Sentinel · 2024
Zero‑trust security mesh
Replaced a flat corporate VPN with an identity‑aware zero‑trust mesh, hardening 2,400 endpoints across 14 countries.
Tag
Cybersec
Duration
9 weeks
Role
Threat modelling · Backend · DevSecOps
Critical CVEs closed
11
MTTR (incidents)
−61%
Audit findings
0
◇ The problem
Where they were stuck.
A single compromised contractor laptop could reach production. Network was flat, audit trails were partial, MFA was inconsistent.
◇ Our approach
How we shipped it.
- 01
Mapped every trust boundary and produced a STRIDE-based threat model.
- 02
Rolled out identity-aware proxies and SPIFFE workload identities.
- 03
Closed 11 critical CVEs and built an automated red-team replay harness.
- 04
Wrote runbooks and ran two live tabletop incident exercises with the SOC.
◇ Stack
What it's made of.
GoEnvoySPIFFETailscaleAWSTerraform
Next case study