Every engagement follows the same six-stage cadence — whether we are developing a mobile capability, sourcing third-party tooling, building out a lawful interception system, or running a red team. Each transition is gated by a written go/no-go.
01
ScopingRequirements & rules of engagement
In-person or hardened video. Targets, end-use, exclusions, escalation paths, kill-switches and reporting cadence are committed to writing before any technical work begins.
ModeIn-person
OutputSigned RoE
ApproverAuthorized signatory
02
Threat modelingAdversary & end-use definition
Named adversary or named target population. Success criteria, operational envelope and oversight regime fixed in writing. Independent legal sign-off required.
InputsAdversary brief
OutputThreat model
Legal reviewMandatory
03
Build or sourceIn-house or curated
Capabilities are built in-house where it matches our craft, sourced from a vetted vendor network where it does not. Both paths run through the same technical and legal due diligence.
In-houseMobile · LI · RT
SourcedCurated network
DiligenceTechnical · Legal
04
Field & operateDeployment
Capability is fielded against the agreed target set, or operations are conducted against the agreed estate. One operator, one path, one channel. Daily sitrep to client.
CadenceDaily sitrep
TelemetryMirrored to client
Abort SLA< 4 min
05
SustainMaintenance & evolution
Capability is maintained against vendor patch cycles and adversary evolution. Operator training, version control and end-use audit are continuous.
CycleVendor-aligned
Patch responseCo-ordinated
End-use auditContinuous
06
DebriefHandover & readout
Two artefacts: a thirty-page technical narrative and a twelve-slide executive briefing. Both delivered in person. Source, telemetry and audit log surrendered to the client at close.