Thinking Machine
Open menu
Services

Three lanes. One engagement model. No surprises on the invoice.

We work with compliance-sensitive enterprises and the vendors who sell to them. Pick a lane below; pick an engagement shape further down.

01 · Cloud

Cloud cost & FinOps strategy

When to call us

You are about to make a multi-year cloud commitment and the internal numbers do not agree. Your incumbent hosting provider will not share invoices. A board paper is due in three weeks. You are a SaaS vendor pricing a multi-installation deal. Your CSP renewal is up and the partner-margin question has nobody to defend it.

What we deliver

A board-grade cost assessment anchored on cloud-economics, observability, and DevOps literature — Storment & Fuller, Majors, Nygard, Forsgren et al. — plus first-party Azure / AWS / GCP tier-selection and DR-cost guidance for the database engines in scope.

Typical deliverables: four-category cost taxonomy (fixed overhead, competence, variable, per-server), multi-scenario reserved-instance and CSP-margin modelling, triangulated baseline against incumbent spend, sensitivity analysis on staffing posture, working cost-model spreadsheet you keep.

For media-heavy platforms (video, audio, telemetry-at-volume) we have experience with codec-driven storage cost engineering — the right answer typically lives across CPU, RAM, storage, bandwidth, quality, and resilience trade-offs simultaneously, not in any one of them. Codec choice alone can move per-session storage cost by an order of magnitude before any tier strategy is applied. Region-of-interest encoding (prioritising face / hand / focal area at the same total bitrate) and adaptive recording (full fidelity for high-information segments, compact derived data for low-information stretches) are the next two levers worth modelling explicitly when the storage line dominates the unit economics.

What we do not deliver

We do not write Terraform. We do not migrate workloads. We do not sell you a product or a partner relationship. We deliver the document the decision-maker reads.

Recent example

A multi-installation industrial software vendor needed to know what to charge an enterprise customer for a cloud-managed deployment. The incumbent hosting baseline was unavailable. We built a triangulated baseline from public cloud list pricing and typical partner-margin bands, modelled three pricing scenarios across two staffing postures, and delivered a per-installation pricing playbook plus an enterprise-side calculator the customer could populate themselves. Read full case study →

02 · Cyber

Cyber resilience & NFR advisory

When to call us

Your enterprise customer just sent you their NFR catalog and you have ninety days to respond. NIS2 transposition has started touching your operating perimeter and the in-house team is missing one specific area. You are drafting the NFR catalog itself for an upcoming procurement and want it audit-defensible.

What we deliver

Structured NFR compliance responses against enterprise procurement matrices. We work across the standard domains — cyber security, data architecture, technical architecture, business continuity. Each response carries a compliance status (compliant / partial / non-compliant / desirable), justification, evidence trail, action required, and cost-impact estimate.

Around the register itself we add a deep-dive for items that do not fit a row, a source-verification log linking each justification to underlying meetings or documents, and a consolidated cost-impact summary that surfaces renegotiation triggers up front rather than mid-procurement.

We work with Azure-native security stacks (Entra ID, Key Vault, Defender, Purview, Sentinel) but the methodology is platform-agnostic.

For regulated-sector engagements we have experience with the domain-specific overlays — for healthcare: GDPR Article 9 special-category data handling, EHDS interoperability via HL7 FHIR R4, NIS2 essential-entity classification, MDR / EN 62304 / ISO 14971 readiness for software-as-medical-device adjacencies, ISO 27001 + 27799 ISMS scoping, and the relevant national transpositions (Germany: Gematik TI, BSIG-neu, BSI C5; Netherlands: NEN 7510, NCSC-NL guidelines; Croatia: HZZO, AZOP, eZdravlje). The engagement structure stays the same; the regulatory anchor changes.

On the audit-readiness and testing side we have experience aligning evidence packs against ISO/IEC 27001 (and 27002), ENISA guidance, OWASP (ASVS, MASVS, Top 10 2025), OSSTMM, and the NIS2 risk-management measures catalogue — for buyers whose procurement asks for a specific framework reference. GDPR / national-DPA equivalents (AVG in NL, AZOP in HR, BfDI in DE) anchor the privacy side of the same workpack. We deliver readiness reviews, evidence packs, and remediation plans; formal certification or accredited audit is left to bodies that hold the relevant accreditation.

What we do not deliver

We do not conduct penetration tests or security audits. We do not sit on your CSIRT. We do not write your ISO 27001 policies from scratch.

Recent example

A tier-1 European energy operator's procurement NFR matrix carried roughly fifty line items across cyber security and data architecture domains. We produced the response register, deep-dive sheet, and source-verification log linking each justification to a meeting or email. Read full case study →

03 · AI

AI integration for established systems

When to call us

You have working systems and you want to connect modern frontier models to them — not replace them. Your data-residency requirements rule out hosted LLM APIs. Your knowledge base is too large to paste into a prompt and too sensitive to upload to a third party. Your engineering team has shipped a chatbot and now leadership wants to know is this actually working?

