Independent, technical, vendor-unbiased consulting.

What we are

ITool is an information security, cybersecurity, AI security, and corporate intelligence consultancy based in Rio de Janeiro, Brazil. We operate on a pure advisory model: we don't resell licenses, we receive no manufacturer commissions, and we have no product catalog to push. The starting point of every engagement is the client's problem — and the delivery is a solution the client's team can operate.

How we are organized

Security has become too wide a field for one generalist to cover in depth. That's why ITool operates as a coordinated network of senior specialists: each discipline — cloud, networks, identity, privacy, security operations, intelligence — is led by someone who masters that subject in practice, under a single coordination accountable for the outcome of the engagement. The client talks to one consultancy; the problem is attacked by the right specialist.

Where the experience comes from

Our practice was built in environments where security is not rhetoric: offshore oil and gas maritime support and logistics, with units connected by satellite and maintenance windows counted in hours; regulated financial and payment institutions, with availability and governance requirements at publicly traded standards; energy, commodities, and mining, where IT meets physical operations; and high-volume digital operations, with cloud infrastructure measured in hundreds of workloads.

That trajectory includes executive security responsibility (CISO level) at a large technology company and technical leadership in cybersecurity and governance at a publicly traded financial institution — combined with continuous technical execution, from offensive cloud assessment to network engineering and radio frequency security.

How we think about security

Three convictions run through all our work:

• Real risk above theoretical severity. A critical alert no attacker can reach is worth less than a medium alert in the path of the money. We prioritize with evidence — active exploitation, effective exposure, business impact.
• Independence produces honest recommendations. When the best answer is to buy nothing and operate what exists better, that's what the report says. When it's to replace equipment, the report says so in plain words — including the cost.
• Security the client can't operate is debt, not an asset. Every engagement ends with documentation, training, and an internal team more capable than when it started.

Why "intelligence" in the name

Because security and intelligence are two faces of the same discipline: protecting what is yours and seeing what matters before deciding. Beyond cybersecurity, ITool conducts integrity due diligence, corporate OSINT, and counterintelligence for high-stakes corporate, asset, and hiring decisions — always within the law and with documented methodology.