CyberD20
CyberD20 Intelligence Group · Idaho · est. 2024

Cyber intelligence,
investigations, and
AI-assisted security
operations.

CyberD20 Intelligence Group delivers cyber investigations, cellular analysis, threat intelligence, and AI-assisted security operations for businesses, attorneys, and organizations seeking operationally grounded cybersecurity expertise.

Schedule consultation Request risk assessment
HQ · Eastern Idaho · INL Corridor / Service area · Idaho · Mountain West / 208·557·1883
OPS // STATUS OPERATIONAL
SOC Coverage
24 / 7
Avg. triage
< 8 min
hermes // analyst feed
FounderFormer FBI Cyber
PracticeCyber Investigations
LitigationCellular Analysis
IntelligenceThreat Intel & OSINT
OperationsAI-Assisted SOC
CourtExpert Witness
Capabilities · 01

Operationally grounded
cyber & intelligence services.

Eight integrated practice areas — built around the way real investigations and security operations are actually run. Engage one capability or pair them across an investigation, a litigation matter, or an ongoing managed program.

01

Cyber Intelligence & Investigations

Insider threat, fraud, attribution, and digital investigations — evidence-focused and legally defensible.

Learn more 02

Cellular Geolocation & Expert Witness

Call Detail Records (CDR), Historical CSLI, Cell Site analysis (tower, sector, call activations, timing advance), movement reconstruction, and litigation-ready expert testimony.

Learn more 03

Hermes AI-Assisted SOC

Analyst augmentation, alert enrichment, MITRE mapping, and orchestrated workflows on top of Wazuh.

Learn more 04

SMB Cybersecurity & Risk Assessments

Right-sized security operations, executive risk reviews, and managed visibility for SMB & mid-market.

Learn more 05

Incident Response Consulting

Containment, forensic triage, and recovery — coordinated with counsel, insurers, and executive leadership.

Learn more 06

Threat Intelligence & OSINT

Targeted collection, attribution analysis, and finished intelligence products for executive decisions.

Learn more 07

Insider Threat Investigations

Discreet, evidence-led inquiries into data exfiltration, policy violations, and trust compromises.

Learn more 08

Tabletop Exercises & Readiness

Executive-grade scenario rehearsals — ransomware, insider misuse, third-party compromise, and more.

Learn more
Featured · Hermes Platform

An AI-assisted layer for analysts — not a replacement for them.

Hermes augments your security operations. It triages alerts, enriches context with MITRE ATT&CK and threat intelligence, and orchestrates investigation workflows across Wazuh, Slack, and Telegram. Human analysts stay in the loop — and in command.

  • 01Contextual alert enrichment & MITRE ATT&CK mapping
  • 02Threat prioritization with analyst-in-the-loop escalation
  • 03Investigation timelines & collaboration via Slack / Telegram
  • 04Wazuh-native ingestion, detection engineering hooks
Explore Hermes
HERMES // ARCHITECTURE v 2.4 · prod
Wazuh SIEM EVENTS · AGENTS Threat Intel Feeds OSINT · TLP:AMBER HERMES Orchestrator routing · enrichment · timeline Threat Hunter Agent GRC Agent COMPLIANCE IR Agent CONTAINMENT Slack / Telegram ANALYST CHANNEL
Method · 02

How an engagement actually runs.

01 / SCOPE

Intake & operational scoping

Confidential intake call, scope definition, and rules of engagement. Counsel and executive sponsors aligned before any technical work begins.

24–48 hr
02 / COLLECT

Evidence & telemetry collection

Forensically sound acquisition of digital evidence, telemetry, and carrier records — with chain-of-custody documentation.

Days–weeks
03 / ANALYZE

Investigative & technical analysis

Hermes-assisted triage, MITRE ATT&CK mapping, OSINT pivots, attribution analysis, and litigation-grade documentation.

Iterative
04 / DELIVER

Findings, briefings, & defensible reports

Executive briefings, written findings, and — when applicable — deposition support and expert witness testimony.

Per matter
Principals

Federal investigative depth.
Private-sector pace.

CyberD20 was founded by an experienced cyber investigations and intelligence professional bringing former federal investigative experience, cybersecurity instruction, and SIEM engineering into private-sector security operations.

Engagements are led by the founder personally — not handed off to junior associates — and supplemented by a vetted network of practitioners across forensics, cellular analysis, and detection engineering.

About the firm Direct line: 208·557·1883
Engage

Quiet, credible, and operationally grounded — when the matter requires it.

Schedule consultation Active incident