Five engagements,
one consultant.

Problem

You have a web application, an internal network, a cloud tenancy, or a mobile app, and you need an honest, actionable view of what an attacker could do to it. Not a compliance tick; a technical report you can hand to the team who will fix it.

Engagement

Scope is defined in writing against the specific asset. Most pentests run for one to three weeks of active testing plus a week of reporting. Findings are surfaced daily on a shared channel so critical issues can be fixed in flight; the final report groups findings by root cause rather than by page number.

Deliverables

• Executive summary (one page)
• Technical findings report with reproducer steps
• Remediation guidance prioritised by exploitability, not CVSS alone
• Retest of fixed issues within 60 days, included

Problem

You have mature defences and want to know how they hold up against an adversary already inside your perimeter. Assumed breach, objective-driven, measured against both your preventive and detective controls.

Engagement

Starts with an intent-setting session: who are we emulating, what does 'success' look like, and what do we do if the blue team spots us. Usually a four-to-eight-week operation from initial foothold to documented impact, with deliberate pause points so your SOC can learn alongside the activity rather than only from the after-action report.

Deliverables

• Pre-engagement scoping document and rules of engagement
• Weekly written status during active phases
• Full kill-chain narrative with timestamped artefacts
• Sigma / KQL / Splunk detection rules for each technique used
• Joint debrief with the blue team

Problem

You are about to make a large design decision (a new cloud region, an identity consolidation, a zero-trust rollout) and you want a second pair of eyes before the money is committed. Or you inherited an environment and need an honest view of where the weak joints are.

Engagement

Document review plus two to four working sessions with the engineers responsible. I write against what you actually have, not against a reference architecture. The deliverable is a short, opinionated report: what is solid, what is brittle, what would I change, and in what order.

Deliverables

• Written architecture review (20–40 pages)
• Prioritised remediation backlog
• Target-state diagram (if useful; not by default)
• One board-level summary

Problem

You are standing up an in-house security operations capability, or rethinking one that has grown unruly. You want help designing it with a view on the next three years, not the next quarter's tool renewal.

Engagement

Advisory, not build-out, grounded in having designed and run a SOC platform end to end — a 700+ rule, ATT&CK-aligned detection stack with automated triage. I work with your team on detection coverage, tool rationalisation, staffing model, on-call, shift structure, and the handful of decisions that quietly determine whether a SOC is useful or expensive theatre. I do not resell products and I take no kickbacks.

Deliverables

• Target operating model document
• Detection coverage map against MITRE ATT&CK
• Tool rationalisation recommendation with vendor-neutral reasoning
• Staffing and on-call proposal

Problem

You want a named responder on call, familiar with your environment, who will pick up at 2am on a Sunday and be useful within the first thirty minutes, not spend the first three days getting access.

Engagement

A modest monthly retainer that covers onboarding (environment access, runbook review, tabletop once a year), guaranteed response-time SLAs, and a pre-agreed hourly rate for the incident work itself. Retainer fees are credited against any incident work billed in the same year.

Deliverables

• Retainer agreement with named SLAs
• Access and tooling validated during onboarding
• Annual tabletop exercise
• During an incident: coordination, containment guidance, written findings