What I Do
Focused engagements. No subcontracting. Deliverables that reflect how the work was actually done.
Penetration Testing
Network, web application, and cloud-focused assessments conducted against defined scope and rules of engagement. Deliverables include a full findings report with evidence, CVSS scoring, MITRE ATT&CK mapping, and actionable remediation guidance. Not a scan-and-report shop -- engagements involve manual exploitation and chain analysis where applicable.
Adversary Simulation
Goal-oriented attack operations designed to test your detection and response capability, not just your perimeter. Simulations are built against your specific threat landscape using real TTPs, custom tooling, and threat intelligence. Findings are mapped to detection gaps and response timelines, not just vulnerabilities.
Digital Forensics & Incident Response
Memory forensics, disk imaging and analysis, malware triage, and timeline reconstruction. IR playbook development and tabletop exercises to prepare teams before incidents occur. On-call support available for active incidents requiring forensic analysis.
Detection Engineering
SIEM query development, IOC tuning, honeypot deployment, and deception infrastructure design grounded in MITRE ATT&CK. Built to catch actual adversary behavior, not generic noise. Includes false positive analysis and detection coverage mapping.
Cloud Security Review
AWS-focused architecture and configuration review. IAM policy analysis, least-privilege enforcement, VPC segmentation, CloudTrail audit logging, and S3 access hardening. Deliverables include a prioritized finding list with remediation steps specific to your environment.
All engagements are scoped individually. If you have a specific need that doesn't fit cleanly into the above, reach out anyway. Most of the interesting work doesn't.