Services Pricing About Get a Free Scan
Who We Are
BUILT BY
SOMEONE WHO
DOES THIS.

Nullgrave isn’t a reseller with a dashboard and a pitch deck. It’s a security advisory practice run by a working engineer who spends his days in production environments that can’t afford to get it wrong.

Security Engineer  ///  Enterprise Background  ///  HIPAA & Finance Ready  ///  Adversarial by Design  ///  Real Expertise  ///  SMB Focused  ///  No Bloat  ///  No Bullshit  ///  Cloud & SaaS Security  ///  M365 & Azure AD  ///  Security Engineer  ///  Enterprise Background  ///  HIPAA & Finance Ready  ///  Adversarial by Design  ///  Real Expertise  ///  SMB Focused  ///  No Bloat  ///  No Bullshit  ///  Cloud & SaaS Security  ///  M365 & Azure AD  /// 

Enterprise security experience.
Without the enterprise bill.

24h
Typical response time — no waiting on account managers
0
Long‑term contracts. Month‑to‑month only.
$0
Cost to start — free initial scan
1
One engineer. No middlemen. No handoffs.

Before Nullgrave, I worked across healthcare, finance, and SaaS platforms at scale — first as an IT administrator, then as a security engineer. Environments where a misconfigured policy or a missed CVE has real consequences for real people.

That experience taught me one thing: the tools and knowledge that protect large enterprises aren’t secret. What small businesses actually miss is someone who knows how to apply them, what to prioritize, and what to fix first.

Nullgrave makes that expertise accessible. Every engagement is handled directly — no junior analysts, no account managers relaying questions. You talk to the person doing the work, because that person is the only person here.

The honest version: this is a one‑engineer operation by design. Lean means pricing works for businesses that actually need it, and every client gets the same quality of attention.

Work with us →
How We Work

Adversarial by Design.

Four principles that shape every engagement.

Principle 01
Think Like the Attacker

Compliance checkboxes don’t stop breaches. Every engagement starts by asking what an adversary would actually do with what we find, not just whether a control exists on paper.

Principle 02
No Report-and-Run

A findings report that sits in a folder is worth nothing. We stay engaged through remediation, track progress scan over scan, and don’t call an engagement done until things are actually fixed.

Principle 03
Honest About Scope

This is a one-engineer operation. We take on clients we can serve well. If your needs are beyond what makes sense at this scale, we’ll say so upfront and point you somewhere that fits.

Principle 04
Plain Language, Always

Security jargon exists to make consultants sound necessary. Findings get translated into what they mean for your business and what to do about them. No decoder ring required.

Side Project

Beyond the Day Job.

Security is more interesting when people actually want to learn it.

// PROJECT: STYXSHELL
STYXSHELL
From Floppy Disks to Future Skills, the Lo-Fi Way.

StyxShell is a cybersecurity education project built around a simple idea: learning security concepts should feel like exploring, not studying. It’s a collection of retro-terminal web experiences themed around mythology, classic games, and cyberpunk aesthetics, each one hiding puzzles that teach real concepts like view-source awareness, network fundamentals, authentication, and OSINT techniques.

Think interactive CTF‑lite challenges you can stumble into on a Thursday night. The YouTube channel covers the same ideas in a more approachable format, from MDE and Intune setup guides to email authentication walkthroughs, aimed at people earlier in the security journey.