Validating
Cloud Security Controls Enterprise AD Posture SOC Detection Capabilities Critical Web Applications

Bridging the gap between offensive analysis and enterprise defense. Specializing in cloud attack path mapping, targeted purple teaming, and detection validation to build true operational resilience.

Independent Practice Based in Estonia

Get in Touch

What I Do

Services

Offensive Security & Cloud Assessments

Validating true business risk without disrupting operations. Primary focus on Cloud Attack Path Mapping utilizing read-only access in Microsoft Cloud to uncover context-driven privilege escalation routes and structural vulnerabilities. Backed by a strong foundation in leading active Threat Emulation operations, comprehensive Web Application penetration testing, and experience with framework-driven engagements (such as TIBER).

Purple Teaming & Detection Validation

Operating seamlessly on both sides of the fence to translate discovered attack paths into actionable defense. Taking the exact routes mapped during cloud assessments to safely emulate specific threats within controlled cloud environments. Executing these targeted attacks as the adversary provides empirical validation of defense capabilities, showing exactly what the SOC detects across the SIEM/XDR stack (such as Microsoft Sentinel) and highlighting critical visibility gaps without ever risking production stability.

Technical Risk & Security Advisory

Acting as a highly technical internal security authority for enterprise clients. Bridging the gap between high-level risk management and actual engineering reality. Conducting comprehensive security posture assessments against industry frameworks, strict third-party vendor evaluations, and guiding internal teams on secure cloud architecture without slowing down business operations.

Ready to validate your enterprise defenses?

Get in Touch

Background

About

I operate an independent cybersecurity advisory practice from Pärnu, Estonia. Originally from Finland, my professional foundation was built over 7 years navigating the demanding Nordic tech sector, holding senior offensive security and consulting roles at industry heavyweights including WithSecure and CGI.

My technical background spans both sides of the cyber frontline. After starting my career in a SOC, I spent years deep in offensive operations. I specialized in leading target-oriented threat emulations and dedicated Purple Team engagements driving specific attack use-cases from the Red side while working directly alongside defenders.

Before launching my independent practice, my senior roles maintained a hands-on focus: delivering deep-dive penetration tests and complex environment audits, while acting as an embedded AppSec advisor for major organizations. A period handling on-call enterprise incident response further cemented my understanding of how organizations react under pressure.

Today, I leverage this continuous loop of breaking, defending, and enterprise advisory to dedicate significant time to R&D, focusing on mapping and securing the modern cloud attack surface.

Trusted across demanding sectors: Proven experience securing complex, high-stakes environments across Heavy Industry & Manufacturing, Financial Services, Telecommunications, Government & Critical Infrastructure, and massive Enterprise IT.

Tuomas Sillanaukee

Founder & Principal Security Consultant

Why Independent

The Independent Advantage

Zero Fluff

No automated scanner outputs disguised as penetration tests. I focus strictly on realistic exploitability and actual business risk, delivering findings that matter.

Direct Partnership

When you hire my practice, you get me. No account managers acting as middlemen, and your critical infrastructure is never delegated to junior consultants.

Architectural Depth

Breaking in is only half the job. I leverage my defensive and AppSec advisory background to provide actionable, architectural-level remediation strategies.

ValidatingCloud Security Controls Enterprise AD Posture SOC Detection Capabilities Critical Web Applications