04 · Cybersecurity

Defend like you knowthe attacker isalready inside.

CEH-certified engineers who approach every system with an attacker's mindset. Zero-trust architecture, threat detection, IAM, cloud security hardening, and compliance readiness — security baked in from the first line of infrastructure.

Start a project Explore capabilities

mountsmy — security · threat-monitor

[ SIEM ] Real-time threat monitoring — ACTIVE

─────────────────────────────────────

✓ IAM audit complete — 0 over-privileged roles

✓ GuardDuty — 0 active threats detected

✓ Vault — all secrets rotated < 24h ago

─────────────────────────────────────

⚠ Unusual login attempt detected

IP: 185.220.x.x User: api-svc-account

Geo: Unknown Method: SSH brute-force

→ Auto-blocked via Security Group rule

→ Alert dispatched to PagerDuty #P-2841

─────────────────────────────────────

✓ Incident contained in 14 seconds

✓ Zero lateral movement detected

✓ Compliance evidence logged → SOC2

01 / Zero Trust & IAM

Trust nothing. Verify everything.

We architect zero-trust networks where every request is authenticated and authorised regardless of origin. No implicit trust — not from inside the network, not from privileged accounts.

Zero-trust network design with micro-segmentation and mTLS
IAM least-privilege policies and separation of duties
Multi-factor authentication (MFA) across all systems and services
Privileged Access Management (PAM) with just-in-time access
SSO with SAML / OIDC — Okta, Auth0, Azure AD integration
HashiCorp Vault for dynamic secrets and credential rotation
Service account auditing and quarterly access review automation

Identity & Access Management

Every identity mapped, every permission justified, every access logged. IAM policies reviewed quarterly with automated drift detection.

AWS IAMOktaHashiCorp VaultMFASSO

Zero Trust Architecture

Network micro-segmentation, mTLS between services, and per-request authorisation. Assumes breach and limits blast radius by design.

Micro-segmentationmTLSOPAFalcoIstio

02 / Cloud Security & Compliance

Cloud posture continuously hardened.

Cloud misconfiguration is the leading cause of breaches. We run automated posture management, CIS benchmark hardening, and compliance readiness across AWS, GCP, and Azure.

AWS GuardDuty, Security Hub, and Config for cloud posture management
CIS Benchmark hardening for Linux servers (RHCSA-certified engineers)
Container image scanning in CI/CD (Trivy, Snyk, Aqua Security)
SIEM setup with log aggregation and real-time threat correlation
SOC2 Type II and ISO 27001 readiness engagement end-to-end
GDPR data mapping, consent flows, and Data Processing Agreement drafting
Security incident response plan, runbooks, and tabletop exercise facilitation

SIEM & Threat Detection

Centralised log collection, anomaly detection, and automated alerting. Real threats surfaced in seconds, false positives suppressed.

SIEMSplunkELKGuardDutyWazuh

SOC2 & ISO 27001 Readiness

Full compliance journey — gap assessment, control implementation, evidence collection, and auditor prep. We've done this before.

SOC2 Type IIISO 27001GDPRPolicy Drafting

How we work

From brief to live — our 4-step process

Every engagement follows the same rigorous process so there are no surprises — just outcomes.

Step 01

Security Assessment

Threat model, attack surface mapping, IAM audit, and cloud posture review. Delivered as a prioritised risk register.

Step 02

Hardening Plan

Control-by-control remediation roadmap mapped to your compliance framework. Signed off before implementation begins.

Step 03

Implement & Test

Zero-trust architecture deployed, SIEM configured, and pen testing executed to verify effectiveness of all controls.

Step 04

Monitor & Certify

Ongoing SIEM monitoring, quarterly access reviews, and compliance evidence collection for your next audit cycle.

Defend like you knowthe attacker isalready inside.

Trust nothing. Verify everything.

Cloud posture continuously hardened.

Every tool we actually use

From brief to live — our 4-step process

How exposed is your stack?