Least privilege
Access limited to what scope requires. Credentials under agreed confidentiality terms.
HOW WE OPERATE
We handle sensitive client information and produce security findings. Operational discipline is not optional.
Per engagement
agreed before work starts
We agree this before work begins.
Operating principles
Access limited to what scope requires. Credentials under agreed confidentiality terms.
We request only what the engagement needs. Retention is agreed with a clear why and how long.
Findings documented with assumptions and limitations, usable by engineering and management.
Sigma, MITRE ATT&CK, standard file formats. No opaque proprietary lock-in on outputs.
Every recommendation links to something we actually looked at. No advice without a reason.
Written test agreements before we start. Clear rules for access, evidence, and handover.
Infrastructure controls
Before testing a client environment or handling sensitive materials, we ask: what could go wrong? What must stay confidential? Security discipline applies to how we operate, not only to what we deliver.
Platform controls
Other topics
Privacy
Data & privacy
Data handling per assignment. Clear agreements upfront. You own the outputs.
ReadScope-first
How we work
Clear assignments with fixed outputs. Boundaries agreed before work starts.
ReadOps discipline
How we operate securely
Secure by design, transparent by default. Operational discipline for client data and findings.