
Independent OT & ICS security consulting — vulnerability assessments, advisory services, and penetration testing for industrial environments.
I don't believe in a one-size-fits-all vulnerability scan approach. I take the time to understand how your environment actually operates, then evaluate it holistically - identifying how networks, devices, and configurations interact to uncover the risks that matter most. What you get isn't a raw list of vulnerabilities, but a clear, prioritized set of findings paired with remediation steps shaped together with your team, grounded in how your operations actually run.
An extension of your team. I bring strategic guidance rooted in hands-on ICS experience, working alongside you to strengthen defenses, streamline processes, and drive measurable, practical improvements — not just checked boxes on a compliance form. My goal isn't to hand you a binder of recommendations and walk away; it's to help build something that actually holds up in your environment.
I run assumed-breach exercises using the tools, access, and limitations of a real-world attacker — often leveraging what's already available in your environment. The process is collaborative and transparent from start to finish: your team stays informed throughout, so nothing in the final report comes out of nowhere — you'll already know what was found before it's written down.
Based in the United States, working with asset owners & operators across all verticals ranging from oil and gas, energy, water, manufacturing, chemical and more. If there's a problem worth talking through before it becomes a scope of work, please do not hesitate to reach out.