A small practice working only on financial-sector security.

What we do

Four things, deliberately. Threat intelligence (curated, sourced, timestamped). Detection engineering (in your stack, not ours). Incident response (retainer-based, with the regulator clock running in parallel). Security engineering (architecture review and infrastructure-as-code work that survives the engagement).

Each is described in detail at /services.

What we do not do

We do not run a managed SOC. We do not sell a platform. We do not publish thought leadership. We do not produce reports designed to sit in a binder. We do not speak on the threat landscape in the abstract — we work on the threats your specific systems are currently exposed to.

How we publish

Our public output is the advisory feed at /advisories and the editorial at /blog. Advisories are curated republications of public security disclosures relevant to financial infrastructure, with the original disclosing party preserved in the metadata. Editorial is long-form practitioner notes from real engagements, scrubbed of client-identifying detail.

Both ship via RSS at /feed.xml. We do not run a mailing list and we do not collect analytics on who reads what. The reader stays anonymous by default.

How we are paid

Subscriptions, retainers, and project engagements. All scoped in writing before work starts. Time and materials, weekly burn-down reporting on every engagement. We do not take percentage-of-fine contingencies, and we do not take engagements where success is defined as a regulatory or insurance outcome rather than a technical one.

Who we work for

Mostly regulated institutions, occasionally fintech infrastructure providers, occasionally the regulators themselves. Specifics are confidential. We will share references on request, with the client's permission, after a mutual NDA.

How to reach us

Email security@internationalmoneyflow.com or fill in the contact form. Encrypt sensitive details with our PGP key. We respond to every inbound within five working days.