About
I'm a hands-on security leader with deep experience across Application Security, Infrastructure Security, SOC/SIEM, DevSecOps, and fraud prevention. I've built security programs from zero twice and delivered a major turnaround of a stalled security program.
As CISO at inDrive, I built and led a 20-person security organization responsible for an ecosystem processing 3.5 million deals per day across 46 countries. I launched Bug Bounty, SOC, and achieved ISO 27001.
Currently serving as deputy CISO at 01.Tech, leading a 40-person security department. I rebooted the AppSec program, transformed the penetration testing function into a red teaming model, and built an anti-fraud capability from scratch.
I'm a frequent conference speaker with 18 public talks on secure development, DevSecOps, and security team management. I share practical knowledge — no marketing, no fluff.
Services
Expert cybersecurity services tailored to your business needs
Offensive Security & Testing
Identify vulnerabilities before attackers do
What We Do
We systematically attack your web applications using the same techniques malicious actors employ. Testing covers the full attack surface: authentication, authorization, injection flaws, broken session management, insecure data handling, API vulnerabilities, and business logic bypass. We don't just find issues—we demonstrate working exploits so you understand the real risk.
For Whom
SaaS companies, fintech platforms, any organization with customer-facing or internal web applications. Especially critical pre-launch or before handling sensitive data.
Deliverables
- Detailed vulnerability assessment with proof-of-concept exploits
- CVSS scoring and business risk mapping for each finding
- Executive summary with remediation priorities
- Technical remediation guidance for development teams
- Retest after fixes to confirm resolution
Timeline
4-8 weeks depending on application scope and complexity
What We Do
We execute targeted phishing campaigns, pretexting, physical security tests, and other social engineering vectors against your organization. The goal is to measure how effectively your team detects and reports threats, and where your process breaks down when an attacker exploits human trust.
For Whom
All organizations. Social engineering is the entry point in 70%+ of breaches. Critical for regulated industries (finance, healthcare) and organizations protecting high-value assets.
Deliverables
- Custom phishing campaign results with engagement metrics
- Physical security assessment report (if applicable)
- Pretexting test results showing resistance and vulnerabilities
- Security awareness training gaps analysis
- Remediation roadmap with metrics to track improvement
- Baseline for future repeat assessments
Timeline
4-6 weeks including campaign execution, data collection, and analysis
What We Do
We scan and analyze everything exposed to the internet: firewalls, VPNs, mail servers, web servers, DNS, cloud infrastructure, and any external-facing systems. We identify outdated versions, missing patches, weak configurations, and credential exposure—the low-hanging fruit attackers scan for automatically.
For Whom
Any organization with internet-facing infrastructure. Particularly important for companies that haven't done this in 12+ months or after significant infrastructure changes.
Deliverables
- Complete inventory of internet-facing assets
- Vulnerability scan results with severity ratings
- Configuration weakness analysis (weak ciphers, deprecated protocols)
- Patch management recommendations
- Quick-win remediation list (addressing 80% of risk with 20% effort)
- Retest after initial remediation
Timeline
2-4 weeks depending on infrastructure size and complexity
What We Do
We perform comprehensive open-source intelligence gathering to find credentials, API keys, internal documentation, source code snippets, and sensitive data exposed through GitHub, Docker Hub, S3 buckets, archives, employee social media, and other public sources. We identify what attackers already know about your infrastructure.
For Whom
All organizations, especially those using cloud services, open-source repositories, or with high developer velocity. Essential before you discover your data the hard way.
Deliverables
- Complete inventory of exposed sensitive data by source
- Assessment of exposure scope and time exposed
- Credentials found and verification of validity
- Recommended remediation (rotate keys, make repos private, update policies)
- Process improvements to prevent future leaks
- Quarterly monitoring engagement option
Timeline
2-3 weeks for initial comprehensive assessment
What We Do
We gain a foothold on your internal network and systematically attempt to access high-value targets: domain controllers, databases, sensitive file shares, and crown-jewel systems. This tests your segmentation, detection capabilities, and whether you can stop an attacker who's already inside your perimeter.
For Whom
Organizations with complex internal networks, sensitive data repositories, or high-value intellectual property. Essential if you maintain 'trust everything inside the network' architecture.
