Application and Product Security
Find product risk before it ships.
- Threat modeling
- Code and API review
- Fix guidance
Security engineering from Andorra
Security engineering for real systems.
AppSec, cloud, endpoint visibility, and incident readiness. Practical findings. Fixes your team can ship.
- Application security
- Cloud and infrastructure
- Detection engineering
- Incident readiness
- Child online safety
Prior experience from teams at
IBM
Meta
Uber
Airbnb
Chainlink
Niantic
Tech Coalition
Services
Focused help for technical teams.
Evidence first. Practical fixes. No theater.
Cloud and Infrastructure Security
Harden the systems behind the product.
- Cloud review
- Identity and secrets
- Secure defaults
Detection and Incident Readiness
Make suspicious activity easier to see and handle.
- osquery and osctrl
- Telemetry quality
- Response workflows
Security Engineering
Build security into engineering flow.
- Internal tooling
- CI/CD guardrails
- Platform support
Child Online Safety
Practical safety guidance for online risk.
- Trust and safety
- Risk review
- Safeguarding flows
Project proof
Public work. Practical proof.
Security services grounded in tooling, not slideware.
Endpoint security
osctrl
osquery management for fleet visibility, logs, config, and live queries.
Cyber range
mapctf
A map-based cyber range and CTF platform for hands-on security learning.
Authorized research
stanza-c2
Authorized red-team research for understanding attacker workflows.
Process
Clear work. Useful findings. Verified fixes.
- ScopeDefine systems, risks, and goals.
- AssessTest with reproducible evidence.
- ExplainPrioritize engineering impact.
- RemediateFix code, config, or workflow.
- ValidateRetest what matters.
Contact
Bring a system. Leave with a plan.
Send the stack, the risk, and the timeline. We will start from there.