LLM Application Development & Security

What this practice does

Secure Data Consortium provides hands-on LLM application work for organizations building with — or building on top of — large language models. The practice combines 19+ years of enterprise software architecture experience with active adversarial security research, delivered as a single practitioner.

LLM application development and integration. Custom LLM-backed applications, integration into existing enterprise systems, eval harnesses for model comparison, migration work between LLM providers. Python, Go, JavaScript. Deliverable is working code with a written architecture document, not slides.
On-premises and self-hosted LLM deployment. Deploy and harden self-hosted open-weight models (Llama, Mistral, Qwen) on local infrastructure for security-conscious enterprises. Air-gapped or VPN-isolated configurations for regulated environments. Hands-on engineering, not a deployment checklist.
RAG pipeline builds for specific corpora. Retrieval-augmented generation pipelines built against specific document collections — law firm case files, healthcare clinical guidelines, insurance policy documents, internal knowledge bases. Regulated-industry premium applies.
LLM application security review and adversarial testing. Architecture-level review of how user-controllable content flows into model inputs, what output validation exists, and where the failure modes live. Adversarial testing using documented prompt injection technique classes. Written report with reproducible payloads and remediation prioritization, mapped to OWASP LLM Top 10 and MITRE ATLAS.
EU AI Act adversarial-testing evidence packages. For US companies with EU customer exposure preparing for the August 2026 obligations under Article 15. Documented adversarial testing evidence in the format regulators expect.
Custom evaluation and red-team harness development. Reusable evaluation infrastructure your internal teams can run against future model versions. Python; integrates with existing CI and evaluation pipelines.

Why this practice

Most LLM-adjacent consulting in the market today comes from one of two directions: security generalists who don't ship code, or LLM developers who don't think about security architecture. This practice combines both backgrounds in one practitioner.

CISSP CSSLP CRISC

19+ years building production systems across enterprise architecture, application development, and infrastructure security. Bank of America, Citigroup, Verizon, Walmart, and others.
Active LLM and AI adversarial research. Cross-model prompt injection studies using locally-hosted LLMs (Ollama). Published research, reproducible methodology, results available on GitHub.
Active builder portfolio. Production algorithmic trading system on the Coinbase Advanced Trade API; custom Python and Go security tooling; locally-hosted LLM evaluation harnesses. Code samples available on request.
Registered security researcher on the Coinbase HackerOne program.
Previously at Chainalysis. Customer Success Engineer with direct experience deploying airgapped solutions for U.S. and foreign government agencies.

How engagements work

Single-practitioner boutique practice. The engagement model is built around delivering high-quality work without the failure modes of embedded-contractor relationships.

Project-shaped, not staff augmentation. Every engagement has a defined scope, a written deliverable, and a fixed timeline. No "embedded contractor" or "extension of our team" arrangements.

Defined response windows. Engagement letters specify response windows (typically two business days), not availability. Clear expectations, no on-call overhead.

Fixed-scope or capped-hours pricing. Most engagements are fixed-fee per deliverable. Hourly work is capped per engagement; no open-ended hourly retainers.

Remote-first delivery. Engagements run via VPN or jump box for environments that require it. On-site days are bounded and scheduled at engagement start.

From the lab

Independent research and writeups, published periodically:

Indirect prompt injection across four open-weight LLMs

A 1,280-trial study characterizing indirect prompt injection susceptibility across Llama 3.1 8B, Mistral 7B, Qwen 2.5 7B, and Qwen 2.5 Coder 7B at two production-realistic temperatures. Key findings: temperature reduction is not a reliable defense on susceptible models; output format constraint achieved 0/40 injection on the most-susceptible model tested.

Read the article on Medium · Reproducible harness on GitHub

Currently researching: locally-hosted LLM monitoring of network traffic for IoT exfiltration

Active research project applying locally-hosted LLMs to network traffic and log analysis for detection of unauthorized data exfiltration from IoT and media devices. The objective is a self-hostable detection layer that does not depend on cloud-based traffic analysis services. Writeup planned once methodology is stable.

Start a conversation

The fastest path to determining if this practice fits your need is a 30-minute scoping call. Fill out the form below or schedule directly.