Specialist technology consultants

We fix platforms.
We've done it before.

We specialise in four disciplines: AWS architecture, cybersecurity, Zero Trust network access, and rearchitecting large-scale technology platforms. Grounded in engineering leadership at AWS, Capitec Bank, and ABSA Group — not advisory theory.

Cloud Infrastructure

AWS & Cloud Architecture

Architecture designed for workloads that actually break things — not for certifications or slide decks. From EC2 instance sizing to multi-region Aurora replication, VPC design to Lambda cost optimisation.

☁️

What we cover

EC2 right-sizing and auto-scaling strategy
RDS Aurora multi-region replication design
VPC architecture, subnetting, and security groups
S3 lifecycle policies, intelligent tiering, cost control
Lambda architecture and cold-start mitigation
CloudFront + WAF configuration for high-traffic sites
Infrastructure-as-code review (Terraform / CDK)
Cost audits — cut waste without cutting capability

Discuss your architecture →

Relevant experience

Director of Engineering, EC2 — AWS

Scaled the foundational compute platform globally. Understands the platform at the implementation level, not just the API surface.

Group CIO — Capitec Bank

Responsible for all cloud infrastructure decisions for South Africa's largest digital bank — 22M+ clients, millions of daily transactions.

Not theory. Every recommendation we make has been stress-tested against production traffic, regulatory requirements, and the kind of failure modes that never appear in AWS documentation.

Cybersecurity

Cyber Security Consulting

From WordPress hardening to banking-grade security architecture. AI-assisted penetration testing, threat modelling, incident response frameworks, and security posture reviews that go beyond checkbox compliance.

🔍

Security Audit

AI-powered penetration testing using Claude and Gemini. Scored security reports covering configuration, code, infrastructure, and DNS.

🛡️

Hardening & 2FA

Login protection, passkeys, TOTP, brute-force controls, hidden login URLs, session management, and mandatory admin 2FA enforcement.

📡

Threat Monitoring

File integrity checking, SSH brute-force monitoring, web probe detection, new admin alerts, automated alerting via email and push notifications.

🏦

Banking Security

Regulatory compliance, fraud system design, secure API architecture, and the hard security problems unique to financial services infrastructure.

Request a security review →

Our open-source Cyber & Devtools plugin implements the same security patterns we recommend in consulting engagements — available free for any WordPress site.

Try the free plugin →

Network Security

Zero Trust Network Access

ZTNA eliminates the perimeter model entirely — no implicit trust, no VPN, no lateral movement. Every request authenticated, authorised, and encrypted regardless of network origin. We design and implement ZTNA architectures that work for real organisations, not just whiteboard diagrams.

Identity-aware proxy design — Cloudflare Access, Tailscale, and self-hosted options

Service mesh architecture for zero-trust east-west traffic

Device posture enforcement — certificates, MDM, OS patch level checks

Micro-segmentation strategy to contain blast radius

SSH and RDP access via Cloudflare tunnels — no open ports

Privileged access workstation (PAW) architecture

Integration with existing IdP (Okta, Azure AD, Google Workspace)

Audit log design — who accessed what, from where, at exactly what time

Discuss your ZTNA architecture →

Why ZTNA matters now

VPNs are the attack surface

60% of breaches involve lateral movement after an initial VPN compromise. Remove the perimeter entirely.

Remote-first is permanent

The workforce is distributed. Your security model needs to match — not fight — that reality.

Compliance is catching up

NIST SP 800-207, SOC 2, POPIA, GDPR — regulators now expect zero-trust as the baseline, not the aspiration.

Platform Engineering

Platform Rearchitecting & Recovery

Inherited a broken platform? Scaled past what your architecture can handle? Facing a cloud migration that's already gone wrong? We diagnose and fix large-scale technology platforms — from modernising legacy monoliths to recovering stalled migrations.

Platform health assessment — identify structural failure points before they hit production

Legacy monolith decomposition — strategic service extraction, not big-bang rewrites

Cloud migration recovery — diagnose and fix migrations that have stalled or degraded

Scaling failure analysis — systems that worked at 10k users and collapse at 10M

Data architecture remediation — schema rot, query degradation, replication lag under load

Dependency map and blast radius analysis for large distributed systems

Technology strategy for the board — costed, credible, and deliverable

Phased remediation roadmap — prioritised by risk and business impact

Discuss your platform →

When to call us

→

You've scaled past your architecture

The system worked at launch. It doesn't work now. You need someone who knows why — and how to fix it without a full rewrite.

→

A cloud migration is failing

Moved to AWS but costs tripled, latency got worse, or the team is paralysed. We've seen every way this goes wrong.

→

The board wants a technology strategy

Credible, costed, and survivable — not a vendor slide deck. We write plans that engineering teams can actually deliver.

Credibility from the inside. Having built EC2 at AWS and led technology transformation at two of Africa's largest banks, we understand large-scale failure modes from the engineering level up — not from advisory reports.

More disciplines

Database & AI Consulting

🗄️

Database Architecture

Schema design, query optimisation, replication strategy, and migration planning honed across banking-grade transactional workloads. MariaDB, PostgreSQL, Aurora, and the query patterns that cause silent production degradation.

Schema review and normalisation for high-write workloads

Slow query analysis and index strategy

Aurora multi-region failover and replication lag management

Migration planning from legacy MySQL/MariaDB to Aurora

Read replica architecture for analytics separation

Connection pooling and PgBouncer/ProxySQL configuration

Get database advice →

🤖

AI Integration

Practical AI integration using frontier models — not wrappers. Anthropic Claude and Google Gemini wired into your actual workflows, with real data privacy: your data goes directly to the provider, never through a middleman.

AI-powered security audit and penetration testing pipelines

Content generation workflows — SEO, meta, summaries at scale

Update risk scoring — AI reads changelogs so your team doesn't have to

Category and content taxonomy analysis at scale

AI debugging assistants for PHP/WordPress production errors

Custom Claude/Gemini API integration into existing toolchains

Discuss AI integration →

Infrastructure

Networking & Infrastructure

The unglamorous work that keeps production running. BGP routing, SD-WAN, Cloudflare Workers, DNS architecture, TLS certificate management, and the networking decisions that look simple until they fail under load.

🌐

Cloudflare Architecture

Workers, tunnels, Access, R2, D1, and WAF configuration. CDN strategy, cache rule design, and the performance gains most teams leave on the table.

🔒

TLS & Certificate Management

Certificate authority selection, rotation automation, mTLS for service-to-service, HSTS preloading, and the certificate expiry incidents that bring down production at the worst time.

📡

DNS Architecture

SPF, DMARC, DKIM configuration, failover DNS design, split-horizon DNS, and the DNS misconfigurations that silently cause email deliverability and security issues.

⚡

Performance Engineering

Core Web Vitals optimisation, PHP-FPM tuning, OPcache configuration, connection pooling, and the system-level performance work that makes the real difference.

We fix platforms.We've done it before.