SOCHQ
Accepting new engagements for Q2

Founder-led consulting,
outside the platform.

Looking for the SOCHQ subscription? That lives on the main platform page. This page is for advisory and build work that sits next to — not inside — the platform.

I spent 18 months shipping SOCHQ. Along the way I got good at solving the hard problems most SaaS teams stall on. I take on a small number of outside engagements at a time. Fixed-fee. Senior-level. No BS, no bloat — just the thing you need built.

Founder-ledSenior-onlyFixed-feeNo juniors ever staffed on your project
See Engagements
18
months building SOCHQ solo
15+
platform integrations shipped
1,478
backend tests, 100% on security-critical paths
10/10
critical security modules at 100% coverage

Most engagements close within 48 hours — no sales team, no 6-round SOW, no procurement ping-pong. You email me. I reply. We scope it. We start.

What I build

Six categories, all earned from shipping real production code. If your problem lives in one of these, I've probably already solved a harder version of it.

Security Architecture

  • Wazuh SIEM — deployment, tuning, multi-tenant containers at scale
  • Graylog log pipeline — GELF forwarding, stream design, REST API integration
  • CrowdStrike, SentinelOne, Microsoft Defender integrations
  • IOC ingestion — OTX, AbuseIPDB, MISP, URLhaus, CISA KEV, VirusTotal
  • UEBA + MITRE ATT&CK technique mapping
  • Active-response automation (block, kill, quarantine, isolate)
  • Audit logging that survives a real SOC 2 / HIPAA review

Multi-Tenant SaaS Engineering

  • Postgres Row-Level Security as a true second line of defense
  • JWT-driven tenant scoping across API + DB layers
  • Per-tenant isolation patterns (schemas, containers, RLS, GUC)
  • Tenant onboarding flows — self-serve → enterprise
  • MSP / white-label architecture with impersonation
  • Rate limiting at tenant + IP + endpoint granularity
  • Background work that survives multi-replica deployments (Redis leader election)

Full-Stack Product Engineering

  • FastAPI + SQLAlchemy async + Alembic production stacks
  • React + TypeScript + Tailwind — production-quality UI
  • Real-time systems: WebSocket auth, broadcast patterns
  • REST API design + OpenAPI + contract tests
  • Stripe integration — subscriptions, one-time, metered, webhooks, portal
  • Authentication stacks — OAuth, MFA, session management, impersonation
  • Migrations, schemas, RLS, indexes — live production DBs

AI + LLM Integration

  • OpenAI + Anthropic integration for production workloads
  • Alert triage + plain-language explanation at scale
  • Cost control: caching, prompt design, model selection
  • Preventing prompt injection, data leakage, hallucinated facts
  • "Is This Normal?" verdict scoring systems
  • Threat hunting query builder with natural-language input
  • Embeddings, retrieval, and RAG for technical domains

Enterprise AI Engineering

  • Production RAG systems — pgvector / Pinecone / Weaviate, hybrid retrieval, re-ranking pipelines
  • Multi-agent LLM orchestration — tool/function calling, stateful workflows, structured output
  • Custom enterprise AI agents — domain-specific, evals-gated, cost-bounded by design
  • MCP (Model Context Protocol) servers — expose your tooling to Claude, ChatGPT, and internal agents
  • Fine-tuning + LoRA + adapter training for domain expertise without runaway cost
  • Eval frameworks — accuracy gates, regression tests, prompt-injection red-teaming
  • ML model serving in production — ONNX, TorchServe, FastAPI inference, streaming completions
  • Knowledge-graph + vector hybrid retrieval over technical documentation and SOPs

DevOps + Reliability

  • Docker / docker-compose production deployments
  • CI/CD: GitHub Actions, test gates, deploy + rollback runbooks
  • Sentry + Prometheus + structured logging
  • Alembic migration strategy for live systems with zero-downtime
  • Backup + restore drills (RPO/RTO you can actually defend)
  • Multi-replica coordination with leader election + health checks
  • Database connection pooling + query timeouts at scale

Integration Engineering

  • Connector framework design — pluggable vendor integrations
  • Webhook ingestion with idempotency + signature verification
  • Autotask PSA / ConnectWise integration
  • Slack / Teams / PagerDuty / Resend notification routing
  • Graylog / Splunk / QRadar / Elastic / Tenable / Rapid7 / FortiGate / Meraki APIs
  • OAuth 2.0 flows across Google / Microsoft / generic IdPs
  • Third-party SDKs + SDK-less HTTP integration patterns

How I work

Fixed-fee engagements with clear deliverables. No hourly billing surprises. No scope creep. If we're not a fit, I'll tell you on the discovery call.

Discovery Call

$1001 hour

A brutally honest assessment of your environment, your problem, and what I'd actually do. Credited toward any engagement we book.

Deliverables
  • 30 min: your environment + your problem
  • 30 min: what I'd do, with rough effort + price
  • Written follow-up within 24 hours
  • No sales pressure — if we're not a fit, I'll tell you
  • $100 credited toward any engagement we book together
Ideal for: Anyone considering any of the engagements below.
Most Popular

Wazuh Deployment Sprint

$5,0002 weeks

Production Wazuh SIEM deployed, tuned, and integrated with your existing tools.

