The work, in detail.
Real engagements with real technical specifics — supplier security audits, ISO 27001 implementations, Essential 8 remediations, and the framework decisions behind them. Written up for the auditor, the procurement officer, and anyone who's ever had to answer a vendor security questionnaire.
- 01
19 months of leaked customer credit cards. Remediated by Monday.
A supplier had left a client's payment site exposing card data via a public .git directory for 19 months. Plaintext encryption key, leaked database password, 30,724 hostile fetches in the two months of logs we had. We rebuilt on hardened infrastructure inside 24 hours over a weekend, rotated every credential, and pulled card data out of PCI DSS scope entirely.
Read the case study
More case studies in the pipeline. The work we publish is anonymised where required by client confidentiality.
Worried about your own suppliers?
If you'd like a no-obligation review of how exposed your business is to the kind of supplier-caused breach above, we run free 30-minute discovery calls. We'll tell you what we'd want to look at first.