Independent cybersecurity consulting

Security reviews for products, code, and AI systems.

I’m Miguel Cruz. I help small teams find weak spots in apps, infrastructure, binaries, and automation before they become expensive.

Email Miguel View GitHub
  • Product security
  • Reverse engineering
  • OS internals
  • AI/ML systems

$ focused review

scope: app, API, binary, AI tool

check: access, data, configs, code

deliver: findings + fix notes

verify: confirm the gap is closed

Plain-English findings Risk, evidence, suggested fix, and how to confirm it worked.
Engineering context Tradeoffs, deadlines, and maintainability stay in the conversation.
Systems background OS internals, ML tooling, automation, application security, and embedded work.

Services

Security work you can hand to an engineer.

01

Security review & hardening

I review the parts of your product where mistakes get expensive: auth, data flows, deployment configs, permissions, dependencies, and update paths.

  • Threat modeling
  • Code and config review
  • Fix plan by priority
02

Reverse engineering & research

Need to understand a binary, app behavior, or platform detail? I can document what it does, what it touches, and where the risk is.

  • Binary and protocol analysis
  • Mobile and desktop internals
  • Repro notes and evidence
03

AI/ML security & automation

I review AI tools, agents, local model setups, and automation scripts for places where tools get too much access or data leaks out.

  • Agent and tool permissions
  • Sensitive data paths
  • Local AI deployment review
04

Product security advisory

For teams that need a security engineer in the room for a launch, design review, cleanup sprint, or second opinion.

  • Launch readiness
  • Roadmap and backlog triage
  • Incident preparation

Approach

A small, direct process: scope, dig, fix, verify.

I prefer short engagements with a clear question: what are we protecting, what can go wrong, and what needs to change first?

1

Scope

We agree on the system, assets, access, timeline, and what a useful answer looks like.

2

Dig

I read the code and configs, run targeted tools, inspect binaries when needed, and keep notes tied to evidence.

3

Harden

You get a prioritized list with impact, exploitability, effort, and concrete implementation notes.

4

Verify

After fixes land, I help confirm the risk is closed and leave reusable checks behind.

Selected security work

Security work tied to real systems.

Medical-device app security

Blackbird Tech

I worked on the security side of Blackbird Tech, a medical-device application. The focus was how the app handled sensitive device-adjacent data, access boundaries, and places where a software flaw could become a privacy or safety concern.

This is the kind of work this LLC is for: security review, threat modeling, and practical hardening around products where trust matters.

Visit blackbirdtech.app
Portrait of Miguel Cruz
Miguel Cruz Security, systems, and reverse engineering

About

I come from building and breaking systems, not just running checklists.

I started in mobile OS tinkering around the iOS 5 and Android Gingerbread era and stayed close to the lower layers: operating systems, reverse engineering, automation, embedded work, and ML tooling.

My GitHub is a good sample of how I work: ports, utilities, experiments, and systems projects built end to end. I like clear notes, reproducible findings, and fixes that fit the way a team actually builds software.

GitHub profile Portfolio repository

Contact

Tell me what you are building and what feels risky.

Email me with the product, the concern, and any timeline you have. If it is a fit, we can scope a focused review or advisory sprint.

mcruz@acecyberconsult.com github.com/Acelogic