Our Story

Security tools built by people
who run real networks

T-SecOps started as a personal detection lab — pfSense at the edge, Suricata on a mirror port, too many late nights investigating alerts that commercial tools couldn't explain. We built the tools we needed. Then we made them production-ready.

Request Access Platform Overview
Practitioner-built
Every feature exists because someone needed it in a real SOC environment — not because it looks good in a slide deck.
Local AI, always
Your alert data never leaves your premises. All LLM inference runs on your hardware via Ollama. No API keys to manage.
SMB to enterprise
Designed to be operated by one person or a full SOC team. Complexity scales with your team, not the other way around.
How We Build.

Six things we don't compromise on

These principles guide every architectural decision and feature prioritisation. They explain why T-SecOps works the way it does — and why we rejected certain design choices that would have made the platform easier to build.

01 — Privacy First
Your data never leaves your environment
Network telemetry is among the most sensitive data an organization produces. T-SecOps processes everything locally — the AI models, the threat intel correlation, the compliance engine. There is no "phone home", no cloud backend, no vendor visibility into your alerts.
02 — Explainable Detections
Every alert should be explainable in plain language
Black-box alerts cause alert fatigue. Every detection in T-SecOps shows the raw event, the ML score, the MITRE ATT&CK mapping, and an AI-generated explanation. You should always understand exactly why an alert was raised before you act on it.
03 — No Cloud Lock-in
Dependency on external services is a risk
SaaS security tools can be revoked, priced out of reach, or discontinued. T-SecOps runs on hardware you own. Threat intel feeds are optional and individually replaceable. The core detection capability works entirely offline, indefinitely.
04 — Automation-First
Manual tasks get skipped when people are busy
Security tools that require daily human intervention fail during incidents — exactly when they're needed most. T-SecOps runs 5 autonomous background jobs that classify, correlate, and brief without operator input. The system should make progress while you sleep.
05 — Compliance Built-In
Compliance evidence should be automatic
NIS2, NIST CSF 2.0, and CIS Controls v8 are not afterthoughts bolted onto a detection tool. The compliance engine maps every detection to specific control requirements in real time, generating audit-ready evidence packages without manual spreadsheet work.
06 — Operator Sovereignty
The operator always controls what happens
T-SecOps is a detection and analysis platform, not an autonomous response system. Network sensors operate in passive mode by default. Blocking rules require explicit operator approval. The AI advises — the operator decides. Every action is logged and reversible.
How We Build

Continuous development pipeline

T-SecOps is developed in structured build cycles. Each cycle follows the same rigorous pipeline from investigation to production — ensuring quality gates are passed before any code reaches users.

INVESTIGATION
Problem is defined, codebase explored, root cause confirmed
IMPLEMENTATION
Structured prompt → AI pair-programs with full context
WALKTHROUGH
HANDOFF reviewed, diff verified, scope checked
QUALITY GATE
UX, security, compliance, and i18n checks must pass
PRODUCTION
Tagged release, CHANGELOG updated, docs current
B-cycle
Build cadence
CalVer
Versioning (YY.MM.PATCH)
4 gates
Quality checks per cycle
0 regressions
Goal per release
Real Technology. Not Claims.

Built on real technology,
not marketing claims

These aren't marketing checkboxes — they're verifiable technical properties of the platform that you can inspect, test, and validate before deployment.

Full source code visibility
Security tools should be inspectable. T-SecOps ships with full source code access so you can verify exactly what runs in your environment. No compiled blobs, no obfuscated dependencies.
Suricata 7 at the core
Detection is built on the industry-standard Suricata IDS engine with full EVE-JSON telemetry, custom rule support, Sigma rule integration, and the same rule sets used by national CERTs.
Local LLM inference only
All six AI models run on your hardware via Ollama. Model files are fully inspectable — system prompts and parameters are documented and version-controlled. No hidden inference endpoints.
No vendor dashboard access
We have no visibility into your alerts, your network topology, or your security posture. There is no telemetry callback. Your deployment is entirely yours — we can't see it even if we wanted to.
Standards-based compliance
NIS2, NIST CSF 2.0, and CIS Controls v8.1 mappings are based on the published framework specifications. Control IDs are explicit in the codebase, not abstracted behind proprietary scoring models.
Runs on commodity hardware
A used workstation with 16GB RAM and an RTX 3060 is enough for a 500-device SMB network. No proprietary hardware, no vendor-locked appliances, no ongoing hardware licensing costs.
Three Products. One Mission.

Three products, one mission

T-SecOps is part of a broader ecosystem of security and intelligence tools built by the same team — all sharing the same principle: practitioner-built, fully local, no vendor dependencies.

T-SECOPS
T-SecOps Monitor
Network security monitoring platform
Full-spectrum network security monitoring with local AI detection, NIS2/NIST/CIS compliance engine, DNS threat analysis, endpoint XDR, and autonomous SOC capabilities. The platform you're looking at right now.
Suricata 7 IDS/IPS at the core
6 local Ollama AI models
3 compliance frameworks built-in
Docker Compose deployment
WI24RD
Wi24rd-Com
Security consulting & development
The team behind T-SecOps. Network security practitioners offering consulting, custom development, and deployment support for organizations that need help getting T-SecOps running in production.
T-SecOps deployment support
Custom detection rule development
Network security architecture
Incident response support
ASEWAVE
ASEWAVE
Threat intelligence & research
Threat intelligence research and analysis platform. Ransomware tracking, national risk assessments, and adversary simulation research that feeds directly into T-SecOps detection rules and threat intel integrations.
Ransomware campaign tracking
National risk assessments (NRV)
Adversary simulation research
Custom threat intel feeds
Request Access
T-SecOps is currently available by request. Tell us about your environment and we'll get back to you within 48 hours.
Let's talk
Email
contact@t-secops.io
GitHub
github.com/wi24rd-com
Based in
Denmark · Europe
Common use cases
SMB network monitoring NIS2 compliance pfSense + Suricata Air-gapped networks SOC augmentation MSSP platform Incident response OT/ICS adjacent University labs Government IT
Response commitment
We respond to all access requests within 48 hours. We'll schedule a 30-minute technical call to understand your environment and confirm T-SecOps is the right fit before moving forward.