Services

Security infrastructure for regulated industries

Built to last, documented to audit. Senior-only delivery from Brussels.

PKI Architecture

Enterprise Public Key Infrastructure

Complete CA hierarchy design and deployment. From air-gapped Root CA with HSM to automated certificate enrollment via ACME. Built on EJBCA with HA failover and full compliance documentation.

  • 2-tier or 3-tier CA hierarchy
  • HSM integration (Nitrokey, YubiHSM)
  • OCSP & CRL distribution
  • ACME server for automated enrollment
  • Certificate lifecycle management
  • CP, CPS, and compliance documentation
Outcome

→ Your CA is live, documented, and audit-ready in 6 weeks

Deliverables

Architecture Design Document Included
Docker Infrastructure (HA) Included
Certificate Policy (CP) Included
Certificate Practice Statement Included
Key Ceremony Procedure Included
SOPs (8 documents) Included
Monitoring & Alerting Included

What I Check

SSL/TLS Configuration
Certificate Chain
DNS Security
Email (SPF/DKIM/DMARC)
Web Application
SSH Hardening
Port Exposure
CIS Benchmarks
Security Assessment

Find What's Broken Before Attackers Do

Comprehensive vulnerability assessment and penetration testing. OSINT reconnaissance, network scanning, web application testing, and detailed remediation reports.

Outcome

→ Full report with exploitable findings ranked by business risk

Zero Trust

Mutual TLS — Passwords Are Dead

Replace passwords and VPNs with certificate-based authentication. Only verified certificate holders access your services. No exceptions.

→ mTLS rollout complete across all services with zero password exposure

🔒

No Passwords

Certificates can't be phished, guessed, or brute-forced.

🌐

No VPN

Direct access with mutual authentication. Works anywhere.

Audit Trail

Every connection logged with certificate identity. Full accountability.

All Services at a Glance

Three disciplines. One senior engineer. Brussels-based.

PKI Architecture

Enterprise Public Key Infrastructure

Complete CA hierarchy design and deployment. From air-gapped Root CA with HSM to automated certificate enrollment via ACME. Built on EJBCA with HA failover and full compliance documentation.

→ Your CA is live, documented, and audit-ready in 6 weeks
Security Assessment

Find What's Broken Before Attackers Do

Comprehensive vulnerability assessment and penetration testing. OSINT reconnaissance, network scanning, web application testing, and detailed remediation reports.

→ Full report with exploitable findings ranked by business risk
Zero Trust

Mutual TLS — Passwords Are Dead

Replace passwords and VPNs with certificate-based authentication. Only verified certificate holders access your services. No exceptions.

→ mTLS rollout complete across all services with zero password exposure
Ready to start?

Let's talk about your PKI estate.

30-minute discovery call — senior-to-senior. No sales deck, no demos, no junior account manager.

Get in Touch →