Deliverables
- Map of network segmentation and identified bypass opportunities
- Enumeration of high-value targets and privilege escalation paths
- Proof of access to crown-jewel systems
- Evidence of detection (or lack thereof) by security monitoring
- Detailed lateral movement playbook showing attack progression
- Segmentation and detection improvement recommendations
Timeline
3-6 weeks depending on network complexity and access level provided
What We Do
Our security engineers review your source code for logic flaws, unsafe cryptographic practices, injection vulnerabilities, and intentional backdoors. We analyze dependency chains for known vulnerabilities and high-risk packages. This catches what automated scanners miss and what malicious actors or compromised dependencies might have introduced.
For Whom
Software vendors, companies handling sensitive data processing, financial systems, healthcare applications, and organizations concerned about supply chain or insider threats.
Deliverables
- Comprehensive vulnerability audit with code examples
- High-risk dependency analysis with remediation paths
- Unsafe pattern identification (crypto, data handling, authentication)
- Secure coding recommendations by module/component
- Severity-based remediation timeline
- Secure code review process recommendations
Timeline
4-12 weeks depending on codebase size and complexity
What We Do
We audit smart contracts for reentrancy flaws, integer overflows, access control bypasses, and logic errors that can result in fund loss or protocol compromise. We assess the security of token mechanisms, oracle integration, and cross-chain bridges. This is specialized—not every penetration tester has blockchain expertise.
For Whom
DeFi protocols, NFT projects, blockchain infrastructure providers, and organizations integrating crypto functionality. Anyone deploying smart contracts to production.
Deliverables
- Smart contract code audit with vulnerability mapping
- Gas optimization and efficiency review
- Access control and privilege model assessment
- Oracle and external dependency risk analysis
- Economic security analysis for token mechanics
- Testnet validation and production deployment recommendations
Timeline
3-8 weeks depending on contract complexity and total lines of code
What We Do
This is a multi-phase engagement where we operate as a persistent attacker: reconnaissance, initial access, establishing persistence, lateral movement, data exfiltration, and maintaining access over weeks or months. We test your detection, response, and recovery capabilities against a realistic, sustained threat—not a two-week penetration test.
For Whom
Large enterprises, critical infrastructure operators, organizations with mature security programs, and those that have 'passed' traditional pen tests but want to test real operational security. Requires board-level buy-in and executive coordination.
Deliverables
- Multi-month attack narrative with all techniques employed
- Detection coverage analysis (what you caught, what you missed)
- Incident response effectiveness assessment
- Evidence collection showing what forensic artifacts remain
- Security team capability gaps in detection and response
- Strategic recommendations for detection/response improvement
Timeline
8-16 weeks for meaningful operational red team engagement
Compliance & Governance
Meet regulatory requirements with practical approaches
What We Do
We help you design and implement controls to meet certification requirements, prepare documentation auditors expect, and structure evidence collection. We've managed certifications at scale—this isn't theoretical. We ensure you're building controls that actually work, not just theater for auditors.
For Whom
Organizations pursuing ISO 27001, PCI DSS, SOX compliance, or other certifications. Includes preparation guidance, mock audits, and remediation planning.
Deliverables
- Gap assessment against certification standard
- Control design recommendations and implementation guidance
- Documentation templates aligned to auditor expectations
- Evidence collection and organization strategy
- Mock audit to identify remaining gaps
- Auditor interaction strategy and remediation planning
Timeline
6-12 months depending on current state and certification scope
What We Do
We assess your data handling practices against GDPR requirements, design data protection impact assessments, establish breach notification procedures, and ensure appropriate consent mechanisms. This covers the regulatory reality: GDPR enforcement has teeth, and fines reflect your negligence.
For Whom
Any organization processing data from EU residents. Especially companies that haven't completed a GDPR assessment or whose privacy practices are outdated.
Deliverables
- GDPR compliance assessment and gap analysis
- Data inventory and processing mapping
- Data Protection Impact Assessment (DPIA) framework
- Privacy policy and consent mechanism review/redesign
- Breach notification and incident response procedures
- Vendor/processor contracts and data agreements
- Data subject rights fulfillment procedures
Timeline
3-6 months for comprehensive program design and implementation
What We Do
We audit your security processes by examining what people actually do versus what your policies say. We test access request approval, change control enforcement, incident response execution, and whether monitoring is generating actionable intelligence. Written controls mean nothing if they're not followed.
