Case studies
Selected work
A few engagements, described plainly — the situation, what we did, and where it landed. Client names are withheld by agreement.
-
Closing the gaps before a customer’s security review
How we helped a client pass enterprise security due diligence by fixing the gaps that were real rather than papering over them, and getting to a position they could defend.
Read Closing the gaps before a customer’s security review -
DPDP readiness for a business that had quietly accumulated personal data
How we helped an India-based services firm get ready for the DPDP Act by turning consent, retention and breach response into things its systems could actually do.
Read DPDP readiness for a business that had quietly accumulated personal data -
Putting real access controls around a healthcare group’s records
How we helped a healthcare group protect sensitive patient data with access controls, audit trails and data minimisation, sized to a clinical setting rather than a bank.
Read Putting real access controls around a healthcare group’s records -
Shrinking the card-data problem for a growing retailer
How we helped a retailer cut its PCI DSS scope by getting card data out of its own systems, so the assessment matched a business that no longer stored what…
Read Shrinking the card-data problem for a growing retailer -
Making ISO 27001 a way of working, not a binder on a shelf
How we helped a SaaS company implement ISO 27001 as real operating discipline, so the controls described in the certificate were the controls the team actually ran.
Read Making ISO 27001 a way of working, not a binder on a shelf -
Untangling years of accreted access at a manufacturer
How we helped a manufacturer end stale and shared accounts and get back to least privilege, after years of access quietly piling up without anyone tidying it.
Read Untangling years of accreted access at a manufacturer -
Rehearsing the bad day before it arrives
How we helped a fintech turn incident response from an improvised scramble into a rehearsed plan, using a tabletop exercise to find the gaps while it was still safe to.
Read Rehearsing the bad day before it arrives -
Building security into how a product team ships
How we helped a software team fold security into the way they build and release, instead of bolting it on at the end where it slows everyone down and catches…
Read Building security into how a product team ships -
Knowing what suppliers could actually reach
How we helped an e-commerce business get on top of third-party risk by working out what each supplier could actually access, and bringing that access back under control.
Read Knowing what suppliers could actually reach -
Proportionate ransomware resilience for an operations-heavy business
How we helped a GCC logistics operator harden against phishing and ransomware in ways its staff could live with, focused on the few things that decide a bad day.
Read Proportionate ransomware resilience for an operations-heavy business
Talk to us about your project.
A short conversation is usually enough to tell whether we are the right fit for the work. We will be straight with you either way.