Skip to content
sudodudes_
[root@sudodudes ~]# Capabilities

The practitioner work behind the certificates.

Certifications describe an outcome. This is the actual work underneath it - the operations, engineering, offensive testing, and risk practice that make the outcome true instead of theatre.

$ 01 · Security Operations

Detection and monitoring, not just the compliance report that happens to share the initials "SOC".

24/7 monitoring & alerting

Correlated telemetry across cloud audit logs, EDR, and network sensors. On-call escalation runs against documented runbooks, not tribal knowledge.

Detection engineering

Custom detection rules mapped to MITRE ATT&CK, tuned against your actual environment - not vendor-default rulesets that alert on nothing real.

Incident response

Retainer-based IR: containment, eradication, and a written post-mortem within ten business days. Tabletop exercises run before you need the real thing.

Evidence pipeline

Centralized, tamper-evident logging that doubles as continuous audit evidence - the same data feeds your SOC 2 observation period and your incident timeline.

$ 02 · Platform Security

The infrastructure layer auditors skim past and attackers read carefully.

Cloud security posture

IAM least-privilege reviews, network segmentation, and CSPM baselines across AWS, GCP, and Azure - scoped to what an attacker with a leaked key could actually reach.

Identity & access

SSO/OIDC rollout, hardware-key MFA enforcement, break-glass account design, and quarterly access reviews with sign-off, not a spreadsheet nobody opens.

Kubernetes & container security

Admission control, image and dependency scanning, runtime policy enforcement, and secrets kept out of manifests and environment dumps.

Secure SDLC

SAST and dependency scanning wired into CI, signed build provenance, branch protection and mandatory review - controls that live in your repo, not a PDF.

$ 03 · Penetration Testing

OSCP/OSCE-led offensive testing. Reports your engineers read start to finish, not skim and file away.

External & internal network

Perimeter testing, segmentation validation, and assumed-breach lateral-movement exercises from a foothold inside your network.

Web, API & mobile

OWASP-aligned manual testing of authenticated roles and business logic - the abuse cases an automated scanner cannot reason about.

Cloud & Kubernetes

Control-plane misconfiguration, IAM privilege-escalation paths, and container escape testing across the platforms in scope.

Social engineering (opt-in)

Phishing simulations and physical assessments, scoped and pre-authorized in writing before a single email goes out.

# Re-testing is included on every engagement: a finding does not close until the fix is independently verified.

$ 04 · Risk Assessment

A risk register a board will actually read, tied to controls you can point to.

Threat modeling

Asset and data-flow mapping, STRIDE-style modeling run against new products before they ship, not retrofitted after launch.

Vendor & third-party risk

Questionnaire review, SOC 2/ISO report analysis for critical vendors, and a reassessment cadence instead of a one-time intake form.

Business impact analysis

Tied to the RTO/RPO targets your systems can actually meet, verified against your last real backup restore, not a template guess.

Risk register & treatment

A living register with named owners and due dates, reviewed quarterly, mapped to ISO 27001 Annex A and NIST CSF where relevant.

Talk to us

Not sure which of this you actually need yet?

Most teams need less than they think. A 30-minute call usually narrows it to one or two things worth doing first.