Let's TalkBook assessment
Case studies

Outcomes, not testimonials.

Anonymized engagement summaries — what was tested, what we found, what got fixed, and what changed for the team afterwards. Customer names available under NDA.

// CASE STUDY · 01

Series-C fintech — SOC 2 in 6 weeks

FintechSOC 2 Type II

Engagement. 14-day Release Readiness Sprint covering web app, API, and AWS configuration ahead of an enterprise contract requiring SOC 2 Type II.

23
FINDINGS
100%
CRIT/HIGH FIXED
PASS
FIRST AUDIT

Outcome. All critical and high findings resolved within 6 weeks. SOC 2 Type II passed on first attempt; enterprise contract signed two weeks later.

Engagement. AI/LLM security review for a generative-AI customer-support platform processing PHI. Focus on prompt injection, RAG-source isolation, and tool-call boundaries.

11
LLM FINDINGS
3
DATA-LEAK PATHS
21d
TIME TO CLOSE

Outcome. Identified three indirect-prompt-injection paths and a tool-call abuse vector. Client deployed context fencing and tool allow-listing; subsequent retest clean.

// CASE STUDY · 02

Healthcare AI — LLM hardening

HealthcareAI / LLM
// CASE STUDY · 03

Public-sector portal — kill-chain hardening

Public SectorNIST 800-53

Engagement. Red-team exercise against a state-level citizen portal. Goal-driven, MITRE ATT&CK aligned, with detection-and-response collaboration.

4
DOMAIN FOOTHOLDS
12
DETECTION GAPS
+74%
DETECT COVERAGE

Outcome. Twelve detection gaps closed across SIEM rules and EDR coverage. Tabletop exercise increased SOC response confidence — measurable in a follow-up purple-team run.

Engagement. Continuous Assurance Program for a B2B SaaS scaling from 50 to 200 engineers. Quarterly testing, advisory hours, and an annual red-team exercise.

QUARTERLY TESTS
−68%
CRIT/HIGH BACKLOG
12d
MTTR (was 47d)

Outcome. Backlog of critical/high findings dropped 68% over 12 months. Mean time to remediate fell from 47 days to 12. Customer security questionnaires reduced from 8 hours to 2.

// CASE STUDY · 04

B2B SaaS — Continuous Assurance

SaaS12-month
In their words

What teams say after working with us.

The first pentest report our engineers asked to read. Findings shipped with diffs.

M
Maya Okafor
Head of Security · Heliostat

Cleared SOC 2 on first attempt. Their readiness work paid for itself in one enterprise deal.

D
Dani Romero
VP Eng · Northwind

They tested our LLM features the way attackers actually would. No theatrical demos.

K
Kenji Park
CTO · orbital/AI

Could yours be the next case study?

Tell us what you're shipping. We'll come back with scope and a recommended engagement model in one business day.

Book an assessmentBrowse services