Delegate the thinking. We come in, listen carefully, map what's actually there, do the analysis, and deliver the document your board can read in fifteen minutes.
Typical engagement length for the kind of decision-grade work we do, against the alternatives. Bars show typical span, not a contractual range.
The hard part is not the answer — it is finding out what is actually true inside your organisation, then thinking carefully about what to do. We do both.
We come in and listen — to the people who actually know. Most of what matters is not written down. We surface it.
We draw the current situation: data flows, decision rights, dependencies, gaps. Everyone sees the same picture.
The hard part. We anchor on published frameworks and our cross-sector pattern library. We look for the analogy that has already been solved.
A document your board reads in fifteen minutes. Backed by a model that survives a hostile read. With every claim cited.
Board-grade cost assessments anchored on published frameworks. Triangulated baselines, multi-scenario reserved-instance modelling, vendor-side pricing playbooks. The document the decision-maker reads.
Read more on cloud cost →Cyber Resilience Act readiness. NIS2 transposition. Azure-native security architecture. Structured NFR responses for procurement and pre-contract due diligence. Audit-defensible positions, not opinions.
Read more on cyber resilience →MCP control layers. RAG over enterprise knowledge. On-prem LLM infra for data-residency-sensitive sectors. We connect modern frontier models to the systems you already have — no all-in transformation pitch.
Read more on AI integration →We do not invent methodology on your dime. Each engagement starts from a small library we have refined across regulatory, cost, and architecture work. The stack below is how they compose into the deliverable.
Read upward. Everything starts at the foundation: regulatory text, cloud-vendor pricing pages, vendor PSIRT advisories — quoted verbatim, five times, by separate passes. Two tracks build on top: one for regulatory claims, one for cost numbers. They converge at L / I / B classification, where every finding is tagged Legally Required, Implicit Means, or Best Practice. Output: a deliverable that survives a hostile read.
Specialised methods when relevant — a six-dimension cost model (CPU · RAM · storage · bandwidth · quality · resilience) for media-heavy platforms where any single dimension misleads, and an adaptive-recording pattern (high-information segments stored at full fidelity, low-information stretches stored as compact derived data) where every minute must be retained but storage cannot scale linearly. Used to anchor codec, transport, and storage choices to multi-axis impact rather than a single metric.
Most consultants spend a career in one sector. We have shipped systems in six. The patterns travel. Below: four analogies we routinely make on calls.
Healthcare IT → Industrial IoT
Lab-instrument integration is multi-vendor IoT device onboarding with thirty years' head start. Per-device-type abstraction beats per-protocol abstraction. Read the note →
Energy → Telecommunications
Operator-side NFR practice — fifty-line matrices scored compliant / partial / non-compliant — translates directly to telco procurement and onward into any regulated-customer SaaS deal. Read the note →
Government R&D → Healthcare IT
EU-funded consortium discipline — verbatim regulation citations, propagation matrices, evidence chains — is exactly what e-Health certification audits ask for.
Aviation → Industrial IoT
Multi-tenant fleet operations from aviation map cleanly onto multi-vendor multi-site IoT — same identity-binding, same per-asset commissioning ceremony, same blast-radius discipline.
We know the alternatives. Here is where we slot in — and where we do not.
| If you go to | You typically get | With us |
|---|---|---|
| Big-4 / strategy house | Branded report, multi-tier delivery team, 4–6-month engagement. | One senior expert. 2–4 weeks. Same depth, sharper. |
| Domain freelancer | Deep in one vertical. Project-by-project — no shared methodology library. | Twenty years across six sectors. Audit-grade methodology. |
| System integrator | Will gladly recommend the implementation work they’re selling. | No implementation conflict. We will not build what we recommend. |
| Internal team | Free, contextual. But politically constrained, no external calibration. | External read. Permission to say what is politically inconvenient. |
Tangible artifacts you keep. No deck-only deliverables, no executive summary with nothing underneath.
A document the board reads in fifteen minutes — anchored on published frameworks, with explicit scope, methodology, evidence trails, and a recommendation that survives a hostile read.
Multi-sheet, scenario-modelled, you populate inputs and the answer changes.
One row per requirement. Status, justification, evidence, cost-impact, action.
A demonstration in code, not a slide. Plus an honest evaluation of whether to proceed.
Up front, in writing — what we deliver, and what we deliberately do not.
Discovery Sprint
1–2 weeks · fixed fee
Scoped problem, structured deliverable, decision-ready output.
Rapid PoC
2–4 weeks · fixed fee
Working demonstration plus an evidence-based go/no-go.
Fractional CTO
Monthly retainer
A senior architect on call. Sounding-board for the in-house team, RFP due diligence, second-opinion reviews. For when the team is strong but missing one specific area of depth.
We take one to two new engagements per quarter. The first thirty minutes is always free — no pitch, no slide deck.
Designed and specified a self-hosted, EU-only video-consultation platform purpose-built for clinical mental-health consultations. Edge-ML architecture — face-mesh extraction, noise cancellation, ROI encoding, and adaptive framerate all run on the client; the server is a smart switch. Made the deliberate architectural choice not to do emotion recognition, despite the EU AI Act's medical exemption permitting it, because the clinical evidence does not support reliable emotion inference from facial expression. A six-dimension cost-and-quality framework (CPU, RAM, storage, bandwidth, clinical quality, network resilience) applied across codec, recording, transcription, and storage tiering achieves an end-to-end **98% storage reduction** at the cold tier — €2,190/month down to €45–55/month at 500 sessions/day. Per-session AES-256-GCM keys from HashiCorp Vault, crypto-shredding for GDPR Article 9 right-to-erasure in under 24 hours.
Read case study →Reconstructed a five-year-old Ansible/Semaphore IaC stack end-to-end across four repositories — orchestration playbooks, production nginx reverse proxy, PostgreSQL container, analytics-stack feature branch. Designed and shipped a gated software supply-chain layer (Composer/Satis, npm/Verdaccio, SQL/Redgate, container/GitLab Registry) with per-package static analysis, vulnerability scanning, and approval before any developer could resolve a third-party dependency. Approximately 30% of the engagement; implemented in 2024, two years before CRA Cliff 2 (11 December 2027) makes SBOM and supply-chain integrity a regulatory obligation across the EU.
Read case study →A vendor preparing to quote a cloud-managed SaaS deal to a tier-1 enterprise customer needed a defensible per-installation pricing model — without access to the incumbent's hosting baseline. We delivered a triangulated baseline, multi-scenario pricing playbook, and a customer-side cost calculator.
Read case study →Applied preparedness work on CRA Cliff 1 (September 2026) for an EU manufacturer-operator of connected products. Roughly 240 pages of audit-defensible evidence across 13 documents — checklists, briefings, the Article 14 runbook, the RACI, the execution plan — anchored on five-pass verbatim verification of the Official Journal. Published as a methodology reference; client unidentified.
Read case study →A multi-domain NFR matrix from an enterprise procurement team — roughly fifty line items across security and data architecture — required a structured response that would survive procurement review. We produced the compliance register, a deep-dive sheet for the difficult items, and a source-verification log.
Read case study →Founder of Thinking Machine d.o.o. and Head of IoT at Reos GmbH (Hamburg). Twenty-plus years of enterprise architecture across healthcare IT, telecommunications, government R&D, and industrial IoT. C#/.NET architect by training; integration architect by trade.
Hand us the question. Thirty minutes, no slides, no pitch — and an honest answer about whether we can help.