Oregon / Operating remotelyFOUNDER-LED SECURITYCINDERSTRIKE.SYS // ONLINE

OFFENSE
INFORMS
DEFENSE.

We find the paths that matter, prove the risk, and help your team close them—without burying the answer in noise.

Scroll to inspect
HUMAN-LEDEXPLOIT-VERIFIEDREMEDIATION-READYNO THEATERHUMAN-LEDEXPLOIT-VERIFIED

Capabilities / 01–04

Security work that ends in a decision.

Every engagement is designed to replace ambiguity with a clear path forward.

01 / OFFENSE

Penetration testing

Exploit-verified testing that follows real attack paths across applications, networks, and identity—not a scanner export.

02 / EXPOSURE

Attack-surface review

Find what is exposed, understand why it matters, assign ownership, and remove the paths attackers can actually use.

03 / IDENTITY

Cloud & identity security

Review privilege, trust, recovery, and control-plane access across Microsoft, Azure, SaaS, and hybrid environments.

04 / RESILIENCE

Incident readiness

Turn response plans into practiced decisions with logging reviews, tabletop exercises, containment paths, and recovery validation.

05 / OPERATING PRINCIPLE

Security is not a score.

It is the ability to see clearly,

act decisively, and recover.

We work from evidence: the route in, the control that failed, the business impact, and the most useful next move.

Method / four movements

Scroll to follow the engagement

Observe. Prove.
Reduce. Transfer.

  1. 01DISCOVERY / CONTEXT

    Observe

    Map the environment, intent, and constraints before touching the controls.

  2. 02VALIDATION / EVIDENCE

    Prove

    Validate plausible paths and separate exploitable risk from background noise.

  3. 03REMEDIATION / PRIORITY

    Reduce

    Prioritize fixes that collapse the most risk with the least operational drag.

  4. 04OWNERSHIP / MOMENTUM

    Transfer

    Leave your team with context, ownership, and repeatable ways to stay safer.

Founder / Nathan Carrasco

Built by an operator, not a slide deck.

Cinderstrike is founder-led by Nathan Carrasco, a cybersecurity and infrastructure professional with more than a decade across security operations, systems administration, networks, and senior technical support.

ISC2 CCSecurity+ CEInfraGard MemberNIST / PCI
Meet the founder

Field notes / latest intelligence

Useful thinking for people responsible for the outcome.

View all insights
01Identity

Identity is the control plane

Cloud and SaaS security converge on one question: who can do what, from where, and how quickly can that access be contained?

Read field note
02Exposure

Your attack surface is a living system

Assets drift, credentials accumulate, and temporary services become permanent. Continuous context beats an annual inventory.

Read field note
03Resilience

Breach readiness is a design problem

The strongest incident response plan starts long before the alert: in identity design, logging, ownership, and practiced decisions.

Read field note

Start with the real question

Where could this fail?

Bring us the system, the concern, or the uncertainty. We'll help you turn it into a practical security plan.

Request a consultation