How an
engagement runs.

A short call, then a written scoping document. We agree on what is in and out of scope, what success looks like, what artefacts you will receive, and what we will do if we find something serious mid-engagement. Pricing is fixed-fee or day rate, in EUR, decided before any work starts.

An hour with the technical and business stakeholders who matter to the engagement. Access, tooling, escalation paths, and rules of engagement are confirmed in writing. For red team work, a separate intent-setting session covers what we are emulating and how the blue team is engaged.

A short written status update at the end of each working week. Critical findings are surfaced the day they are found, on a shared channel of your choice, so they can be remediated in flight rather than waiting for the final report. No surprises in the readout.

A written report, written by me, in plain English (and Dutch where useful). Findings are grouped by root cause, not by page number, and prioritised by exploitability rather than CVSS alone. Where applicable, deliverables include detection content (Sigma, KQL, or platform-native) the SOC can deploy directly.

Two summaries by default: a one-page board-level narrative for non-technical stakeholders, and a technical findings report with reproducer steps for the team that will fix things. A live readout is included; a four-colour deck is not.

Pentest engagements include a free retest of fixed issues within 60 days. Advisory and red team engagements include a follow-up call at the three-month mark. I am reachable by email after an engagement ends, within reason, for questions on what was delivered.