK, Komdigi, PDP, NIST CSF, MAS TRM and HIPAA. We build the controls first; the certificate becomes the receipt.
Security engineering & build
04We implement what we recommend, then automate what we implement.
Zero-trust and IAM rollouts, SIEM, EDR and DLP implementation, security automation and AI-assisted tooling, secure SDLC and DevSecOps pipelines, software supply-chain hardening, plus securing the AI features you ship. For fully-run 24/7 operations, there’s Cid.
01
Penetration testing & red team
Web, mobile, API, network, cloud, social engineering
02
Cloud security posture
IAM, network and workload review on AWS, GCP, Azure
03
Secure SDLC & supply chain
Code review, smart-contract audits, SAST/DAST, SBOM
04
vCISO & strategy
Roadmaps, budgets, board reporting, hiring plans
05
Certification readiness
ISO 27001:2022, SOC 2, PCI-DSS end-to-end
06
Regulatory compliance
OJK/POJK, Komdigi, PDP, MAS TRM, NIST, HIPAA
07
Security engineering
Zero-trust, IAM, SIEM/EDR rollout, AI-assisted tooling
08
People & awareness
Executive briefings, developer training, phishing drills
03 Track record
7
Markets served: ID, SG, MY, AU, HK, US, EU
15+
Certifications across the senior bench, from offense to audit
2M+
End users behind networks we’ve secured
100%
Vendor-neutral, with no products to push
“They made our risks impossible to ignore, and fixing them impossibly easy.”
04 Our product
Operations live
Meet Cid. Security operations that never sleep.
Our AI-first, human-in-the-loop managed SOC. AI agents triage every alert in seconds; senior analysts make every call that matters. 24/7, hosted in your region.
Suspicious sign-in · impossible travel
Identity · 02:14 WIB
Phishing campaign · 41 recipients
Email · 03:02 WIB
Lateral movement attempt
Endpoint · 03:07 WIB
In the lab
Coming soon Autonomous penetration testing, in closed development.
05 Common questions
Questions we hear from security leaders.
What does Unmewt do?
Unmewt is a practitioner-led cybersecurity firm serving the APAC region. We provide advisory, vCISO services, implementation guidance, offensive security services, compliance and certification support, and Cid, an AI-first, human-in-the-loop managed SOC. Our work is built on US and EU methodology and proven delivery for both Fortune 500s and startups.
What is a vCISO, and when do you need one?
A vCISO (virtual CISO) is a senior security leader engaged part-time to own your security strategy, manage risk, and report to the board, without the cost of a full-time executive hire. Most companies bring one in when security has become business-critical but doesn’t yet justify a full-time CISO solving questions in multiple spaces including risk management, compliance woes, secure development, market expansion and much more. Unmewt provides vCISO services across APAC, run by people who have held the seat.
What can Unmewt cover in the red teaming category?
We provide penetration tests covering web, mobile, API, network/infra & cloud. In addition we also cater towards a full red-team engagement, finding not only technical but also behavioral, physical and psychological gaps in your organization. Findings are ranked by real exploitability rather than scanner output, and testing is performed by OSCP, OSEP and OSWE-certified specialists that have conducted red team engagements globally. Our engagements also satisfy ISO 27001 and PCI-DSS penetration testing requirements.
What is a security maturity assessment?
A security maturity assessment is a structured review of your security posture against our four-level model (at risk, improvement needed, optimizing, and cyber resilient), mapped to frameworks like NIST CSF and ISO 27001. It produces a heatmap of where you stand across people, process and technology, plus a prioritized roadmap to close the gaps that matter most.
What is a managed SOC, and how is Cid different?
A managed SOC (MSSP) delivers 24/7 security monitoring, detection and response as a service, so you don’t have to build an in-house team. Cid is Unmewt’s AI-first take: AI agents investigate every alert in seconds with written reasoning, senior analysts own the escalations that matter, and everything is hosted in your region. It typically costs a fraction of an in-house 8-12 analyst rotation.
Which regions and industries does Unmewt serve?
Unmewt is APAC-focused, with methodology built from US and EU practice. We serve markets including Indonesia, Singapore, Malaysia, Australia and Hong Kong, across fintech, banking, telco, healthcare, crypto, insurance and manufacturing, for organizations ranging from Fortune 500s to fast-growing startups.
Is Unmewt certified?
Yes. Unmewt’s own operations are certified to ISO/IEC 27001:2022 by BSI (certificate IS 833676), covering our consulting and managed security services. Our consultants hold CISSP, CCSP, ISSAP, OSCP, OSEP, OSWE, CISM, CISA and ISO 27001 Lead Auditor certifications, along with BSSN registration.
06 Contact
Hey! We’re ready when you are.
Start with a thirty-minute conversation: no deck, no hard sell, just an honest read on where you stand.