Built around the operator. Not the audit committee.
Cyber Toolbox is a co-ordination platform for the team running incidents and exposures. Pre-built playbooks, a defensible activity log, and the kind of clarity you only appreciate at 02:00.
Why the platform looks the way it looks
The hard part of cyber response isn't writing the playbook — it's the seven open tabs, the chat thread, the spreadsheet, and the SharePoint that no one updates. Cyber Toolbox collapses that into one workspace.
Incidents and exposures share the same shell. The activity log is append-only. The playbook version is recorded against every case. The audit trail isn't a side-effect — it's the database.
Built around the operator.
A tired incident commander at 02:00 needs to find the next thing to do without thinking. Every UX decision is judged against that bar.
Co-ordination is the product.
The hard part of incident response isn't writing the playbook — it's the seven open tabs, the chat thread, the spreadsheet, and the SharePoint that no one updates. We collapse that into one workspace.
Tenancy you can't bypass.
Row-level security means the application can't leak data across tenants even with bugs. Every new table inherits the same uniform policy template.
Meet Christopher Lloyd
Founder
Christopher Lloyd
Christopher is a cybersecurity practitioner with operational experience across the full incident lifecycle — from detection and triage through containment, recovery, and post-incident review. He's worked under the kind of pressure that puts theory aside: regulatory clocks ticking, stakeholders asking questions, decisions that have to land.
He started Cyber Toolbox because the tooling didn't fit the work. Teams were juggling spreadsheets, SharePoint, a chat channel, and a regulator's clock during the most consequential hours of their professional lives. Cyber Toolbox is the workspace he wished existed when the alert landed.
Now he builds and runs the platform from Aotearoa, working with security teams who take co-ordination seriously — teams that want a defensible record, a single source of truth, and a way to prove the programme is working. His approach is straightforward: co-ordination over heroics, defensible by design, outcomes over activity.
What we stand for
Co-ordination over heroics
When the alert lands, the team that wins isn't the one with the best individual — it's the one with the best workspace. We build for the team, not the hero.
Defensible by design
Append-only logs, version-locked playbooks, RLS-enforced tenancy. The audit trail is the database — not a side-effect of it.
Symmetric workspaces
Incidents and exposures live in the same workspace shell. Operators running both shouldn't feel like they're using two products.
Outcomes over activity
Hours logged don't matter. A verifiable close, a defensible record and a credible trend line do. We measure what we ship.
Why New Zealand
Cyber Toolbox is built and operates from Aotearoa (New Zealand). We work with security teams across the region and globally — teams that expect integrity, pragmatism, and a workspace that respects their time.
Being remote-first means we ship fast and stay close to operators. The product improves because the people who use it tell us what hurt at 02:00.
We serve organisations that take security seriously. Teams that know that co-ordination matters more than the policy in the binder. Teams building real capability.
Ready to see Cyber Toolbox under load?
Book a 30-minute demo and we'll walk through the workspace — declaration to closure — using a real scenario.