home / services / corporate package
FILE 01 · Corporate · Discreet

When information must stay inside the room.

Independent assessment of executive devices, privileged endpoints, and the network paths that connect them — for organizations protecting privileged communications, sensitive negotiations, and trade secrets. Conducted alongside your IT and legal teams, or independently when discretion is required.

Schedule a Discreet Assessment Email · Proton
FL PI License # A3200144 · Surveillance Specialist Group · NDA on file
FILE 01 · Corporate

Corporate TSCM Engagements

Starting at$3,500
Business engagements
Best for
Corporate security teams, executive offices, mid-size firms
Turnaround
2–3 weeks (scope-dependent)
Deliverable
Executive briefing + written remediation plan
Engagement type
On-site + remote, coordinated for minimal disruption

Scoped for executive teams and small to mid-sized organizations, our technical surveillance countermeasure services (TSCM), or bug sweeps include network security analysis for surreptitious surveillance devices and data leaks caused by rogue network hardware.

Calibrated to the surfaces most likely to carry exposure, with deliverables both your executives and your legal team can act on.

Scope of work
  • Environment assessment for unauthorized endpoints
  • Signals intelligence inspection for rogue networks
  • Network traffic and anomaly analysis
  • RF assessment of boardrooms & executive offices
  • Account & privileged-access audit
  • Controlled-access risk review
  • Evidence preservation for legal proceedings
  • Executive briefing and written remediation plan
  • Optional follow-up monitoring window
Start a conversation Schedule a Discreet Assessment Email Signal
// ENGAGEMENT TRIGGERS

Common engagement triggers

Most corporate engagements begin with one of these indicators. None is conclusive on its own — together, they describe the pattern of a real exposure, not coincidence.

INDICATOR · 01

Information surfacing outside intended channels.

A competitor referencing internal roadmap detail. A client receiving a counter-offer minutes after a privileged call. Press disclosure ahead of an announcement. The pattern points outward; the source typically runs inward.

INDICATOR · 02

Privileged conversations referenced externally.

A transcript, quote, or distinctive phrasing surfaces outside the room. Possible vectors include placed audio devices, compromised conferencing endpoints, or participant devices configured as microphones.

INDICATOR · 03

Anomalous behavior on executive devices.

Battery drain on idle phones. Unfamiliar configuration profiles. Messages flagged read prior to the executive opening them. Call quality degrading under specific conditions. Patterns that warrant independent assessment.

INDICATOR · 04

Capability migrating with departing personnel.

An engineer, salesperson, or executive whose new employer suddenly demonstrates capability that took years to develop. The question is less what departed than what continued to flow afterward.

INDICATOR · 05

Access patterns inconsistent with badge records.

Camera footage showing movement in a sensitive area without a corresponding badge log. Or outside vendor access exceeding the scope of work it was authorized for.

INDICATOR · 06

Network anomalies without clear attribution.

Outbound traffic on atypical ports. DNS queries to unrecognized domains. Authentication events from geographies without users. The kind of signal IT teams identify, then lack capacity to investigate.

// PROCESS

Three phases. Built around your operating rhythm.

PHASE · 01

Scope

Confidential intake with the right stakeholders — usually security, IT, and counsel. We map suspected exposure, set boundaries for who can know, and agree on success criteria before any on-site work begins.

PHASE · 02

Engage

On-site sweep, endpoint forensics, and network analysis, sequenced for minimal business disruption. After-hours where possible. We work alongside your IT or independently, whichever the situation calls for.

PHASE · 03

Brief & Remediate

Executive briefing (non-technical) plus a written remediation plan your IT and counsel can act on. Optional follow-up monitoring window so a fix doesn't just close the door — it confirms the door stays closed.

// FAQ

Common questions

Do you coordinate with our IT team, or work independently?

Both, depending on the situation. If insider threat is suspected, we work entirely independently and report only to the executive sponsor. When IT is cleared, we coordinate closely — their context shortens our timeline and improves the remediation plan.

How disruptive is the on-site work?

Minimal. Sweeps run after hours or during planned downtime. Endpoint forensics is staged so users don't lose their devices for the day. We've yet to be the reason a deadline slipped.

Will employees know an engagement is underway?

Only the people you decide need to know. Our operators are unbadged, we don't drive marked vehicles, and after-hours scheduling means most engagements complete without staff awareness. When discretion is the priority, we plan for it from intake.

What does the executive briefing look like?

A 30–60 minute walkthrough for the executive sponsor and any cleared stakeholders. Plain language, not jargon. Paired with a written remediation plan that your IT and counsel can take to action without us in the room.

Can findings support a legal case?

Yes — we preserve evidence with chain-of-custody discipline from the start so your counsel can use it downstream. We aren't a law firm and don't offer legal advice, but our deliverables are written with that downstream use in mind.

Do you offer ongoing monitoring after the engagement?

Optional follow-up window, scoped per engagement. Typically 30–90 days of passive monitoring on the surfaces we just hardened, so remediation gets validated rather than assumed.

Begin with a confidential consultation.

A 30-minute call establishes whether there is a real exposure and what an engagement would involve.

Request a Confidential Consultation
For enhanced discretion · Signal Username · Silent7.73 · Email · Proton