Boutique Security · kinga.sh

Security for
money-movement.

Pre-launch audits, cloud hardening, and SOC 2 readiness for crypto fintechs and cloud-native startups — before attackers find what you missed.

Book a scoping call See the work ↓

PAID SCOPING CALL · $5K · 3–5 DAYS · CREDITABLE TOWARD FULL ENGAGEMENT

The gap

Trail of Bits retains at $50K+/quarter. The big-4 security firms don't speak on-chain. Most crypto startups reach pre-launch with no security review of their custody flows, settlement paths, or key management.

Then they ship. Then they get exploited.

Kinga closes that gap. Engineer-led, practitioner-to-practitioner. We build the same infrastructure we audit — so the feedback is specific, not generic.

Services

Three fixed engagements.

Pre-Launch Security Audit

Crypto money-movement

$35K · 2 weeks
  • Manual review of money-movement paths
  • kinga-scan tooling sweep (SAST, secrets, IaC, deps)
  • Threat model: custody, settlement, on-ramps, key mgmt
  • Findings report with severity rubric
  • Remediation plan + retest included

Cloud-native (non-crypto) from $25K

Cloud Hardening Sprint

AWS · GCP

$20K · 1 week
  • IAM policy review + least-privilege remediation
  • CIS v1.5 baseline (CloudTrail, GuardDuty, Config)
  • Secrets management audit (rotation, scoping)
  • CI/CD security guardrails
  • Written hardening report + runbook

Post-engagement retainer available at $8K/mo

SOC 2 Readiness

Type I · Type II

from $55K · from 8 weeks
  • Gap assessment against TSC criteria
  • Remediation roadmap with priority sequencing
  • Evidence collection guide + control narratives
  • Policy templates (CC6, CC7, A1, PI1)
  • Positions you for a clean Type I audit

Type II readiness from $80K · 12 weeks

Not sure which engagement fits? Start with a paid scoping call — $5K, 3–5 days, credited toward any follow-on engagement signed within 30 days.

Proof of work

Active work. Not theory.

Currently Chief of Security at a crypto neobank — USDT on-ramps, custody infrastructure, AWS production hardening. All engagements are under NDA; work samples available on request.

OFAC/AML controls

On-chain sanctions screening + Slack alert tiering for a live USDT neobank

AWS hardening

CIS v1.5 remediation, GuardDuty, CloudTrail, IAM scoping, SSM-based secrets rotation

Fireblocks integration security

MPC co-signer architecture review, callback server (ECS/HTTPS), workspace-level AML toggle

Incident response architecture

Slack routing by severity, runbooks, Telegram paging, IR procedures for a 5-person team

Who runs this

MK

Menelik Rowe

Chief Security Architect · Bangkok 🇹🇭

Cybersecurity engineer and cloud architect. MSc in Cybersecurity & Information Assurance. Currently Chief of Security at a crypto neobank — pre-launch audit, AWS infrastructure, OFAC/AML controls, Fireblocks MPC architecture, incident response. Kinga is the practice built on top of that work.

menelik.dev →

Start here

Ready to talk?

Start with a paid scoping call. Three to five days, $5K, credited toward any full engagement signed within 30 days. No obligation beyond the scoping deliverable.

Email mk@kinga.sh

RESPONSE WITHIN 24 HOURS · ENGAGEMENTS START WITHIN 2 WEEKS