Financial services
FFIEC, PCI DSS, SOC 2 — banks, fintech, insurers, advisors.
Industries
Sectors we serve.
Regulated, high-stakes, and adversary-facing. These are the sectors where manual testing and governance depth actually move the needle.
Industries
Regulated. Adversary-targeted.
We work with organizations where a bad security outcome is a regulatory event, a contract loss, or a patient-safety incident. That shapes how we write the report.
Healthcare
HIPAA, HITECH — hospitals, clinics, payors, health-tech platforms.
Legal & professional
Client confidentiality, privilege, matter-level data controls.
Public sector & education
CJIS, FERPA — state, municipal, higher-ed, K-12 districts.
Manufacturing & OT
IT/OT segmentation, CIS for ICS, Purdue model realities.
SaaS & technology
SOC 2 Type II, bespoke threat models, customer-facing reports.
Energy & utilities
NERC CIP, operational technology, vendor risk at the edge.
Retail & hospitality
PCI DSS 4.0, in-store network segmentation, franchise risk.
Start here
Let's scope your next engagement.
A 30-minute scoping call is how most engagements start. No sales theater — you talk to the senior operator who would actually run the work.
- No high-pressure follow-up
- Scoping notes delivered within 24 hours
- NDA available before the call