Argemma is a security engineering consulting practice run by Kelby Ludwig.

I work with technology startups who need hands-on engineering and security expertise. My goal is to enable your startup to ship code, at high-velocity, while having increased confidence in the security of your product.

My project-based work is typically structured around the following:

Security Audits
Reviewing existing features and uncovering weaknesses before they become incidents. My recommended, but not required, starting point for working together for the first time.
Design Review
Partnering on security-relevant design documents and helping teams make sound architectural decisions.
Security Engineering
Designing and building security-critical systems end to end, including static analysis CI pipelines, phishing-resistant authentication, and secure secrets management.

However, I also support teams with longer-term engagements. This can include much of the above but can also include:

The above isn't comprehensive so if you have a particular need that you don't see covered, please reach out.

Get in touch

Contact me at hello@ on this domain with a brief description of what I can do for you.

About Kelby

Kelby Ludwig

I've worked in software security for over a decade. My career began in application security and consulting at Praetorian and Duo Security, and I most recently worked as a security engineer at Stripe working on authorization and secrets management.

Over the years I have found widespread flaws in SAML libraries, cryptography flaws in JWT libraries, and led an overhaul of incident-prone secrets management infrastructure. I also occasionally write about security, engineering, and cryptography on the Argemma blog and my personal blog.

I hold a B.S. in Computer Science from the University of Texas at Austin.