Start a conversation
Honestly? We just like talking about this stuff.
OSCAL adoption strategies, FAIR modelling edge cases, whether your threat model holds up under a realistic attacker scenario, why your SOC 2 audit left you with a binder but not security — these are conversations we have for fun. If you want to think out loud with practitioners who find this genuinely interesting, that’s reason enough to reach out.
If you also have a compliance deadline or a security architecture question, bring that too. We’ll give you a straight read on what it would take to address it — no pitch, no six-week runway to a kickoff call.
Email: datum@padstone.io
Good fit / not a good fit
We work well with organisations that:
- Are navigating a first serious compliance requirement (SOC 2, ISO/IEC 27001, DORA) and want to do it properly
- Have an engineering team and want security integrated into how they build
- Have been through a compliance process and ended up with paperwork but not security
- Need a senior technical voice for security decisions on a fractional basis
We’re probably not the right fit if:
- You need a large on-site team for an extended engagement
- The certificate is the goal, not the underlying security
- You’re looking for the lowest-cost path to passing an audit