Services

Expertise you can
put to work.

Beyond training and speaking, I take on project-based work: investigations, risk assessments, security audits, and policy design. And for smaller organisations that need a full setup, a scoped package that covers tools, protocols, and implementation.

Project-based

Scoped per engagement. Defined deliverables, defined timeline. Enquire to discuss.

Package-based

Starts with a diagnostic. Then a tailored package built around what your organisation actually needs.

All engagements

Available in English and Spanish. Remote or in person.

Intelligence and Investigation

Understanding threats before they hit

Research-driven work with a defined deliverable: a report, an assessment, an analysis. Based on OSINT methodology and investigative journalism practice.

Risk Assessment

A structured evaluation of the digital and physical threats facing a journalist, defender, or organisation. Covers threat actors, attack surface, current exposure, and priority mitigations.

  • Written risk assessment report
  • Threat actor mapping
  • Prioritised recommendations

OSINT Investigations

Open-source intelligence investigations for editorial, legal, or institutional purposes. Identity verification, network mapping, digital footprint analysis, and evidence documentation.

  • Investigation report with sourced findings
  • Documented evidence chain
  • Network or actor maps

Disinformation Campaign Analysis

Detection and analysis of coordinated disinformation campaigns. Narrative tracking, amplification network identification, timeline reconstruction, and platform behaviour analysis.

  • Campaign anatomy report
  • Actor and amplification network mapping
  • Platform and narrative timeline

IO and FIMI Analysis

Analysis of influence operations (IO) and foreign information manipulation and interference (FIMI). Attribution research, narrative analysis, and structured reporting aligned with EU and international frameworks.

  • IO / FIMI analysis report
  • Attribution and actor profiling
  • Structured intelligence brief

Security and Policy

Turning risk into protocol

Practical security work that results in documents and systems organisations can actually use. Not generic frameworks copied from a template.

Digital Security Audit and Diagnosis

A structured review of an organisation's current digital security posture. Covers tools, workflows, account hygiene, communications practices, and staff behaviour. Produces a clear picture of where the gaps are and what the priorities should be.

  • Security diagnosis report
  • Identified vulnerabilities and exposure points
  • Prioritised remediation roadmap
  • Staff-level recommendations

Digital Security Policy Design

Creation or update of an organisation's digital security policies. Covers acceptable use, incident response, device management, communications protocols, and onboarding and offboarding procedures. Written for the people who will actually follow it, not for a compliance checklist.

  • Full digital security policy document
  • Incident response protocol
  • Staff-facing summary and guidance
  • Review and update schedule
New offering

Technology and Implementation

Built for the organisations big companies ignore

Smaller NGOs, independent newsrooms, and human rights defender organisations need serious digital protection. But enterprise-grade solutions are built for enterprise-sized teams and budgets. This package bridges that gap.

It starts with a scoped diagnostic: a focused conversation and review to understand your current setup, your team's technical capacity, and the threats you actually face. From that, a tailored package is built around what you need, not a catalogue of what is available.

You get the right tools, properly configured, with protocols your team can follow and automations that reduce the manual burden. Implemented, not just recommended.

Built for

  • Small NGOs and civil society organisations working in sensitive contexts
  • Independent newsrooms and investigative journalism teams
  • Human rights defender organisations and their networks
  • Support organisations that need to secure their own infrastructure before helping others
  • Teams that have grown without a security plan and need to catch up

How it works

Step 01

Scoped diagnostic

A focused assessment of your current setup, team, workflows, and threat context. Short, structured, and actionable.

Step 02

Package design

Based on the diagnostic, a tailored package is proposed: tools, configurations, protocols, and automations. Scoped to your size and capacity.

Step 03

Implementation

Setup, configuration, testing, and handover. Your team leaves with working systems and the knowledge to maintain them.

What the package covers

Tools

Right-sized tool stack

Selection and configuration of the tools your organisation actually needs: secure communications, password management, device protection, secure file handling, and more. Based on what works in practice, not what looks good in a whitepaper.

Protocols

Security protocols your team will follow

Written for humans, not compliance officers. Covering daily workflows, incident response, onboarding, offboarding, and communications practices. Adapted to your team's size and technical level.

Automation

AI and automation where it helps

Where automation reduces manual burden without introducing new risk, it gets built in. Monitoring, alerts, routine checks, and reporting workflows. Practical AI integration for organisations that do not have a dedicated tech team.

Work together

Have a project
in mind?

Send a message describing what you need. For project-based work: a brief description of the scope and timeline. For the tech package: a few lines about your organisation and your current situation. I will get back to you to discuss whether it is a good fit.

Get in touch

Investigations, assessments, audits, policy work

Start with a diagnostic

Tech and implementation package for your organisation

Looking for training instead?

Workshops and sessions for teams