Services
Four practice areas, all delivered at a senior level. Engagements are taken selectively; I work with a limited number of clients at a time to ensure full attention on every project.
Pricing is discussed per engagement. Get in touch to talk about your needs, scope, and timeline.
Hands-on security assessments that go beyond surface-level scanning. Each engagement is scoped to your environment and delivered with a full written report covering exploitable findings, attack paths, and actionable remediation guidance.
Coverage
- Web applications and APIs
- Mobile apps: iOS and Android
- Cloud configuration and security review (AWS, GCP, Azure)
- Internal network and infrastructure
- Authentication, authorization, and session management
- Business logic and application-layer vulnerabilities
What you get
- Full written report with executive summary
- Detailed technical findings with reproduction steps
- Prioritized remediation guidance
- Proof-of-concept where applicable
- Debrief call to walk through findings
Focused advisory sessions for when you need senior security expertise applied to a specific problem — a critical architecture decision, a threat model, a risk question, or direction on your security program. One-off or ongoing.
Good fit for
- Engineering and product teams making security-sensitive architecture decisions
- Founders and CTOs building security into a product from the ground up
- Security practitioners who want peer-level input on a specific challenge
- Teams preparing for a compliance process or security audit
Topics
- Architecture and design review
- Threat modeling
- Risk assessment and prioritization
- Security program direction
- Pre-engagement scoping and preparation
A security-focused manual review of application source code to identify vulnerabilities that automated tooling misses — logic flaws, authentication weaknesses, injection vulnerabilities, cryptographic misuse, and more.
Coverage
- Authentication and authorization logic
- Input validation and injection vulnerabilities
- Session management and token handling
- Cryptographic implementation and secrets management
- Security-sensitive business logic
- Third-party library and dependency risks
Good fit for
- Teams building security-critical features (payments, auth, healthcare, finance)
- Startups wanting security assurance before launch
- Engineering teams after major refactors or new integrations
- Pre-audit preparation for SOC 2, PCI DSS, or similar
Structured mentoring for security practitioners at any stage — whether you're breaking into offensive security, developing technical depth in a specific area, or working through a career decision. Honest, direct, and focused on what actually moves the needle.
What we can work on
- Breaking into offensive security from adjacent roles
- Building depth in web, mobile, or cloud security
- Interview preparation for security engineering roles
- Career direction and growth planning
- Understanding specific techniques, tooling, or concepts
Format
- Regular 1:1 sessions: structured or flexible
- Goal-setting and progress tracking
- Async support between sessions where appropriate
- Honest feedback, no motivational fluff