SOCOPERATIONAL
SECABOUT.DOCTRINE
DTG00:00:00 UTC
THREATELEVATED
CLRTS / SCI
Index01 Services02 Capabilities03 Doctrine04 Contact05
Sybar / Doctrine

We don't sell tools.
We sell outcomes
the adversary respects.

2024
Founded
64
Operators on Roster
3
Operating Locations
SDVOSB
Designation
§ 01 / ORIGIN The Sybar Story

Founded by operators.
Run by operators.

Sybar Systems was founded in 2024 by three former federal red team leads who shared one observation: the industry had drifted away from technical depth, replacing engineers with auditors and operators with PowerPoint decks.

We built Sybar to be the antidote — a firm where every engagement is led by someone who has actually held a shell, written an authorization package, or stood up a SOC. No bench warmers. No B-team hand-offs.

Today we serve federal agencies, intelligence customers, and Fortune 500 enterprises whose missions cannot afford theater. Quiet, accountable, technical, and persistent — the way the work demands.

§ 02 / DOCTRINE Operating Principles

Six principles
we refuse to compromise.

// PRINCIPLE 01

Operators first.

Every engagement is staffed by people who have done the work — not managed it from a deck. Our senior operators stay on keyboard from kickoff through closeout.

// PRINCIPLE 02

Findings over findings.

A report with 200 low-severity bugs is noise. We surface the three findings that change your risk posture, with the engineering plan to close them.

// PRINCIPLE 03

Quiet by design.

We don't market your incident response. We don't tweet your engagement. Confidentiality is the floor — operational silence is the standard.

// PRINCIPLE 04

Build, don't borrow.

When commercial tools fall short, we write our own. Our internal arsenal — bespoke C2, custom exploitation primitives, and audit automation — runs every engagement.

// PRINCIPLE 05

Earn the re-up.

Every renewal is a re-vote. We measure ourselves on the percentage of clients who extend, expand, or refer — currently 94% across our last 48 months of work.

// PRINCIPLE 06

Train the replacement.

Our best outcome is a client who no longer needs us. We document, knowledge-transfer, and train your team to run the program after we leave the room.

§ 03 / PERSONNEL Leadership

The hands behind
the work.

KS
Kuldeep Sandhu
Co-Founder · Chief Executive Officer

Founder and chief executive. Former federal red team lead with deep experience across DoD, the IC, and the Tier-1 financial sector. CRTO, OSEP, GXPN. TS/SCI w/ FS Poly.

StrategyRed Team
SA
Sana Asif
Co-Founder · Chief Security Officer

Architected FedRAMP boundaries for 11 enterprise SaaS authorizations. NIST 800-53 / OSCAL practitioner. CISSP, CCSP, CISA.

FedRAMPRMF
DN
David Nakamura
Co-Founder · Chief Engineering Officer

Built and led a regional bank SOC through three nation-state campaigns. Detection engineering, SOAR, threat intel. GCIH, GCFA.

DefenseDetection
SB
Saba Asif
VP · Federal Practice

15-year federal civilian veteran. Led ATO programs at HHS and DHS components. eMASS power-user, cATO advocate.

cATOeMASS
JT
Jakub Tomescu
Principal · Offensive Operations

Authored five public CVEs. Speaker at DEF CON, BSidesLV, RSA. OSED, OSCE3. Runs Sybar's bespoke C2 framework.

Exploit DevC2
LV
Lena Vázquez
Principal · Cloud Security

AWS GovCloud architect. Built FedRAMP Moderate boundaries at three SaaS unicorns. AWS Security Specialty, CCSP, CKS.

AWSKubernetes
§ 04 / TIMELINE Operating History

Two years in contact.

2024
Q1

Sybar Systems incorporates in Houston, TX

Three former federal red team leads found Sybar around a single observation: technical depth had left the industry. Initial team: five operators.

2024
Q3

First federal prime contract awarded

Multi-year IDIQ for assessment services at a major Cabinet department. Cleared facility opens at the Houston HQ.

2025
Q1

GSA MAS schedule + Tampa operations center

SIN 54151HACS added to the catalog. Tampa SOC stands up to support SOCOM-adjacent clients; team scales past 60 operators.

2025
Q3

First FedRAMP Moderate sponsorship to ATO

Sybar shepherds a commercial SaaS through Agency ATO in seven months — opening the cloud authorization practice.

2026
Q1

CIO-SP3, SEWP V & continuous-ATO practice

Government-wide acquisition position established. Sybar engineers two of its first cATO deliveries; bespoke C2 framework — "Lattice" — released internally.

2026
NOW

Today — still in contact.

18 federal agencies served. 140+ engagements delivered. Zero material breaches post-ATO. 64 operators across three locations — and still taking the work the adversary fears.

§ 05 / RECRUITMENT Operator Pipeline

We're hiring the
people we'd want next to us.

// ROLE 01 · OFFENSIVE

Senior Red Team Operator

Houston, TX · TS/SCI required · OSEP / CRTO / GXPN preferred

REQ #SS-2026-0142 Apply →
// ROLE 02 · FEDERAL

RMF Lead · cATO Practice

Remote · Public Trust + · CISSP / CISM · eMASS expertise

REQ #SS-2026-0157 Apply →
// ROLE 03 · CLOUD

Cloud Security Architect

Hybrid · AWS GovCloud / Azure Gov · CCSP / CKS · FedRAMP exp.

REQ #SS-2026-0163 Apply →
// ROLE 04 · DEFENSIVE

Detection Engineer

Tampa, FL · Secret + · Sigma / KQL / Splunk · ATT&CK fluent

REQ #SS-2026-0171 Apply →
The work is hard. The mission matters.

Built by operators.
For the missions that matter.

Talk to Leadership Services