Black Shard

About

A cybersecurity firm
that builds.

Black Shard secures software, and we know it from the inside, because we build and run our own. Penetration testing, advisory, compliance, and secure-by-design builds, backed by regulated products live in legal, clinical, and capital-markets settings.

Why we set
this up.

Most security firms have never shipped the kind of software they are asked to test. They read a codebase from the outside, file a report, and move on. The advice is real, but it comes from people who have never owned the consequences of a build.

Black Shard works the other way around. We build and operate regulated software ourselves (clinical, legal, capital-markets) on Azure in Australia. We threat-model it, harden it, and red-team it before anyone else can. That same muscle is what we offer as a service: offensive testing, advisory, compliance, and secure builds.

It means we test the way an attacker thinks and fix the way an engineer builds. The standard is the same whether the system carries our name or a client's.

Builds currently in motion.

A selection of the work running right now, each one a live system, not a pitch deck. Open any of them to see how it was built and what it does today. Others run alongside these that we do not name publicly.

  1. Bold Property Group

    Buyer’s advocacy

    Bold Property Group is the Black Shard buyer’s advocacy arm.

  2. GRM LAW

    Legal

    GRM LAW is a Brisbane law firm. Black Shard built and operates the operations and compliance portal the firm runs on day-to-day.

  3. Aurii

    Clinical software

    Aurii is the Black Shard clinical-software venture.

  4. Restart Recruitment

    Recruitment

    Restart Recruitment is the Black Shard talent venture.

  5. Stone Leaf Capital

    Capital markets

    Stone Leaf Capital is an Australian capital-markets firm. Black Shard was engaged to build the firm's technology, brand, and operating systems.

Plus a number of earlier and parallel builds we keep private.

What we believe.

We secure what we build.
We do not only test from the outside. We build and run regulated software ourselves, so we test the way an attacker thinks and remediate the way an engineer ships.
Verifiable, never overclaimed.
We name one certification because it is the one we hold: SMB1001:2026 Gold, on the public registry. We will not dress up frameworks we self-assess against as audits we have passed.
Compliance-fluent by default.
AFSL, AHPRA, AML/CTF, RG 104. Australian regulatory frames are part of the architecture from day one. We build for the obligations the seat carries.
Honest about what we don’t know.
Reading the operating reality means surfacing what we will need help with, and saying it out loud before the engagement starts.

The firm

The firm, in brief.

Based in
Brisbane. Level 35, 71 Eagle Street, Riparian Plaza, QLD 4000.
What we run
Five active ventures (Bold, GRM, Aurii, Restart and Stone Leaf Capital) each built and operated by the same team.
Certification
SMB1001:2026 Gold, independently issued to Black Shard Pty Ltd (ABN 66 696 910 773).

The story continues in the builds.

Each build is documented as a case study, from the brief we read to the system we shipped to what we are still building.

See the work →Our services