DeltaZulu is a small technology company focused on cybersecurity, infrastructure, and defensive engineering. We build tools and operational practice for teams that need their systems to keep working under pressure — not theatre, not buzzwords, not generic dashboards.
Cybersecurity, infrastructure, and defensive engineering are not separate motions for us. They are the same problem at different layers: keeping systems trustworthy when something unexpected hits them.
Practical, evidence-led security work — not posture theatre. We focus on the controls and telemetry that actually shape outcomes during an incident, and the audit artefacts buyers can defend in a review.
Networks, resolvers, edge services, identity boundaries — the load-bearing parts of an organisation's stack. We design, instrument, and harden infrastructure with operational realities in mind, not just topology diagrams.
Detection, response, drills, and the tooling that makes them survivable at small-team scale. We build for the operator who is on-call at 02:00, not for the slide-deck audience three quarters later.
Some of this work is released openly. Some becomes the basis for commercial products. The throughline is the same: instrumentation and controls a small operations team can actually run, audit, and explain.
Day-to-day tooling for detection, triage, and response — built so a small team can keep pace without drowning in vendor consoles or low-signal alerts.
Resolver telemetry, DNS-layer signals, and traffic instrumentation that make the boring parts of a network legible — well before an investigation needs them.
Controls, checks, and evidence outputs aligned to compliance regimes (NIS2, DORA-adjacent). The kind of artefacts a procurement reviewer actually reads.
Realistic exercises, attack-path validation, and tabletop scaffolding — the unglamorous discipline that turns a written runbook into something a team trusts at 02:00.
FOSS releases are how we share the parts of our practice that are most useful to peers and downstream users. They are not the company's commercial surface — they are the operational scaffolding under it.
A Windows desktop application with both GUI and CLI for managing adapter MAC addresses. A from-scratch reimplementation of Technitium MAC Address Changer with a narrower, more maintainable feature scope.
A Windows LAN tool (GUI + CLI) for discovering hosts and running bounded, authorised ARP-disruption sessions. Built for internal labs, defensive validation, and incident-response diagnostics on owned infrastructure.
A pair of plugins that extend Technitium DNS Server with operational integrations: pipeline-bounded query-log export to files, HTTP, and Syslog sinks; and a connector for ingesting MISP threat-intel indicators into DNS-layer enforcement.
Three current releases under the DeltaZulu-OU organisation. More tooling, including resolver-side telemetry and defensive-testing scaffolds, follows the same publish-when-useful cadence.
Browse the GitHub orgOur open-source work is the practice. Commercial offerings are deliberately announced apart from it — when they are mature enough to defend on their own terms, with their own positioning and support obligations.
It builds on the same resolver-telemetry and evidence-output work that runs through our open practice. When it is ready to stand on its own page, it will have one.
Direct enquiries about engagements, partnerships, or our published tooling are welcome. We reply individually — no marketing funnel, no qualification gauntlet.
For engagement enquiries, partnerships, and direct correspondence.
Open-source releases and the operational tooling behind our practice.
Company updates, hiring, and longer-form posts on defensive engineering.
