My Services

I offer a range of specialized services designed to solve complex challenges in security, infrastructure, and automation. My approach is hands-on, deeply technical, and tailored to your specific context—whether you’re a startup, a scale-up, or a global enterprise.

🔐 Offensive Security & Penetration Testing

Go beyond automated scans with in-depth, manual security assessments that simulate real-world attackers. I provide clear, actionable reports and support your team through remediation.

• Web Application & API Pentesting: In-depth testing of REST and GraphQL APIs, single-page applications, and complex business logic using Burp Suite Pro, OWASP ZAP, and custom scripts.
• Authentication & Authorization Review: Expert analysis of complex auth flows, including OAuth 2.0, OpenID Connect (OIDC), SAML, and JWT implementations.
• Infrastructure & Network Pentesting: Internal and external network assessments, firewall rule-set review, and vulnerability analysis using tools like Nmap, Metasploit, and Nessus.
• Secure Code Review & Threat Modeling: Static analysis (SAST) and architectural reviews to identify security flaws before they reach production.
• CVE-Quality Vulnerability Research: Targeted research projects to uncover zero-day vulnerabilities in your core products or third-party dependencies.

⚙️ Systems Engineering & Infrastructure Security

Build and maintain secure, resilient, and observable infrastructure grounded in industry best practices and years of hands-on administrative experience.

• Linux & OS Hardening: System hardening for Linux, and BSD-based servers, including secure configuration of services, firewalls (iptables/nftables), and kernel parameters.
• Secure CI/CD & DevOps: Auditing and securing automation pipelines (GitLab CI, GitHub Actions) and containerized workflows (Docker, Docker Swarm).
• High Availability (HA) Architecture: Design and implementation of fault-tolerant systems using technologies like HAProxy, GlusterFS, and Galera Cluster for databases.
• Monitoring & Logging: Setup and administration of monitoring stacks like ELK, Nagios, and Prometheus for proactive threat detection and performance analysis.

🧪 Custom Tooling, R&D, and Automation

For problems that require a unique solution, I design and build bespoke tools, scripts, and frameworks.

• Custom Automation Scripts: Development of scripts in Python, Bash, or Hy (LISP) to automate security testing, system administration, and complex data processing tasks.
• Bespoke Tool Development: Building internal tools, API integrations, and proof-of-concept applications, leveraging frameworks like FastAPI and Django.
• UTMS Deployments: Custom implementation of the Universal Time Modeling System to help founders and teams achieve radical productivity through programmable, AI-assisted time management.

🔬 Specialized Research & Hardware Hacking

I take on unconventional R&D projects that fall outside the scope of typical consulting.

• Reverse Engineering: Analyzing binaries and applications using Ghidra, Radare2, and x64dbg to understand their functionality and find security weaknesses.
• Firmware & Embedded Device Analysis: Extracting and analyzing firmware from IoT and embedded devices using tools like binwalk to identify hidden vulnerabilities.
• Mobile Security: Auditing Android applications and systems, including analysis of rooted/custom ROM (LineageOS) environments.
• Hardware & Radio Hacking: NFC/RFID analysis (Proxmark3), HID emulation (Teensy), and SDR-based sniffing for specialized physical and wireless assessments.

Have a unique challenge or an edge case that doesn’t fit a standard service? I build solutions for hard problems. Let’s talk about it.