About
Independent. Bench-first. Written for the record.
Hardware and software security for small and medium businesses. I do the bench work, audit the network behavior, lock down operations against vendor coercion, and produce the long-form investigative reports clients need to act on. The practice is run by one person and stays that way on purpose.
Every engagement reads everything in scope, cites every claim to its underlying source, and reproduces every test before delivery. Photographs and bench captures are committed to a client-readable repository for the duration of the engagement. Reports are signed, sourced, and built to hold up wherever they need to.
No subcontracting. The bench work is done at the bench. The writing is done by the same person who did the bench work. Language models and third-party firms are not delegated to.
Methodology
Five practices the work is built on.
These are not slogans. They are the operating constraints I run every engagement under. When a finding is challenged, these are the steps that put it back on the record.
M.01
Read everything.
Every document, every record, every line. Not summarization, not sampling, not "the relevant parts." When the Epstein investigation crossed 3.4 million items, every one of them was read. That practice scales down to smaller engagements and produces findings that survive adversarial review because nothing was skipped.
Counts logged: lines read, items flagged, hours spent. Available on engagement request.
M.02
Cite to the bates.
Every claim in a final report is cited to the underlying evidence. Bates numbers for documents. Capture filenames for bench evidence. Public-record URLs for open-source intelligence. A reader can verify any claim independently. No claim stands on assertion alone, including when I am the one asserting it.
Citation discipline: three-tier evidentiary standard, hostile-review-ready.
M.03
Reproduce it.
Bench findings are written with reproduction steps. A second qualified party can re-run the test and arrive at the same result. This is the line between an opinion and a finding. If it cannot be reproduced, it does not go in the report. If the vendor disputes it, the reproduction steps are the answer.
Reproducibility appendix: standard deliverable on every engagement.
M.04
Respect embargoes.
When a vulnerability disclosure or government investigation requires hold, the practice holds. Embargoes are honored without exception, including when they are inconvenient and including when violation would benefit me. Coordinating with Google VRP, federal disclosure channels, and CNAs is part of the work, not an obstacle to it.
Active disclosure tracks: confidential channels with multiple federal agencies and CNAs.
M.05
Write it down.
Every engagement produces a written report. Not a slide deck. Not a verbal briefing. Not a Slack message. The report is the deliverable. It is structured for the audience it serves (litigation, regulator, public reporting, internal procurement) and it stands on its own when the engagement closes. The client owns it. The methodology travels with it.
Format: written report + executive summary + reproducibility appendix + raw evidence repository.
What I work on
Plainly.
Connected devices that make claims about what they do with your data. If a vendor says their camera, printer, sensor, or appliance does or does not phone home, I can tell you whether that is true. If a vendor says an update is optional, I can tell you whether the device still functions when you decline the update.
Devices that suddenly stop working after a refused agreement. Several cases I have run involved devices that bricked or denied service after the owner declined a new terms of service. This is provable behavior. It has documentary consequences. Owners and counsel have used my reports to recover purchase price, build class-action records, and refer to regulators.
Independent business operations that need to be hard to interfere with. Small businesses get knocked over by their own vendors as often as by external threats. The Business Hardening service is a fixed-scope rebuild that puts the business back on infrastructure the owner controls, with documentation a non-specialist can use.
Investigations for journalists, litigators, and parties of record. Long-form investigative work that combines public-record tracing with bench evidence. Output is a written report with citation discipline that survives adversarial review.
What I will not do
Honestly.
N.01
Subcontract the bench
The work is at the bench. The bench is mine. I do not hand the device to a third-party lab and edit their report.
N.02
Delegate to a model
Language models are useful tools. They do not write the report. They do not draw the conclusions. They are not the analyst of record.
N.03
Break an embargo for press
An active disclosure embargo is honored even when premature publication would benefit the practice or the press.
N.04
Take a case that fails the integrity check
Every engagement is screened against the practice's standards for evidence, ethics, and independence before scope is agreed. If a case fails the screen, it is declined in writing. No exception for fee size, client name, or pressure.