Skip to main content
EVR:RDY — Defend Forward · Advance Always
Veteran-led defensive operations

Mission

Critical Infrastructure Defense

EVR:RDY delivers the lowest-cost, scalable cybersecurity solutions for OT/ICS environments with limited budgets and resources. We combine open-source tools with vendor-grade support, pooled resources, and AI-enabled elite teams powered by Google SecOpsto reduce expense while defending the nation’s critical infrastructure from evolving cyber threats.

1,015 Sites with physical disruption in OT environments in 2024
145,000+ ICS services exposed worldwide
56% Of organizations have OT-specific incident response plans
87% OT cyberattacks up year-over-year
81% Of industrial firms allocate <50% of security budgets to OT
100% Veteran-owned. Ready to defend.

"We have done so much, for so long, with so little, we are now qualified to do anything with nothing."

— unknown service member
Join the Mission
How We Operate

Approach

EVR:RDY applies the structure and precision of military cyber operations to defend the civilian systems that keep our nation running. Our approach is guided by transparency, scalability, and shared strength — principles that allow small operators to achieve large-scale resilience. We combine the openness of community-driven innovation with the power of enterprise-class automation to create a defense ecosystem that is both sustainable and effective.

Why Open Source

Accessibility · Transparency · Trust

Security should never be a luxury. Open-source technology allows EVR:RDY to deliver enterprise-grade defense capabilities at a fraction of traditional cost, while maintaining the transparency and verifiability that critical infrastructure demands.

Why Google SecOps

Scale · Automation · Collective Defense

The TACSOC (Threat Analysis & Cyber Security Operations Center) operates on Google SecOps (Chronicle) because it delivers nation-scale analytics at mission-level affordability. Built for massive telemetry, Chronicle provides the performance, automation, and reach required to defend multiple infrastructure sites under one unified command.

Funding Plan

Sustainable Growth · Mission Reinvestment

EVR:RDY’s funding model is designed to sustain operations without compromising mission integrity. Every dollar supports capability growth, workforce development, and defensive readiness for the operators who need it most.

In Combination

Open Source provides the foundation — a transparent, accessible layer of telemetry and tooling any operator can deploy safely.
Google SecOps provides the command layer — an AI-accelerated analysis and response engine that turns distributed telemetry into coordinated action.

Together, they embody EVR:RDY’s operational doctrine:

“Open where possible, automated where practical, and secure by design everywhere.”

This integration allows the TACSOC to deliver enterprise-class detection, investigation, and response for small and midsized critical infrastructure operators — at a cost, scale, and speed they can truly sustain.

Mission Data

Data Flow

T.A.P.S. (Telemetry, Analysis, Processing, and Security) is the backbone of our defensive operations — a disciplined data pipeline that carries mission-critical telemetry from the farthest edge of the OT network directly into analysts’ hands.

The pipeline ensures that every packet, signal, and alert moves securely, transparently, and with measurable impact. From remote field sensors to central command dashboards, T.A.P.S. provides the real-time visibility that defenders need to anticipate, identify, and neutralize threats before they disrupt operations.

From SCOUT at the host to the TacSOC, every component is engineered to keep defenders ahead of threats without vendor lock-in.

Click on hardware component icons below for detailed technical specifications and compliance information.

Operational Technology

OT Network

Active Deployment

SCOUT and SEER harvest host and network telemetry without disrupting production workflows.

SCOUT
SCOUT Active Dev · 75%

Lightweight host visibility for fragile industrial control systems — no kernel drivers, no intrusive footprint, no risk to process operations.
Mission Impact:

Safely gathers host telemetry every 2–3 minutes without interrupting production, forming the first layer of the Telemetry Acquisition Platform Solution (T.A.P.S.).

Technical Specs:
  • Collection cadence: 2–3 min interval (jittered for load safety)
  • Data captured: Event logs (Security/System/Application), process & service state, scheduled tasks, routes, interfaces
  • Data size: ~10–60 KB per tick (~5–30 MB/day per host)
  • Transport: BITS, SMB drop, or robocopy with per-file hashing, optional compression, HMAC/AEAD integrity
  • Compatibility: Windows XP/2003 → Windows 11
  • Operational impact: <5% transient CPU load, sub-50 MB daily footprint
  • Implementation options — native: Native scripts (Batch + WSH/JScript) — transparent & change-control friendly
  • Implementation options — binary: Packaged binary (C++/Rust) — signed, robust, crypto + compression
  • Compliance: IEC 62443, NERC CIP, NIST SP 800-82 alignment
Design Philosophy:

Built for fragile systems and harsh realities. SCOUT is engineered to provide host-level visibility where traditional EDRs cannot survive. It favors simplicity, safety, and control over intrusion or automation. Every collection action is throttled, logged, and reversible — ensuring that visibility never becomes vulnerability.

