Cases
Specific, anonymised, honest.
A small set of recent engagements, told as short factual narratives. Client identities are withheld; the problems, approaches, and outcomes are as they happened.
Assumed-breach red team against a Dutch financial services firm
Six-week adversary emulation starting from a single compromised workstation. Reached domain dominance and demonstrated access to a production payment system, then worked with the client's blue team on the detection gaps that let it happen.
NIS2 readiness assessment for a mid-market industrial manufacturer
A three-week gap analysis and twelve-month roadmap for a manufacturing business suddenly in scope of the Dutch Cyberbeveiligingswet. Translated a dense legal text into a prioritised set of things their small IT team could actually do.
SOC architecture review for a regional telco
A four-week review of an in-house security operations centre: what they were detecting, what they were missing, and where consolidation of six overlapping tools would free up two analysts' worth of capacity.
Your situation probably rhymes with one of these.
Happy to talk about it, the first call is short and costs nothing.