For Whom
Organizations with security programs that aren't delivering expected results, or those required to demonstrate effective control execution for auditors/regulators.
Deliverables
- Assessment of all key security processes and procedures
- Evidence of actual control execution (or deviation from policy)
- Effectiveness gaps in detection, response, and recovery
- Metrics showing control performance over time
- Recommendations for process improvement and automation
- Tracking dashboard for ongoing compliance monitoring
Timeline
6-8 weeks depending on number of processes and organization size
What We Do
We evaluate your fraud detection systems, financial controls, transaction approval workflows, and audit trail integrity. This is about whether your payment systems, accounting, and approval chains can resist insider manipulation or systematic fraud schemes.
For Whom
Financial institutions, payment processors, organizations with high-volume transactions, and companies concerned about insider threats or payment fraud.
Deliverables
- Audit trail integrity and non-repudiation analysis
- Segregation of duties assessment (approval, execution, reconciliation)
- Transaction monitoring and anomaly detection effectiveness
- Controls preventing duplicate/unauthorized transactions
- Reconciliation procedure review and testing
- Fraud risk heat map with mitigation recommendations
Timeline
4-8 weeks depending on system complexity and transaction volume
Strategic Advisory
Expert guidance for critical security decisions
What We Do
We advise executives and boards on security strategy aligned to business objectives, not security theater. This includes risk appetite definition, security investment prioritization, incident response readiness, and building board-level security literacy. We translate between security technical reality and business decision-making.
For Whom
CISOs, CFOs, CEOs, and boards seeking to make informed security decisions. Organizations adjusting risk appetite after an incident or entering a new market.
Deliverables
- Security strategy aligned to business objectives and risk appetite
- Multi-year security investment roadmap with ROI framing
- Board-level security reporting framework and metrics
- Incident response and crisis communication planning
- Regulatory risk assessment and mitigation strategy
- Executive security briefings and scenario planning
Timeline
Ongoing advisory engagement; typical initial projects 8-12 weeks
What We Do
We review your overall system architecture for security properties: network segmentation, data flow controls, cryptographic implementation, identity and access management, and resilience to disruption. Poor architecture means no amount of tactical fixes work. We identify architectural flaws early when they're still fixable.
For Whom
Organizations planning major system redesigns, growing rapidly, or operating systems where architecture decisions constrain security (cloud migrations, legacy modernization).
Deliverables
- Current state architecture assessment and security mapping
- Threat model identifying attack paths and architectural weaknesses
- Segmentation and access control architecture recommendations
- Cryptography and key management architecture design
- Identity and privilege management architecture
- Reference architecture for future systems
Timeline
6-10 weeks for comprehensive architecture assessment
What We Do
We assess your security organization's structure, hiring needs, skill gaps, and effectiveness. This includes evaluating whether your CISO (if you have one) is building the right capabilities and setting realistic security direction. We provide honest assessment, not just flattery.
For Whom
Companies without security leadership or unsure if their CISO is effective. Organizations scaling security from a few people to a department. Companies questioning whether security investment is delivering results.
Deliverables
- Security organization assessment and effectiveness evaluation
- Capability gap analysis and hiring roadmap
- CISO effectiveness assessment (if applicable)
- Security team structure and responsibilities design
- Recruitment strategy and role descriptions
- Metrics framework for measuring security team performance
Timeline
4-8 weeks including interviews and assessments
What We Do
Before you buy from a vendor or integrate their service, we assess whether they'll introduce unacceptable risk. This includes code review for third-party libraries, security questionnaires that actually matter, assessment of vendor practices, and supply chain risk evaluation.
For Whom
Organizations evaluating critical vendors (SaaS platforms, development libraries, cloud services, payment processors). Essential before integrating dependencies or signing major vendor contracts.
Deliverables
- Security questionnaire assessment and vendor response evaluation
- Third-party code/component security assessment
- Vendor security practices and incident history review
- Integration security risk analysis
- Vendor contract security requirements and liability language
- Risk rating and recommendation
Timeline
2-4 weeks per vendor assessment
What We Do
Sometimes you need an outside expert to validate whether an internal security position is sound, break deadlocks between stakeholders, or challenge assumptions. We provide honest, no-politics assessment of security decisions.