SCOUT embodies the EVR:RDY principle of do more with less: it runs silently, leaves no footprint behind, and operates within the strictest safety and change-control boundaries of industrial environments.

Simple. Predictable. Safe by design.

SEER
SEER PoC

Low-cost telemetry capture and forward node delivering full PCAP and ICS protocol metadata (Modbus, DNP3, S7) for forensic readiness and continuous visibility.
Mission Impact:

Bridges the visibility gap for small operators with Zeek + ICSNPP at a fraction of commercial cost, providing defensible forensic data, normalized metadata, and removable evidence storage for rapid, auditable incident response.

Technical Specs:
  • Throughput: 100 Mbps – 1 Gbps sustained
  • Data volume: 5–15 GB/day JSON metadata + 24–72 h PCAP retention per 4 TB drive
  • Stack: Linux + Zeek + ICSNPP + Fluent Bit
  • Design: Metadata-first logging, hot-swappable PCAP drives, removable evidence workflow
  • Hardware: Commodity fanless micro-PCs (e.g., Protectli) with redundant power
  • Forensic readiness: Per-drive hashing, chain-of-custody metadata, safe-swap scripts
  • Compliance: IEC 62443, NERC CIP (CIP-007, CIP-010), MITRE ATT&CK for ICS, NIST SP 800-82
Design Philosophy:

Visibility without violation. SEER is designed around the idea that defenders must see everything without touching anything. It captures complete network behavior passively — no packet injection, no protocol interference, no system risk.

By prioritizing metadata over volume, SEER ensures forensic completeness while keeping infrastructure lightweight. Every captured byte serves a purpose; every process is measurable, transparent, and verifiable.

Collect quietly. Observe completely. Leave nothing unaccounted.

Data Diode

Bridging the Domains

Hardware PoC

GHOST hardware diode pushes telemetry forward while preventing any path back into OT.

GHOST
GHOST PoC

Hardware-enforced unidirectional data diode using optical/electrical isolation to push telemetry out of OT networks while physically eliminating any inbound path.
Mission Impact:

Provides physical assurance of unidirectional transfer, preventing command injection or remote exploitation; a low-cost, open-hardware alternative to commercial diodes that makes zone segmentation affordable for small utilities.

Technical Specs:
  • Isolation: Optical/electrical TX-only with fail-safe posture
  • Throughput: 100 Mbps–1 Gbps
  • Latency: Negligible (fiber delay only)
  • Build: Commodity media converters + loopback fiber pair replicating diode behavior
  • Scalability: Parallel paths for redundancy or aggregate bandwidth
  • Compliance: IEC 62443 (zones/conduits), NERC CIP-005, NIST SP 800-82
Design Philosophy:

Absolute assurance through physical truth. GHOST is engineered under one uncompromising premise — if a signal can’t travel backward, neither can an adversary.

Its unidirectional optical and electrical isolation enforces trust boundaries that software alone can’t guarantee. No configuration can disable physics; no malware can reverse fiber. GHOST turns the concept of “air gap” into a measurable, repeatable hardware state.

When in doubt, cut the wire.

Information Technology

IT Network

Design + Pilot

RAMPART conditions telemetry before the TacSOC cloud analyzes, hunts, and reports.

RAMPART
RAMPART Active Dev

Trusted IT-side landing zone receiving all telemetry from GHOST. Normalizes, enriches, and stages data while providing a secure forensic workspace.
Mission Impact:

Bridges OT and the TacSOC cloud — ensuring telemetry consistency, compression, and deduplication, and hosting forensic staging where analysts remotely access SEER PCAPs and host images without breaching the one-way boundary.

Technical Specs:
  • Performance: 10k–50k events/sec normalization, < 1 s latency to SIEM
  • Daily volume: 5–20 GB/site post-compression
  • Functions: Ingest, normalize, deduplicate, compress, forward to SIEM
  • Forensic access: Mounts SEER hot-swap drives and host images for SOC-side analysis
  • Integrity: Hashing, timestamping, chain-of-custody metadata per artifact
  • Protocols: Syslog, HTTPS, UDP forwarding
  • Compliance: IEC 62443, NERC CIP-007 & CIP-010, NIST SP 800-82, MITRE ATT&CK for ICS
Design Philosophy:

Trust, but verify — then fortify. RAMPART exists to transform raw telemetry into trusted intelligence without ever compromising source integrity. It is a digital stronghold where data is cleansed, normalized, and secured before entering the analytical domain.