Deliverables
  • Wazuh manager + indexer + dashboard deployed
  • 25-100 agents rolled out (Linux + Windows + Mac)
  • Tuned ruleset — no false-positive flood
  • Integrated with CrowdStrike / Defender / Slack / email
  • 2-hour training for your team
  • 30-day post-launch support
Ideal for: SMBs priced out of Arctic Wolf, Splunk, or QRadar.

Graylog Pipeline Sprint

$4,0001.5 weeks

Centralized log pipeline with stream design, per-tenant access, and REST API wiring.

Deliverables
  • Graylog + Elasticsearch + MongoDB deployed
  • Stream design for your environment / tenants / apps
  • GELF UDP forwarding from existing infrastructure
  • Custom dashboards for your top 5 use cases
  • REST API integration with upstream tools
  • 30-day post-launch support
Ideal for: Teams needing centralized logging without a full SIEM.

Multi-Tenant Architecture Review

$2,5003-5 days

Deep audit of your multi-tenancy implementation before it ships to enterprise customers.

Deliverables
  • 90-min architecture interview
  • 3 days deep review of code + schema + auth
  • Written report: gaps, risks, prioritized fixes
  • 2-hour walkthrough call
  • Optional hands-on remediation at $250/hr
Ideal for: Founders / teams building B2B SaaS that will face enterprise security review.

Connector Framework Design

$3,5001 week

Architect and implement a pluggable vendor-integration framework for your product.

Deliverables
  • Architecture review of current + future integrations
  • ConnectorBase + registry + auto-discovery design
  • Contract test framework
  • One reference connector implementation
  • Written runbook for adding future connectors
Ideal for: B2B SaaS hitting the "too many one-off integrations" wall.

Security Health Check

$1,5001 week

Fast, pragmatic security posture assessment with prioritized remediation.

Deliverables
  • 1-day deployment: SOCHQ + Wazuh on critical hosts
  • 5-day passive observation
  • Top-10 findings report, risk-prioritized
  • Concrete remediation steps for each
  • 1-hour debrief call
Ideal for: Companies that suspect gaps but don't know where to look.

Something bigger?

Platform re-architectures, greenfield product builds, team-augmentation engagements, longer-running engineering partnerships — all welcome. Most custom engagements run $15-75k depending on scope, duration, and urgency.

Tell me what you're trying to build — I'll come back with a scoped fixed-fee proposal within 2 business days.

Start the Conversation

What to expect

Every engagement runs the same way: transparent, outcome-focused, and with a clear exit.

You get me. Not an account manager, not a junior consultant. The same person who architected and shipped SOCHQ is the person who will do your engagement — start to finish. No rotating teams, no offshore subcontracting, no bait-and-switch.

01

Discovery Call

60 min, on my calendar, with me — the founder. $100 flat, credited toward any engagement we book. You get a brutally honest assessment, not a sales pitch.

02

Fixed-Fee Scope

Written SOW with deliverables, timeline, and a flat price within 2 business days. No hourly surprises, no scope-creep invoices.

03

Weekly Updates

Direct Slack / email updates from me every week. You see progress — and problems — as they happen. Not filtered through a PM.

04

Hand-Off + Support

Complete documentation, a knowledge-transfer call, and 30 days of direct-to-founder post-launch support included.

Stack I ship in

Pragmatic, battle-tested choices — not whatever's trending this month.

Python / FastAPI / SQLAlchemy async
TypeScript / React / Tailwind
PostgreSQL / Redis / Row-Level Security
Docker / GitHub Actions / Azure + AWS
Wazuh / Graylog / CrowdStrike / SentinelOne
OpenAI / Anthropic / Sentry / Prometheus
OAuth 2.0 / JWT / MFA / bcrypt / TLS
Alembic / pytest / Jest / ruff / mypy
Portfolio

The proof: I built SOCHQ from scratch.

A multi-tenant security platform competing with vendors that raised $1B+. Built solo over 18 months. Every decision documented, every trade-off visible.

Security-first

  • Postgres Row-Level Security for tenant isolation
  • MFA + rate limiting + webhook idempotency shipped day 1
  • 9 of 10 critical security modules at 100% test coverage
  • CORS / SSRF / IDOR / XFF spoofing hardening documented

Architecture-ready

  • 15+ vendor connectors on a unified ConnectorBase framework
  • Multi-replica background work with Redis leader election
  • Per-tenant Wazuh containers, dynamic provisioning
  • Stripe billing: subscription, one-time, metered, webhooks

AI-native

  • OpenAI + Anthropic integration for alert triage
  • Plain-language alert explanations at scale, with caching
  • Natural-language threat hunting query builder
  • Cost-controlled prompt design, no runaway spend

Operationally-mature

  • CI/CD: test gate + lint + mypy + auto-deploy on push
  • Alembic migrations against real Postgres in CI
  • Structured logging, Prometheus metrics, Sentry
  • Deploy + rollback runbook, incident response plan

Got a hard problem?

Book a 1-hour discovery call ($100, credited toward any engagement). Worst case you get an honest second opinion from someone who's built this stuff. Best case we ship something together.

Connect on LinkedIn

Response within 1 business day. Currently accepting engagements for Q2.