Offensive security with real-world impact

We are a specialist cybersecurity consultancy focused on advanced penetration testing, adversary simulation through our unique tabletops software, and strategic defensive services. We go far beyond automated scans to deliver in-depth, intelligence-led security assessments that mirror real-world attack techniques.

Talk to our experts
Our mission is simple: Bringing world-class cybersecurity to Namibia's doorstep.

Namibia’s digital economy is accelerating — and the threats targeting it aren’t waiting for the market to catch up. For too long, organisations across the country have had to choose between expensive international firms and shallow, checkbox assessments that leave real vulnerabilities untouched.

Aphotic Security changes that equation. As Namibia’s first specialist offensive security consultancy, Aphotic brings the same calibre of intelligence-led penetration testing and adversary simulation trusted by enterprises in mature markets — rooted right here, with deep understanding of the local landscape. From cloud infrastructure and application security to AI threat testing and social engineering, Aphotic covers the full attack surface with a depth that the local Namibian market has never had access to before

Meet The Team

Committed to bringing you world-class expertise

Our assessments are led by experienced offensive security professionals with industry-recognised certifications, including OSCP.

Jacob Simmons

Founder

Jacob is an OSCP certified cybersecurity professional and ethical hacker with a BEng in Computer Engineering who transitioned into offensive security to focus on protecting organizations from evolving digital threats. With a strong foundation in penetration testing and cloud security, he brings both technical depth and real-world practical experience to his work. Jacob has shared his insights and research at leading industry conferences, including BSides Cape Town / Johannesburg and the Australian Information Security Association (AISA) conference, and enjoys finding new ways to hack cloud environments.

Lian Aldrich

Founder

Lian is a decorated application security professional holding the OSCP, OSWE, and BSCP certifications, and is a vetted member of the Synack Red Team — an invite-only global collective of the world's top security researchers. He operates on a simple principle: every assumption is a vulnerability, every boundary is temporary. Where others see a dead end, he sees an uninvestigated structure. That mindset drives his work across web application security, source code review, and adversarial simulation and it defines the standard of excellence he brings to every engagement. To Lian, remote code execution is every test's goal.

Frequently Asked Questions

What is penetration testing?

Penetration testing is a controlled security assessment where we simulate real-world attacks against your systems, applications, or infrastructure. The goal is to identify exploitable vulnerabilities, map attack paths, and demonstrate real business impact before a malicious actor does.

Automated scans are software tools (like Nessus, Qualys, or Burp Suite’s scanner) that crawl your systems looking for known vulnerabilities.

Penetration testing is a human-driven exercise where a skilled tester thinks and acts like an actual attacker. The difference matters because real-world breaches rarely happen through a single known vulnerability. They happen through combinations — a low-severity misconfiguration that grants initial access, chained with a privilege escalation, chained with lateral movement through a trust relationship nobody documented.

We design engagements to minimise disruption. Testing is carefully scoped and coordinated with your team, with agreed testing windows and communication protocols.

Where high-risk techniques are required, we always seek explicit approval beforehand.

Black box testing simulates a real-world attack with zero prior knowledge of your systems, and is a good method for external adversary simulation.

White box testing provides the deepest level of security analysis. With full access to your source code, architecture documentation, and network diagrams, our experts conduct a thorough, inside-out examination of your environment. This approach uncovers hidden logic flaws, misconfigurations, and vulnerabilities that surface-level testing simply can’t reach

Grey box testing strikes the ideal balance between depth and realism. With partial knowledge of your systems (such as user credentials or limited architectural details) our team simulates an insider threat or a compromised account scenario. This approach efficiently targets high-risk areas while still reflecting how many real breaches actually unfold.

We’re here to help with that. Planning a security assessment can be a stressful endeavor – contact us for a free scoping call and let’s chat about your organisation’s security.

Our process is fairly simple, because we believe in solving your problems, not creating more:

  1. Contact us for a scoping call where we obtain context of your environment and what kind of testing we’ll be doing
  2. We’ll send through a statement of work (SoW) covering the proposed test, all confidential under an NDA
  3. After you accept the SoW, we’ll communicate project deadlines with you
  4. We’ll pass the project to our dedicated security experts, who will deliver world-class testing and a professional report
  5. Next steps (such as a free retest and remedial assistance) will be planned

We include a free retest with every assessment, alongside a time-boxed remedial assistance day where our experts can advise your team on how best to fix the issues identified, if needed. This offer does not expire, and can be used at any time after the assessment to verify vulnerabilities have been addressed.

The amount of time testing takes varies depending on the type of testing provided. A simple web application could take a few days, while a more complex environment or deeply strategic assessment could span several weeks of effort.