What we deliver

  1. MCP control layers wrapping existing internal applications, exposing them as tools to LLM agents.
  2. RAG over enterprise knowledge bases — chunking strategy, retrieval tuning, evaluation harness, and an honest answer to is RAG the right call here at all?
  3. On-premises LLM infrastructure — model selection (Llama family, Mistral, others), serving stack (Ollama / vLLM), GPU sizing, observability.
  4. LLM-assisted legacy modernisation — using frontier models to accelerate code understanding, dependency mapping, and migration planning on systems your team has been told to just rewrite.
  5. AI training for engineers and managers — what these systems are, what they are not, and how to evaluate them empirically.
  6. Self-hosted speech-to-text and ASR pipelines — Whisper-family deployment (faster-whisper / CTranslate2 runtime, INT8 quantisation), speaker diarization with word-level timestamps, GPU sizing for batch inference, multi-language. For high-volume scenarios where per-minute cloud ASR pricing breaks the unit economics, or where audio cannot leave the perimeter.
  7. Edge-side neural audio enhancement — DNN-based noise cancellation and dereverberation running on the client device before media reaches the server. Combined with self-hosted ASR above, the entire speech pipeline can run within the operator perimeter — zero per-minute cloud cost, zero audio leaving the network boundary.

What we do not deliver

We do not train foundation models. We do not sell you AI strategy without a working artifact. We will not ship an AI feature where the right answer is a SQL query.

How we work

Three engagement shapes you can actually approve.

Stage 1

Discovery Sprint

1–2 weeks · fixed fee

Scoped problem, structured deliverable, decision-ready output.

Stage 2

Rapid PoC

2–4 weeks · fixed fee

Working demonstration plus an evidence-based go/no-go.

Stage 3

Fractional CTO

Monthly retainer

A senior architect on call. Sounding-board for the in-house team, RFP due diligence, second-opinion reviews. For when the team is strong but missing one specific area of depth.

We take one to two new engagements per quarter. The first thirty minutes is always free, with no pitch and no slide deck.

Stage 1 in pictures

A Discovery Sprint, day by day.

The shorter cousin of the Rapid PoC. One to two weeks, single deliverable, no working artifact — pure decision support. Used when the question is concrete and a working PoC would be overkill.

Discovery Sprint timeline — 1 to 2 weeks A compact ten-day timeline. Days 1-2: Survey (interviews, document review). Days 2-4: Map the current situation. Days 4-7: Think (analysis, framework anchoring). Days 6-10: Deliver (draft, cite, pressure-test, ship). Two milestones: Kickoff at day 1, Final readout at day 10. d1 d2 d3 d4 d5 d6 d7 d8 d9 d10 Kickoff Readout Survey interviews · doc review Map current state · gaps Think analysis · framework anchoring Deliver draft · cite · pressure-test · ship
Single deliverable: the decision-grade report, with cited evidence. No working artifact, no spreadsheet, no PoC code.
When to pick this over Rapid PoC: when the question is concrete, the existing data is enough, and you do not need to demonstrate technical viability of anything new.
Stage 2 in pictures

A Rapid PoC, week by week.

A typical 4-week Rapid PoC engagement. Stages overlap deliberately — by mid-week-2 we already have enough of the map drawn to start the analysis.

Rapid PoC engagement Gantt — 4 weeks A four-week Gantt chart showing four engagement stages — Survey, Map, Think, Deliver — overlapping across weeks one through four. Three milestones: Kickoff at start of week one, Midpoint review at end of week two, Final readout at end of week four. Week 1 Week 2 Week 3 Week 4 Kickoff Midpoint review Final readout Survey listen, surface, capture Map data flows, dependencies, gaps Think analysis · models · cross-sector lookup Deliver draft · cite · pressure-test · ship Stakeholder map Current-state diagram Draft + evidence log Final report + model interviews complete decision rights mapped framework anchors set board-readable, cited
Kickoff: 60-minute call. We confirm scope, declare out-of-scope items, and agree on three to five interview targets.
Midpoint review: 45-minute call. We share the map and the framework anchors. You correct what we got wrong.
Final readout: 60-minute call. We walk you through the document. You take it from there.
Adjacent capabilities

Other shapes we have run when the engagement called for it.

Database performance

SQL Server · PostgreSQL · Oracle rescue

Slow databases are rarely fixed by adding hardware alone. Stored-procedure archaeology, execution-plan analysis, indexing strategy, locking / blocking / deadlock investigation, high-ingestion telemetry data design, read-replica and sharding architecture review. Typical output: a ranked list of bottlenecks with safe remediation steps and before/after benchmarks.

Legacy modernisation

VB6 · Classic ASP · WebForms · old SQL

For business-critical applications where the logic lives in old code, stored procedures, and undocumented integrations. Strangler-Fig sequencing, dependency mapping, business-rules-hidden-in-SQL inventory, target-architecture proposal, risk-and-cost estimate. Combines naturally with the AI lane (LLM-assisted code understanding) and the database lane above.

Interim leadership

Interim team-lead or functional manager

For situations where the gap is operational rather than analytical — interim team-lead or functional-management coverage for ITIL-organised or ASL / BiSL-organised functional-management departments. Time-boxed, fixed-fee monthly retainer, with a written handover plan from day one.

Business-process systems

LIMS, lab-automation, vendor integration

Hands-on experience with Laboratory Information Management Systems (LIMS), instrument-integration design (ASTM E1394, HL7), and business-process-management systems that sit alongside them. Most often as part of a healthcare or industrial-IoT engagement; rarely as a standalone mandate.

We do not sell hours. We sell decisions.

Thirty minutes is on us — no pitch, no slides. We will tell you on the call whether we can help.