Security Audits are timeboxed audits that provide useful risk signal and sales enablement artifacts. At the end of a security audit you'll get a few different deliverables:

Beyond the written deliverables, I also aim to end engagements where we have a clear shared understanding of risk and remediation.

If we are working together for the first time, I tend to recommend a security audit as a starting point. It gives you a fairly quick sense of what working with me looks like and you get useful feedback and a sales enablement deliverable at the end. In turn, it gives me an opportunity to get in the weeds with your product and risk profile.

While not exhaustive, here are some example security audit projects I've done:

Hadoop red-teaming
A project where there were known authentication and authorization issues in a Hadoop workload scheduling environment but the actual risk of those issues was theoretical. In this project I turned a vague idea into specific exploitation steps and an enumeration of the data sets that were exposed, making prioritization discussions much more grounded and consistent.
SAML library audits
Evaluating and auditing existing SAML authentication libraries that would be a new critical dependency for a new flagship feature and be a significant factor in language choice. I provided selection criteria, library options, and a recommendation on a specific library. This project also turned into a broader research effort leading to a Black Hat conference talk.
GraphQL authorization audits
I audited a custom-built authorization DSL used to define GraphQL authorization rules for a web application. I identified flaws in the design and provided guidance on suggested improvements that would make these authorization rules easier to reason about.

If you are looking for feedback a bit earlier in the development lifecycle, consider a design review.

If you'd like to find interesting security bugs, contact me at hello@ on this domain for a free consultation.