Sentinel · 2024

Zero‑trust security mesh

Replaced a flat corporate VPN with an identity‑aware zero‑trust mesh, hardening 2,400 endpoints across 14 countries.

Tag
Cybersec
Duration
9 weeks
Role
Threat modelling · Backend · DevSecOps
Zero‑trust security mesh
Critical CVEs closed
11
MTTR (incidents)
−61%
Audit findings
0
◇ The problem

Where they were stuck.

A single compromised contractor laptop could reach production. Network was flat, audit trails were partial, MFA was inconsistent.

◇ Our approach

How we shipped it.

  1. 01

    Mapped every trust boundary and produced a STRIDE-based threat model.

  2. 02

    Rolled out identity-aware proxies and SPIFFE workload identities.

  3. 03

    Closed 11 critical CVEs and built an automated red-team replay harness.

  4. 04

    Wrote runbooks and ran two live tabletop incident exercises with the SOC.

◇ Stack

What it's made of.

GoEnvoySPIFFETailscaleAWSTerraform
Next case study

Autonomous research agents

Atlas Capital

Have a problem this hard?

Start a project →