Case Studies

Outcomes, not activity

A selection of recent engagements. Client names withheld by default — we'll share referenceable details in conversation where clients have agreed.

GRC & Compliance

Fintech: SOC 2 Type II in one audit cycle

A payments startup needed SOC 2 to unblock two enterprise deals. Gap assessment to clean Type II report, with evidence automation their team still runs today.

OT Security

Manufacturer: segmenting a connected plant

Post-assessment, we redesigned IT/OT segmentation for a mid-size manufacturer and built a ransomware playbook tested against their actual recovery times.

Offensive Security

SaaS: pentest findings to secure SDLC

Annual pentests kept finding the same bug classes. We moved the fixes upstream — developer training and CI checks cut repeat findings by the following cycle.

These summaries are illustrative placeholders pending client-approved publication. Ask us for relevant references during scoping — we'd rather connect you with a real client than show you a polished logo wall.