Cathedral Cyber — Engineered like stone. Operated like a red team.

Cathedral Cyber is a small, veteran-owned red team and penetration testing consultancy for DoD and federal clients. We find the gaps before your adversaries do.

Scroll

>_ About

Mission, not marketing

The best way to defend against sophisticated adversaries is to think like one.

For 26 years I broke things for a living. I spent over a decade at NIWC Pacific as Chief Hacker and Senior Penetration Tester, leading offensive engagements against the DoD's most critical systems — C4ISR platforms, Navy warships, Coast Guard cutters, and SOCOM programs — from warship LAN lockers, pier side, Special Operations facilities, and places that don't make it onto resumes.

That experience is now Cathedral Cyber: a small, focused red team and penetration testing consultancy for DoD and federal clients. We don't sell fear. We sell clarity. We mirror how real adversaries think and move, so your defenders get a realistic training ground and your leadership gets an honest picture of resilience.

We also build tools. HELICS is a patent-pending integrity-monitoring system that uses Hyperledger Fabric to prove what changed on a system and when — data for your security team, not a shortcut through RMF.

>_ TS/SCI eligible. OSCP. SDVOSB.

Clearance

TS/SCI Eligible (Previously Held)

Certification

OSCP

Set-Aside

SDVOSB

26+
Years in Cyber
10+
DoD Red Team
OSCP
Certified
SDVOSB
Veteran-Owned

>_ Capabilities

What we do

Six disciplines. One adversarial mindset.

Red Team Operations

Full-scope adversary simulation against live environments. We play the role of your most capable threat.

Penetration Testing

Network, application, and physical assessments. Scoped engagements with actionable reporting.

Compliance Gap Assessment

CMMC and NIST 800-171 gap assessments. We identify control failures; your team owns the remediation and RMF package.

Threat Modeling

Identify your highest-value targets before an adversary does. Architecture review and kill-chain mapping.

Security Architecture

Design review for systems built to resist nation-state-level persistence and lateral movement.

Training & Workshops

Hands-on red team operator training. Purple team exercises. Detection engineering workshops.

>_ Arsenal

Tools forged in the field

Tooling developed during live engagements.

>_ WRAITH / RAZIEL

Passive shell session capture

Transparent PTY wrapper that timestamps every keystroke to SQLite. AI synthesis clusters activity by target and phase, maps to MITRE ATT&CK, and exports structured findings. Renaming to Raziel (raz CLI) — coming soon.

GoSQLiteBubbleteaAI synthesis
ACTIVEPRIVATE
>_ SPITFIRE

Deployable nerve center

Portable Docker-based red team server. Matrix Synapse, Covenant C2, IVRE, Gitea, CyberChef, Nextcloud — deploy, operate, destroy.

DockerShellKali Linux
ACTIVEOPEN SOURCE168
>_ HELICS

Continuous integrity monitoring

Hyperledger-based SCAP/STIG hash fingerprinting. Provides immutable proof of what changed on a system — data for your security team, not an RMF shortcut.

HyperledgerSCAPSTIG
ACTIVEPRIVATE
>_ COBALT STRIKE ARMORY

Evasive payload tooling

Private collection of Cobalt Strike scripts, BOFs, profiles, and evasive payload tooling developed for authorized red team engagements.

Cobalt StrikeBOFAggressorC/C#
ACTIVEPRIVATE

>_ Establish Contact

Engage

Tell me what you're defending. I respond within two business days.

Or email directly: contact@cathedralcyber.com