~/services

How I can help your team.

Three focused services, built around the same idea - finding what attackers would find before they do. Pick the right starting point below, or book a call if you're not sure where to begin.

01 · pentesting

Penetration testing

Web, API, internal and external. Manual exploitation backed by clear, actionable reports.

Learn more →
what's included
  • Executive summary
  • Technical findings report
  • Retest after fixes
Typical: 2–4 weeks
02 · iso27001

ISO 27001 consulting

Build and audit your ISMS. Bureau Veritas certified, hands-on with documentation and controls.

Learn more →
what's included
  • Gap assessment
  • SoA & documentation
  • Internal audit reports
Typical: 3–6 months
03 · advisory

Security advisory

Ongoing consulting for teams without a full-time security hire. DevSecOps and architecture reviews.

Learn more →
what's included
  • Monthly retainer hours
  • On-call Slack access
  • Quarterly reviews
Typical: ongoing
~/process

Every engagement, in four steps.

From the first call to the final report.

01

Discovery

Free 30-min call to understand what you're working on.

02

Scoping

Clear scope, timeline, and fixed quote - usually within a week.

03

Engagement

The actual work, with weekly updates and a shared Slack channel.

04

Delivery

Final report, debrief call, and a free retest where applicable.

Not sure which service fits?

Book a free 30-minute call. We'll figure it out together.

Send a message →