Selected client work

Business case

A pre-launch consumer AI product team needed an independent review of their retrieval-augmented assistant before opening a closed beta. The team had a working prototype and a launch timeline but limited confidence in retrieval quality, security posture, and regulatory readiness.

Approach

Reviewed the full system from ingestion through retrieval, ranking, generation, and response. Recommended a hybrid retrieval pipeline combining dense and BM25 search with reciprocal-rank fusion and cross-encoder reranking, a knowledge-base schema with consent and licensing metadata, threat modelling against agent and RAG-specific risks, reliability SLOs with stage budgets, and an evaluation harness with measurable launch acceptance bars.

Deliverables

Board-level review document and a phased four-month plan feeding the team's go/no-go process for closed beta.

Business case

A small sports betting tips platform with a community app wanted to bring AI-assisted coding into its day-to-day workflow without losing engineering discipline. Leadership needed a single, focused session that introduced the team to Cursor and AI-augmented development practices on their own codebase, grounded in real research on AI-coding productivity rather than tool demos.

Approach

Delivered a workshop covering the state of AI in software development, a live AI-augmented coding session in Cursor on the team's own application, and the risks and good practices that come with adoption (hallucinations, secrets exposure, code-review discipline, test coverage). Closed with a set of concrete weekly habits each engineer could commit to, plus team-level next steps.

Deliverables

Workshop session with the engineering team, a slide deck covering tooling and risks, and a written set of next-step team commitments and weekly AI-development habits.

Business case

With AI-augmented development now part of the team's workflow, the same sports tipping platform needed a structured technical risk baseline before scaling further. The team wanted concrete, prioritised actions they could close inside 30 to 90 days, not a generic security review.

Approach

Assessed eight risk categories spanning critical and high severity: secrets and credentials in code and CI, key-person dependency and bus factor, backup and restore readiness with explicit RPO and RTO targets, code review and testing gaps, database scalability under load, endpoint security, documentation gaps, and monitoring coverage. Each risk was paired with industry data, current-state evidence, recommended tools with cost ranges, named owners, and 30-day or 90-day timelines.

Deliverables

Standalone technical risk assessment report with severity ratings, industry-data references, tool and cost recommendations, and a phased action plan ready for the team to execute against.