38 Years Breaking Things
So You Don't Have To.

Security consulting & product engineering by Kevin Stallard.

ThreatTape is the security consulting and product practice of a 38-year veteran of IBM/ISS, Northrop Grumman/CDC, U.S. Bank, and Microsoft/Activision. We don't just advise — we build production security tools. Then we use that experience to secure yours.

Book a Consultation View Services

Joint Ventures

Two structured ventures taking ThreatTape platforms to market

In Pilot Joint Venture

OSTRAQ

Election security platform on a NIST 800-53 High baseline. Active paid pilot with state and local government. JV integrates Resiliant Inc.'s IdNFT identity proofing technology.

  • Post-quantum encryption (NIST ML-KEM-1024)
  • Shamir threshold key management
  • Merkle-chain audit trail
  • Containerized appliance deployment
Visit ostraq.com Product Details
In Formation Joint Venture

ETrax + eCombine

Athletic management JV in formation — in partnership across the K-12 and higher-ed verticals. Equipment inventory and athlete evaluation, FERPA-compliant by design.

  • FERPA-compliant student data architecture
  • School-district data sharing agreements
  • eTrax: equipment inventory + chain of custody
  • eCombine: athlete evaluation + roster scoring
eTrax Details eCombine Details

Individual Products

Tools and platforms built and operated under Threat Tape LLC

In Pilot

EDD-i

Compliance scribe + audit witness — authenticated endpoint scanning, governance posture, continuous compliance evidence. Executive-first (CISO, Legal, CFO, CEO, CTO).

  • Modules: EDGAR (endpoint scanner) + CGAP (governance posture)
  • Multi-tenant Azure deployment (Container Apps + NFS)
  • Belarc + EDGAR field coverage validated end-to-end
  • Intake / track / record — not an IR platform
Modules: EDGAR CGAP
edd-i.com Details
In Development

SourceIQ

Content provenance and disinformation analysis engine. Paste any social media URL — get a full intelligence report. Free for individuals, always.

  • 5 parallel analysis engines
  • Composite trust scoring (0-100)
  • STIX-format campaign fingerprinting
  • Government + enterprise revenue tiers
sourceiq.info Details
In Development

IQualify

The honest alternative to ATS-grift résumé optimization. Pre-application gap analysis, structured rejection reasoning, bias-audit by construction.

  • Greenhouse middleware (B2B)
  • Chrome + Firefox MV3 extension (consumer)
  • 25-entry bias catalog, legal-review-gated
  • Append-only prompt versioning + Merkle audit trail
Details
In Development

ThreatTape Recon

Automated reconnaissance and OSINT platform for penetration testers. Domain enumeration, CVE correlation, executive profiling, TOR-anonymous scanning.

  • Automated domain + subdomain enumeration
  • CVE mapping and vulnerability correlation
  • Executive and organizational profiling
  • Compliance-ready PDF reporting
Details
In Active Development

ConManagement

The Core-apps / Eventeny replacement built for Dragon Con-scale conventions — with Volunteer Management as a first-class differentiator.

  • Multi-tenant SaaS, 6 core services
  • Volunteer Management (the Eventeny replacement)
  • Convention operations + schedule + commerce
  • Mobile, analytics, communication services
Details
In Development

Roc

Trick-taking card game inspired by classic Rook. Configurable rules engine targeting regional house-rule variants. Not yet playable.

  • Flutter (iOS, Android, web) target
  • Configurable regional rule variants
  • AI opponents — design phase
  • Socket.io multiplayer — design phase
Details
In Development

Drifter: Edge of the Black

Persistent-universe space trading inspired by the BBS-era TradeWars 2002. Flutter mobile-first build is in development; not yet playable.

  • Persistent-universe trading + combat — design phase
  • Corporations (guilds) for cooperative play
  • Flutter (iOS, Android, web) target
  • Successor in spirit to TradeWars 2002
Details
In Development

Trench Defense

Wave-based trench warfare defense game. Prepare fortifications, fight off AI attackers, upgrade between waves. A father-son learning project.

  • Wave-based defense mechanics
  • Building + combat + resource management
  • Father-son education project
  • Readable, well-commented code by design
Details
In Development

D20 Craps

Casino craps reimagined with twenty-sided dice. Early 3D dice-roller prototype at d20craps.com; the full game and rules engine are in development.

  • 3D dice-roller prototype (Three.js + Cannon)
  • Next.js + TypeScript stack
  • Targets casino operators + tabletop gamers
  • Godot rebuild planned
Details

How We Can Help

Decades of experience distilled into services that actually move the needle

Security Architecture

Zero trust, cloud security, network segmentation. Built on decades of what actually holds up.

Penetration Testing

Real-world attack simulations. Findings with context, not vulnerability dumps.

Compliance & Regulatory

FedRAMP, CMMC, SOC 2, HIPAA, PCI-DSS, ISO 27001, NIST CSF, CIS Controls.

Incident Response

24/7 emergency response. Forensics, containment, recovery. Been there before.

Virtual CISO

Senior security leadership without the salary. Shows up in the server room, not just the boardroom.

Executive Advisory

Translate technical risk into board-level decisions. M&A due diligence. Expert witness.

View All Services
CISSP CISM Certified Blockchain Professional Expert Witness 3 Issued Patents

Bring Your Hardest Problem.

First conversation is free. No pitch deck. No sales team. Just an experienced CISO who will tell you what's actually broken and help you fix it.

Book a Free Consultation