About · Base66

About

Small team. High standards. No bait-and-switch.

Base66 is intentionally compact: the people you meet in discovery are the people shipping your milestones.

How we work

We bias to explicit tradeoffs, thin vertical slices, and weekly demos so stakeholders never wonder what happened last week. Our default stack centers on Next.js, TypeScript, and AWS—paired with a cyber security practice covering vCISO advisory, ISO/IEC 27001 work, and security operations.

Timeline

2022
Founded as a product engineering practice covering Next.js apps and AWS foundations.
2023
Expanded into applied AI: RAG pipelines, eval harnesses, and production guardrails.
2024
Stood up a global SOC with Google SecOps—about 20 major log sources onboarded in roughly two months—and rolled out AWS GuardDuty and Security Hub across approximately 300 AWS accounts.
2025
Supported Google SCC across approximately 1,000 GCP projects, led Wiz CSPM rollout, and migrated approximately 10,000 endpoints to SentinelOne EDR.
2026
Operating as an integrated studio across web, AI, AWS, and security; offering vCISO retainers and ISO/IEC 27001 readiness packages.

Security practice

vCISO advisory plus hands-on cyber defence.

Our security practice combines governance work (ISO/IEC 27001, risk management, vendor reviews) with hands-on security operations (SIEM/SOAR, EDR, CSPM, MDM, DLP) at enterprise scale.

What we cover

vCISO / part-time CISO: governance, risk, and security advisory for senior stakeholders.
ISO/IEC 27001 readiness and certification, including ISMS design, policy framework, evidence management, and audit chaperoning.
Detection & response capability build-out: detection engineering, playbooks, MITRE ATT&CK coverage, and CISO-level metrics (MTTD, MTTR, false-positive rate, SLA compliance).
Cloud security at scale across AWS Organizations and GCP, with unified case management and selected automated response.
Endpoint and data protection: SentinelOne, Intune, Defender, Purview DLP, Windows Security Baselines.

Scale we have operated at

10K+

Endpoints secured or migrated

300+

AWS accounts under unified detection

1K+

GCP projects monitored

20+

Major log sources onboarded in ~2 months

Tools we go deep on

Google SecOpsSentinelOneWizTenable.ioAWS GuardDutyAWS Security HubGCP SCCMicrosoft IntuneMicrosoft PurviewTheHiveISO/IEC 27001MITRE ATT&CK

Values

Clarity over noise

We write plans you can defend internally—scope, risks, and what “done” means.

Operability by default

Features ship with logging, metrics, and rollback paths—not as afterthoughts.

Long-horizon code

We optimize for maintainability: types, tests where they earn their keep, and boring infra.

Team shape

Base66 is intentionally small and senior: practitioners across vCISO, security operations, AWS, and product engineering. Engagements are led by the people you meet in discovery—no offshore hand-off, no junior-only delivery teams. We work distributed and async-friendly so coverage adapts to the engagement, not the other way around.

Capacity is augmented by a vetted bench of long-term contractors we have shipped with before. Every engagement names the practitioners assigned, with rates and time commitments written into the SOW.

Loading…

Timeline

2022

Founded as a product engineering practice covering Next.js apps and AWS foundations.

2023

Expanded into applied AI: RAG pipelines, eval harnesses, and production guardrails.

2024

Stood up a global SOC with Google SecOps—about 20 major log sources onboarded in roughly two months—and rolled out AWS GuardDuty and Security Hub across approximately 300 AWS accounts.

2025

Supported Google SCC across approximately 1,000 GCP projects, led Wiz CSPM rollout, and migrated approximately 10,000 endpoints to SentinelOne EDR.

2026

Operating as an integrated studio across web, AI, AWS, and security; offering vCISO retainers and ISO/IEC 27001 readiness packages.