For Whom
CISOs and security leaders seeking validation or fresh perspective. Organizations where internal security and business stakeholders disagree on priorities. Boards wanting external confirmation of security direction.
Deliverables
- Assessment of proposed security decision or strategy
- Risk analysis and recommendation
- Alternative approaches with trade-offs
- Implementation considerations and timeline
- Validation or challenges to internal position
Timeline
1-3 weeks depending on complexity
What We Do
We help you build defenses against insiders: privileged account management, data exfiltration detection, activity monitoring with appropriate privacy balance, and response procedures. This isn't about surveillance—it's about detecting when trusted people do harmful things.
For Whom
Organizations handling sensitive data, trade secrets, or classified information. Financial institutions and defense contractors. Companies that have experienced insider incidents.
Deliverables
- Insider threat risk assessment and threat modeling
- Privileged access management program design
- User and entity behavior analytics (UEBA) strategy
- Data exfiltration detection controls
- Monitoring and alerting framework (with privacy/legal guardrails)
- Investigation and response procedures
- Privacy-aware monitoring implementation roadmap
Timeline
8-12 weeks for comprehensive program design
Engineering & Operations
Security integrated into your development and operations
What We Do
We help you build security into development: threat modeling before coding, static/dynamic analysis in the pipeline, secure code review practices, secure dependency management, and deployment security. This prevents vulnerabilities from reaching production instead of finding them during penetration tests.
For Whom
Software development organizations, product teams, and companies where security vulnerabilities in products create liability. Any team wanting to shift left on security.
Deliverables
- Threat modeling templates and process guidance
- Secure coding standards and code review process
- Toolchain assessment and SAST/DAST implementation guidance
- Dependency scanning and supply chain risk management
- Security testing automation in CI/CD pipeline
- Security metrics and velocity tracking
- Developer security training program
Timeline
6-10 weeks for process design and tool integration
What We Do
We design and implement perimeter security monitoring: network flow analysis, intrusion detection, firewall log aggregation, and alerting for attack signatures. This covers early-stage attacker reconnaissance, exploit attempts, and malware communication.
For Whom
Organizations with internet-facing infrastructure wanting to detect attacks before they penetrate deeper. Companies missing visibility into what attackers are trying.
Deliverables
- Network flow capture and analysis infrastructure
- IDS/IPS configuration for your network environment
- Firewall log collection and analysis
- DDoS detection and response procedures
- Alert tuning to balance detection and false positives
- Threat intelligence integration
- SOC team procedures for monitoring interpretation
Timeline
4-8 weeks for implementation and tuning
What People Say
How I Work
Discovery
Understanding your business, assets, and threat landscape
Execution
Hands-on security improvements with minimal disruption
Results
Measuring outcomes and continuous improvement
Public Talks
Conference presentations and industry talks
Let's Talk Security
Share your project details and I will get back to you with next steps.
What Sets Us Apart
Vetted Professionals
Every team member has 5+ years of hands-on industry experience. No juniors learning on your systems.
Focused Practice
We take on a limited number of clients by design. We're not building a large firm, so there's no pressure to over-scale — your budget funds expertise, not corporate overhead.
Reliability
Clear communication, defined deliverables, and accountability at every stage of the engagement.
Made with Care
Every engagement is approached with genuine expertise and dedication. Security crafted by people who care.
Frequently Asked Questions
Pricing depends on scope, complexity, and timeline. After an initial consultation, I provide a detailed proposal with fixed-price or time & materials options. Every engagement starts with a clear statement of work.
It varies by service type. A penetration test typically takes 2-4 weeks. A compliance readiness assessment takes 4-8 weeks. Strategic advisory engagements can be ongoing. I'll give you a realistic timeline during our first conversation.
Every engagement includes a detailed written report with executive summary, technical findings, risk ratings, and actionable remediation steps. For compliance work, you also get policy templates and implementation roadmaps.
You work directly with me — a senior practitioner with 12+ years of hands-on experience, not a junior consultant. I've built and led security programs at companies processing 3.5M transactions daily across 46 countries. Boutique approach means faster turnaround and deeper expertise.
I work with startups and mid-market companies (50-5000 employees) across tech, fintech, e-commerce, and SaaS. Whether you need your first penetration test or a complete security program, I adapt the approach to your size and maturity.