We’re a small offensive-security firm. We test other people’s systems for a living and we try to do it the way a senior practitioner would explain things to a peer they respect — direct, with the receipts, and without theatrics.
What we believe
Honest, never theatrical. We don’t dramatize findings to inflate scope. A medium is a medium. Reports describe risk in plain English with the math attached.
Practitioner-first. Everything we ship is something a working engineer can act on by Friday. No 200-page PDFs that nobody reads.
Curious by default. The best pen testers are wonderful weirdos. We hire for taste and rigor, in that order.
Make the hard thing legible. Security is technical. Our job is to translate it — for the founder, the engineer, and the board, in a single document.
The team
We’re four senior people, two of whom started the company. The combined CV includes time at NCC, Trail of Bits, and one organization whose initials nobody will confirm.
We don’t intend to grow past ten. Boutique means we mean it.
How to reach us
The fastest path is [email protected]. For sensitive material, we publish PGP keys for every team member.
If you’ve found a vulnerability in something we operate, see our responsible-disclosure policy.