Dan Frayn

Director (Governance, Risk & Compliance)
Dan spent 12 years in the London information security scene before moving to New Zealand to focus on Governance, Risk and Compliance.
Talk to an expert
Highlights

Career highlights

Proven security allrounder with detailed technical knowledge from on premises networks to cloud and everything in between, capable of distilling complex security issues down to real world impacts for business stakeholders. His previous roles cover a wide variety of disciplines including Security Operations, Solution Architecture, IT Security Management, IT Programme Management, Security Strategy and Compliance. He has spent the last 5 years at Bastion primarily helping government agencies streamline their assurance processes to deliver a greater efficiency while simultaneously improving assurance practices and risk management. Outside of work, you are most likely to find him out on a hiking trail, up a mountain or running along the Wellington waterfront in the morning.

Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server - (CVE-2026-12620)
During a security engagement, Leo Diamat discovered that the GridTime 3000 GNSS Time Server web application transmitted session access tokens via URL query string parameters on multiple endpoints.
Cross-Site Scripting (XSS) Vulnerability on Several Endpoints by Utilising Cross-Site Request Forgery (CSRF) in GridTime™ 3000 GNSS Time Server - (CVE-2026-12619)
During a security engagement, Leo Diamat discovered that multiple endpoints in the GridTime 3000 GNSS Time Server web application were vulnerable to reflected Cross-Site Scripting (XSS) via an unsanitised token parameter.
PHP-FPM (PHP Source) - Stored Cross-Site Scripting (XSS) (CVE-2026-6735)
During a security engagement, Conrad Draper discovered a stored XSS vulnerability in the PHP-FPM status endpoint which was due to a lack of input sanitisation of the request URI. This affects the request URI when displaying stored content.
Discover our services

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness and sharpens their instincts.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making.