Cloud Security
Offensive posture assessment across AWS, Azure, and Google Cloud: identities and permissions, public exposures, secrets, and secure architecture.
VIEW SERVICE →BRIEFING / ITOOL INDEPENDENT CONSULTANCY
Security and intelligence for those who operate where mistakes are expensive.
Information security, cybersecurity, AI security, and corporate intelligence consulting. We don't sell tools: we start from your problem, design the solution, and deliver something your team can operate.
SECTORS SERVED — Oil & Gas · Energy · Commodities · Banking & Payments · Mining · Digital Commerce
01 WHY ADVISORY-FIRST
The client at the center of the problem. Not the tool at the center of the proposal.
Much of the security market sells product with consulting thrown in: the diagnosis is born with the answer ready — the tool the vendor resells. ITool does not resell licenses and receives no manufacturer commission. Every recommendation comes from your environment, your risk, and your budget. When the best answer is keeping what you already have and operating it better, that's what we say.
PRINCIPLE 1
Independence
No vendor bias, no reselling, no commissions. The recommendation answers your problem, not a sales quota.
PRINCIPLE 2
The right specialist on every front
Each discipline is led by a senior specialist who masters the subject in practice — coordinated by someone accountable for the outcome of the engagement as a whole.
PRINCIPLE 3
Deliverables that work
Remediation guides your team executes, presentations your leadership understands, and documentation that survives the audit.
PRINCIPLE 4
Critical sectors
Real experience in oil & gas, energy, banking and payments, mining, commodities, and high-volume digital operations.
02 SERVICE CATALOG
Twelve fronts. A single model: advisory.
From cloud posture to corporate intelligence, every service follows the same design: understand the problem, size the real risk, propose the proportional solution, and leave the client's team able to operate it.
Networks & Telecommunications
Expert-level architecture, security, and operation of corporate networks: routing, WAN, data center, segmentation, and remote access.
VIEW SERVICE →GRC — Governance, Risk & Compliance
NIST CSF, ISO 27001, COBIT, and CIS Controls applied to the company's reality — including SaaS, asset, and AI governance.
VIEW SERVICE →Privacy & LGPD
DPO support and a complete documentation package: DPIA, records of processing, incident response plan, and policies fit for the actual operation.
VIEW SERVICE →Identity & Access (IAM)
End-to-end identity governance: access lifecycle, strong authentication, federation, privileged access, and machine identities.
VIEW SERVICE →Endpoint Security
Protection for workstations and servers — Windows, macOS, and Linux — with hardening, modern detection, privilege management, and continuous visibility.
VIEW SERVICE →Vulnerability Management
Prioritization by real risk (CVSS + EPSS + KEV) and end-to-end remediation: infrastructure, first-party code, and third-party dependencies — with AI under supervision.
VIEW SERVICE →OT & IoT Security
Protection of industrial and SCADA environments: Modbus, DNP3, IEC 104, OPC UA, EtherNet/IP, and PROFINET protocols, with Zero Trust OT applied.
VIEW SERVICE →Detection & Response (SecOps)
Risk-driven security operations: detection engineering, orchestrated response, metrics that matter, and SOC maturity.
VIEW SERVICE →AI Security & Governance
AI and MCP governance with a RACI matrix, agent risk assessment, and secure integration of generative AI into the corporate environment.
VIEW SERVICE →Corporate Intelligence
Integrity due diligence, corporate OSINT, counterintelligence, and protective intelligence for high-stakes decisions.
VIEW SERVICE →Electronic Intelligence
Countermeasures in the spectrum: GPS interference detection, drone detection, and sweeps for hidden cameras and listening devices (TSCM).
VIEW SERVICE →03 HOW WE WORK
How an engagement happens
STEP 1
Immersion in the problem
A technical and business conversation to understand the real context, risk, and constraints — before any proposal.
STEP 2
Evidence-based diagnosis
Assessment with specialized tooling and manual analysis. Findings backed by evidence, with false positives discarded.
STEP 3
A plan proportional to the risk
Prioritization by effective risk and remediation cost — not by the alert's generic severity.
STEP 4
Capability transfer
Guided remediation, documentation, and training so the gains remain after the consultancy leaves.
Tell us the problem. The solution comes after.
First conversation at no cost and no commitment, under confidentiality. In one hour, you leave with an honest read of your scenario.