Skip to content
The reason RedLemon exists

That day in the meeting
I realised that
something wasn't working.

I had spent years working in cybersecurity at large companies. I knew what I was doing. I knew how to solve clients' problems. The problem was that solving clients' problems wasn't always the objective.

The moment that changed everything

What I saw in that meeting.

One day I was talking with my manager about a specific need one of our clients had. I knew how to solve it — a small modification to a product they already had, at no extra cost, that would have made them more loyal than they already were.

The conversation ended. My manager called the account executive. Two weeks later the client signed licences they were going to use at 1% capacity.

Nobody did anything illegal. Nobody lied. The system simply worked the way it was designed to work: sell, not solve.

That day I decided that when I had my own clients, that wasn't going to happen.
Background

More than 15 years
in the industry.

2009
Start in security and systems
First years in corporate infrastructure and security.
Projects at large corporations
Large-scale cybersecurity work for some of the biggest companies in the sector, including the CyberSOC of one of the world's most prominent consultancies.
Security architect
Specialisation in SIEM/SOAR architecture and design of monitoring systems for complex environments.
2017
RedLemon founded
With a simple idea: mid-sized companies should be able to have the same level of security as large ones, without the bureaucracy or the pointless licences.
How we work

When we say we integrate
anything, we mean it.

Most SIEMs say they can connect any security tool. We say we can connect anything that generates logs. The difference isn't marketing — it's how we think about problems.

The coffee machine example
"If you have a connected coffee machine that generates logs, we can build a rule to detect when someone makes three coffees in one morning."

It might sound like a joke. It isn't. It's exactly the same logic we use to detect anomalous behaviour in your network — just applied to what you need, not what comes configured out of the box.

Generic rules don't detect specific attacks. Attackers don't follow templates. That's why we configure the intelligence for your specific environment. Not someone else's.

What defines us

Three things we
will never do.

We don't sell you what you don't need
If something concerns you and the answer is that you don't need anything new, we'll tell you. We want to sell, but not at the cost of giving you something useless.
We don't deploy just to tick a box
We find it horrifying when a project gets delivered and three months later nobody knows if it's working. What we install has to work. And to know that, we keep watching after the project ends.
We don't make you talk to strangers
There's always a visible face. You start by talking to me. Then an engineer walks you through the day-to-day. And everyone has my number if they need it.
Next step

If someone is in your network right now, you don't know it.

A 15-minute call with an engineer who tells you the truth: what you have, what you're missing, and what risk you're taking right now without knowing it.

Call now Write to us →
15 minutes · No commitment · You might not like what you hear