Nullgrave isn’t a reseller with a dashboard and a pitch deck. It’s a security advisory practice run by a working engineer who spends his days in production environments that can’t afford to get it wrong.
Before Nullgrave, I worked across healthcare, finance, and SaaS platforms at scale — first as an IT administrator, then as a security engineer. Environments where a misconfigured policy or a missed CVE has real consequences for real people.
That experience taught me one thing: the tools and knowledge that protect large enterprises aren’t secret. What small businesses actually miss is someone who knows how to apply them, what to prioritize, and what to fix first.
Nullgrave makes that expertise accessible. Every engagement is handled directly — no junior analysts, no account managers relaying questions. You talk to the person doing the work, because that person is the only person here.
The honest version: this is a one‑engineer operation by design. Lean means pricing works for businesses that actually need it, and every client gets the same quality of attention.
Work with us →Four principles that shape every engagement.
Compliance checkboxes don’t stop breaches. Every engagement starts by asking what an adversary would actually do with what we find, not just whether a control exists on paper.
A findings report that sits in a folder is worth nothing. We stay engaged through remediation, track progress scan over scan, and don’t call an engagement done until things are actually fixed.
This is a one-engineer operation. We take on clients we can serve well. If your needs are beyond what makes sense at this scale, we’ll say so upfront and point you somewhere that fits.
Security jargon exists to make consultants sound necessary. Findings get translated into what they mean for your business and what to do about them. No decoder ring required.
Security is more interesting when people actually want to learn it.
StyxShell is a cybersecurity education project built around a simple idea: learning
security concepts should feel like exploring, not studying. It’s a collection of
retro-terminal web experiences themed around mythology, classic games, and cyberpunk
aesthetics, each one hiding puzzles that teach real concepts like view-source awareness,
network fundamentals, authentication, and OSINT techniques.
Think interactive CTF‑lite challenges you can stumble into on a Thursday night.
The YouTube channel covers the same ideas in a more approachable format,
from MDE and Intune setup guides to email authentication walkthroughs, aimed at
people earlier in the security journey.