INTELLIGENCE—LEDSECURITYENGINEERING
A small group of operators, engineers and analysts working alongside security teams to design defensible systems, build durable detection, and respond when it matters. No theatre, no dashboards for their own sake.
- > OBSERVE — collect signal
- > ORIENT — model the system
- > DECIDE — weigh the risk
- > ACT — engineer the fix
- > REVIEW — close the loop
Security Architecture
Reviewing and shaping the underlying systems — identity, network, data paths, trust boundaries — so security decisions hold up under real load and real adversaries, not just on a diagram.
BRIEF USDetection & Response
Building detection that reflects how your environment actually behaves: tuned content, honest signal-to-noise, runbooks engineers will follow, and a response posture that survives the first bad night.
BRIEF USAI-Augmented Operations
Applying language models and automation where they pay off — triage, correlation, summarisation — without handing critical judgement to a system that cannot be held accountable.
BRIEF USQuiet competence,
applied to hard problems.
We grew up inside SOCs, red teams and platform groups. We have shipped detections at 3 a.m., rewritten broken IAM models, and sat through the post-mortems. That experience is the product. The owl is just the badge.
Study how attackers actually move. Design controls that survive contact.
Write it down. Version it. Ship it. Security as code, not as memo.
Telemetry, baselines, post-mortems. Decisions traceable to data.
Tools serve the analyst. The analyst owns the call.
- MAY 18, 2026Authorization at scale with OPA: lessons from productionOPAAUTHZZERO TRUST
- MAY 10, 2026A detection pipeline that survives Monday morning: Suricata, ClickHouse, SigmaDETECTIONPIPELINESSIGMA
- MAY 02, 2026Hardening AWS accounts: the checklist we wish existedAWSHARDENINGCLOUD
Tell us what you're trying to protect and where it hurts. We'll tell you honestly whether we can help.