// SERVICES

Pentest, advisory & mentorship.
Done right, done with care.

A small consultancy practice. I take on a limited number of engagements at a time so each one gets senior attention end-to-end — no junior handoffs, no scope drift, no surprises.

Request scoping & quote See methodology See pricing
// 01 — Offerings

Four engagement types.

Each one tailored to scope, but built on the same disciplined process and the same single point of contact: me.

01
Pentesting
Web, API, mobile, thick client, network (external + internal), cloud config review, AI/ML & agentic systems, secure code review.
from $60/hr
02
vCISO
Fractional security leadership — policy, posture, roadmap, vendor & risk management, incident readiness, board reporting.
monthly retainer
03
Security Advisory
Ad-hoc & project-based advisory — architecture reviews, threat modelling, secure-by-design input, program-design consults.
hourly & project
04
1:1 Mentorship
Personal mentorship for testers, bug-bounty hunters & AppSec engineers — career, technical depth, certifications, interviews.
per-session
// 02 — Pricing

Pentest pricing.

Hourly rate depends on the testing surface. Every engagement includes the full set of inclusions listed below — there are no surprise add-ons.

Tier 1 — Standard
starts from$60 / hour
  • Web application pentest
  • API pentest (REST, GraphQL, gRPC)
  • External network pentest
  • Cloud configuration review (AWS / Azure / GCP)
Tier 2 — Advanced
starts from$80 / hour
  • Android & iOS application pentest
  • Thick client pentest (Win / macOS / Linux)
  • Internal network pentest & AD review
  • Targeted scenario / red-team-style assessments
Tier 3 — Specialised
starts from$100 / hour
  • AI / ML system pentest
  • Agentic AI & LLM pipeline security
  • Secure code review (multi-language)
  • Architecture review with code reading

> Every engagement is scoped and quoted in hours upfront. Fixed-price quotes available for well-defined scopes.

// What's always included
Full Reporting
Executive summary + detailed technical findings, reproduction steps, severity ratings & remediation guidance.
Kick-Off Call
Sync on scope, environment, credentials, contacts & ground rules before any packet hits the wire.
Read-Out Call
Walkthrough of findings with eng + leadership. Q&A, prioritisation guidance, attacker-mindset commentary.
3 Months Re-Testing
Re-test every fixed finding inside 3 months of the original engagement — included, not billed separately.
Report Updates Post-Remediation
After re-testing, the report is updated to reflect remediation status — ready for audits or customers.
Single Point of Contact
You work directly with me from scoping to read-out. No account managers, no junior handoffs, no telephone game.
Industry-Standard Coverage
OWASP Top 10, OWASP API Top 10, MASVS, CIS benchmarks, NIST & business-logic checks specific to your product.
Daily & Critical-Find Updates
Daily progress notes during the engagement, immediate notification & PoC sharing on any critical-class finding.
// 03 — Methodology

How an engagement actually runs.

Eleven steps from first email to remediation sign-off. The same pipeline every time, scoped to fit.

01
Scoping
Surfaces, assets, hours, constraints
02
Kick-Off Call
Contacts, creds, channels, calendar
03
Engagement Start
Environment access verified
04
Recon & Enumeration
Surface mapping, asset discovery
05
Unauth Testing
Anonymous attack surface
06
Auth Testing
Multi-role abuse, authz, business logic
07
Standards & Business Checks
OWASP, CIS, NIST + product-specific
08
Cross-Validation
Remove noise, confirm every finding
09
Reporting
Exec summary + technical detail
10
Wrap-Up / Read-Out
Walkthrough, Q&A, prioritisation
11
Remediation
Re-test & report update (3 mo. incl.)

> Scroll horizontally on smaller screens · the same 11 steps run for every engagement type

// 04 — Deeper detail

Each engagement, up close.

01 / pentest

Penetration Testing

From single-app spot-checks to multi-week, multi-surface enterprise assessments. Every test runs through the 11-step pipeline above.

I treat pentesting as a craft, not a checklist. The automated tools run, but they're a small part of the work — the real value is in the manual hours spent abusing business logic, chaining low-severity issues into critical impact, and validating every finding before it lands in your report.

  • Web application pentest
  • REST / GraphQL / gRPC API pentest
  • External network pentest
  • Internal network & AD pentest
  • Android & iOS application pentest
  • Thick client pentest
  • Cloud configuration review
  • AI / ML & agentic system pentest
  • Secure code review
  • Threat modelling / architecture review
02 / vCISO

Virtual CISO

For companies that need senior security leadership without a full-time hire. Typically a monthly retainer with a defined set of deliverables and standing meetings.

I plug in alongside your eng leadership, take ownership of the security function, and drive the work from policy to posture to people. The goal is always to leave you better-defended — and to make the role redundant when you're ready to hire in-house.

  • Security strategy & roadmap
  • Policy & procedure authorship
  • SOC 2 / ISO 27001 / HIPAA readiness
  • Vendor & third-party risk management
  • Threat modelling & design review
  • Incident response readiness
  • Security awareness program
  • Board & customer security reporting
03 / advisory

Security Advisory

Bring me in for a focused engagement — architecture review, program design, hiring panel, conference prep, or just a few hours of "is this idea sound?" time.

Sometimes you don't need a vCISO and you don't need a pentest — you need an expert pair of eyes on a specific decision. Advisory engagements are billed hourly or fixed-price for a defined deliverable, and start at a few hours.

  • Architecture & design reviews
  • AppSec program design
  • Bug-bounty program strategy
  • Pentest program design (for vendors)
  • Hiring & technical interview support
  • Tabletop exercises
  • Conference / customer talk review
  • Tooling & vendor selection
04 / mentorship

1:1 Mentorship

Personal, recurring mentorship for testers, bug bounty hunters and AppSec engineers serious about levelling up. Limited slots, application-based.

I work with a small number of mentees at any given time. Sessions are typically bi-weekly, focused on whatever moves the needle for you — technical depth on a specific surface, career direction, certification prep, real-world bug review, interview practice, or building your own consultancy.

  • Career planning & transitions
  • Technical depth (web / mobile / cloud / AI)
  • Bug bounty methodology & review
  • Certification prep (OSCP, eWPTX, etc.)
  • Report writing & communication
  • Interview preparation
  • Independent consultancy setup
  • Content & personal brand
// 05 — Comms

However your team works.

I'll meet you where you already are. No new tools to learn, no portals to log into, no friction.

Slack
Shared channel in your workspace
Email
Async updates & final deliverables
MS Teams
Channel & meeting integration
Whatever works
Discord, Signal, slab, your call
// Experience
10+ years
in offensive security

A decade in the industry with 700+ pentests delivered. Working expertise across triage, security engineering, consultancy, mentorship and security advisory — the full lifecycle of the work, not just the testing half.

Previously: Synack Red Team, Cobalt Core (Lead Pentester), independent bug bounty hunter (Bugcrowd MVP, top-150 all-time), security consultant.

// Scoping & quote

For quotation and scoping, drop a line.

I respond inside 24 hours. Initial scoping calls are free & non-obligatory.