Selected engagements
Real-world projects, sanitised for confidentiality. Outcomes focus on availability, auditability, and crypto risk reduction across PKI, HSM, IoT/device identity, and post-quantum readiness.
Sanitised • Telecommunications
Global telecom — PKI modernisation & HSM custody
Multi-region hierarchy, device identity at scale, ceremonies & runbooks
- Offline root & regional issuing CAs; templated profiles
- HSM key custody with M-of-N ceremonies and SOPs
- EST/ACME for devices; HA OCSP/CRL + monitoring
Sanitised • Finance
Tier-1 UK bank — PKI migration & audit pass
Parallel hierarchy on Managed HSM; zero-downtime cutover
- CP/CPS refresh; ceremony evidence pack delivered
- Issuance SLOs restored; OCSP p95 < 200ms
- Autoenrol, EST/ACME, app validation runbooks
Sanitised • Pharma
Global pharma — IoT identity & PQC pilot
EST/ACME at scale; hybrid PQC cert trials on constrained devices
- Standard profiles; automated renewal
- Hybrid PQC test plan; crypto-agility guidance
- Ops runbooks for renewals & incidents
Sanitised • Public sector
National public sector — crypto audit & AD CS hardening
Policy alignment and availability improvements
- CPS/CP gap assessment; ceremony improvements
- CRL/OCSP resilience; HA & CDN publishing
- Back-to-green plan approved
Sanitised • IoT / Device ID
Global smart meter manufacturer — cryptographic audit & PQC roadmap
End-to-end review of keys, PKI, HSMs and key injection for millions of deployed meters
- Symmetric & asymmetric estate review across embedded devices and backend services
- PKI, CA hierarchy and certificate lifetime assessment for long-lived devices
- HSM usage, ceremonies, separation of duties and backup governance
- Key injection station and manufacturing crypto handling review
- Post-quantum readiness assessment and multi-year remediation roadmap
Engagements are anonymised unless we have explicit permission to name clients. Names/logos are not endorsements.