38 Years Breaking Things
So You Don't Have To.

Security consulting & product engineering by Kevin Stallard.

ThreatTape is the security consulting and product practice of a 38-year veteran of IBM/ISS, Northrop Grumman/CDC, U.S. Bank, and Microsoft/Activision. We don't just advise — we build production security tools. Then we use that experience to secure yours.

Book a Consultation View Services

Joint Ventures

Three structured ventures taking ThreatTape platforms to market

In Pilot Joint Venture

EDD-i

Enterprise compliance automation across 8 frameworks. In pilot with two Top-10 Am Law 100 firms — validated across the Americas, EMEA, and APAC.

  • Real-time multi-framework scoring (CIS, NIST CSF, ISO 27001, FedRAMP, CMMC, SOC 2, HIPAA, PCI DSS)
  • AI-driven risk analysis (FAIR model)
  • 50/50 JV with CAT LLC via EDDi Technologies SpA
  • Concept to enterprise pilot in 8 months
Modules: EDGAR CGAP
Visit edd-i.com Product Details
In Pilot Joint Venture

Ostraq

Election security platform on a NIST 800-53 High baseline. Active paid pilot with state and local government. JV integrates Resiliant Inc.'s IdNFT identity proofing technology.

  • Post-quantum encryption (NIST ML-KEM-1024)
  • Shamir threshold key management
  • Merkle-chain audit trail
  • Containerized appliance deployment
Visit ostraq.com Product Details
In Formation Joint Venture

eTrax + eCombine

Athletic management JV in formation with Eastburn Associates (education vertical). K-12 and higher-ed equipment inventory and athlete evaluation, FERPA-compliant by design.

  • FERPA-compliant student data architecture
  • School-district data sharing agreements
  • eTrax: equipment inventory + chain of custody
  • eCombine: athlete evaluation + roster scoring
eTrax Details eCombine Details

Individual Products

Tools and platforms built and operated under Threat Tape LLC

In Development

SourceIQ

Content provenance and disinformation analysis engine. Paste any social media URL — get a full intelligence report. Free for individuals, always.

  • 5 parallel analysis engines
  • Composite trust scoring (0-100)
  • STIX-format campaign fingerprinting
  • Government + enterprise revenue tiers
sourceiq.info Details
In Development

IQualify

The honest alternative to ATS-grift résumé optimization. Pre-application gap analysis, structured rejection reasoning, bias-audit by construction.

  • Greenhouse middleware (B2B)
  • Chrome + Firefox MV3 extension (consumer)
  • 25-entry bias catalog, legal-review-gated
  • Append-only prompt versioning + Merkle audit trail
Details
In Development

ThreatTape Recon

Automated reconnaissance and OSINT platform for penetration testers. Domain enumeration, CVE correlation, executive profiling, TOR-anonymous scanning.

  • Automated domain + subdomain enumeration
  • CVE mapping and vulnerability correlation
  • Executive and organizational profiling
  • Compliance-ready PDF reporting
Details
In Active Development

ConManagement

The Core-apps / Eventeny replacement built for Dragon Con-scale conventions — with Volunteer Management as a first-class differentiator.

  • Multi-tenant SaaS, 6 core services
  • Volunteer Management (the Eventeny replacement)
  • Convention operations + schedule + commerce
  • Mobile, analytics, communication services
Details
Playable

Roc

Trick-taking card game inspired by classic Rook. Highly configurable rules engine supporting dozens of regional house rule variations.

  • Flutter (iOS, Android, web)
  • AI opponents at four difficulty levels
  • Configurable regional rule variations
  • Multiplayer over Socket.io
Details
Playable

Drifter: Edge of the Black

Persistent-universe space trading game inspired by the BBS-era TradeWars 2002. Trade commodities, build economic empires, run with a corporation.

  • Persistent-universe trading and combat
  • Corporations (guilds) for cooperative play
  • Flutter (iOS, Android, web)
  • Successor in spirit to TradeWars 2002
Details
In Development

Trench Defense

Wave-based trench warfare defense game. Prepare fortifications, fight off AI attackers, upgrade between waves. A father-son learning project.

  • Wave-based defense mechanics
  • Building + combat + resource management
  • Father-son education project
  • Readable, well-commented code by design
Details
In Development

D20 Craps

Casino craps reimagined with twenty-sided dice. 3D physics demo bridges traditional casino craps with D&D tabletop gaming.

  • 3D physics dice (Three.js + Cannon)
  • Next.js + TypeScript
  • Targets both casino operators and tabletop gamers
  • Demo available on request
Details

How We Can Help

Decades of experience distilled into services that actually move the needle

Security Architecture

Zero trust, cloud security, network segmentation. Built on decades of what actually holds up.

Penetration Testing

Real-world attack simulations. Findings with context, not vulnerability dumps.

Compliance & Regulatory

FedRAMP, CMMC, SOC 2, HIPAA, PCI-DSS, ISO 27001, NIST CSF, CIS Controls.

Incident Response

24/7 emergency response. Forensics, containment, recovery. Been there before.

Virtual CISO

Senior security leadership without the salary. Shows up in the server room, not just the boardroom.

Executive Advisory

Translate technical risk into board-level decisions. M&A due diligence. Expert witness.

View All Services
CISSP CISM Certified Blockchain Professional Expert Witness 3 Issued Patents

Bring Your Hardest Problem.

First conversation is free. No pitch deck. No sales team. Just an experienced CISO who will tell you what's actually broken and help you fix it.

Book a Free Consultation