Designed as both a landing zone and a forensic bastion, RAMPART allows analysts remote access to packet captures and disk images without violating unidirectional flow. It bridges worlds — OT safety and IT insight — through disciplined engineering and immutable auditability.

Normalize, preserve, and defend — the wall that watches both ways.

TacSOC Cloud
TacSOC Cloud Design + Pilot

AI-driven, shared-service SOC that compresses the defensive power of a 50-person SOC into a 5-10 person elite veteran unit enhanced by automation and special-operations discipline.
Mission Impact:

Delivers coordinated detection, response, and reporting across all partner networks while training veterans into cybersecurity professionals.

Technical Specs:
  • mission: Affordable SOC capability for small OT/ICS operators via pooled infrastructure and AI automation
  • workforce: Hunter-Killer teams using special operations methodology (comprehensive L1-L3 functions, mentorship pipeline)
  • automation: 50-70% alert-noise reduction, <1min auto-classification via Chronicle + Gemini LLM
  • infrastructure: Shared Chronicle licenses enable collective defense—detection at one site strengthens all
  • framework: R.A.I.D. methodology (Recon → Acquire → Interpret → Defend) for continuous improvement
  • compensation: Above-market base pay + performance bonuses + equity participation ("Everyone Eats")
  • compliance: IEC 62443, NERC CIP, NIST SP 800-82, MITRE ATT&CK for ICS alignment
Design Philosophy:

Human precision at machine speed. TacSOC is built on the doctrine that elite teams, empowered by automation and purpose, can outperform massive bureaucratic SOCs. Its design fuses AI efficiency with military discipline — every alert triaged, every action logged, every operator accountable.

It is not just a SOC; it is a mission command center for digital battlefields — where veterans, apprentices, and machines operate as one adaptive unit. Automation accelerates; humans decide.

Few operators. High impact. No excuses.

Team

Veterans Running Point

The EVR:RDY Team

Veteran responders build the TacSOC and T.A.P.S. pipeline so critical infrastructure stays defended. Expand any bio to see the depth behind the mission and the blend of mission-first leadership with engineering rigor.

Erin Burns

Founder, Master Host Analyst
Erin Burns

10+ years DFIR expertise across enterprise and ICS

Erin Burns is an information security professional with over 17 years of experience leading and executing large-scale cybersecurity engagements and operations. As the founder of EVR:RDY, he combines deep technical knowledge with strategic leadership to advance OT/ICS cyber defense capabilities.

Timothy DeBerry

Principal Developer
Timothy DeBerry

Production-quality systems architect and secure coder

Timothy DeBerry is a former combat Infantryman with multiple combat tours before transitioning to cyber operations as a Cyber Warrant Officer. With over 16 years of military service across infantry and cyber warfare roles, he brings exceptional leadership, operational excellence, and security-first engineering to EVR:RDY.

Shayla LaPoint

Lead Security Engineer
Shayla LaPoint

Network analysis and threat modeling specialist

Shayla LaPoint is a U.S. Army Cyber Warrant Officer with over a decade of experience in the Cyber Protection Brigade, where she led and executed missions focused on defending critical networks and infrastructure. With a Bachelor of Science in Information Systems Security, she combines deep technical acumen with operational leadership to advance cyber resilience across enterprise and tactical environments.

Dylan Knox

Lead Hardware Engineer
Dylan Knox

Hardware design and prototyping innovator

Dylan Knox is a Lead Hardware Engineer specializing in custom electronics design, R&D, and rapid prototyping for critical infrastructure security solutions. His innovative approach to hardware engineering has been instrumental in developing the physical components that power EVR:RDY's telemetry acquisition platform.

Engage

Suit Up or Sponsor Up

Help us protect critical infrastructure.

Builders, operators, and funders drive our momentum. Share your talent, pilot the pipeline, or back the mission so veteran defenders can move faster.

How you can engage

Build with Open Source

Contribute to open-source telemetry tools, harden SCOUT/SEER transports, enhance RAMPART automation, or expand detection content. Join veteran engineers building transparent, accessible defense technology for critical infrastructure.

Deploy Google SecOps

Pilot T.A.P.S. components in production-like OT/ICS environments. Feed real telemetry into the shared TacSOC, help validate Chronicle integration, and strengthen collective defense intelligence across all partner sites.

Collaborate With Us

We are seeking mission-aligned public, private, and academic partners to work jointly on critical-infrastructure cybersecurity initiatives, enabling shared grant eligibility and expanding access to modern defense capabilities for underserved operators.

Contact EVR:RDY

Let’s coordinate next steps and keep critical infrastructure defended forward. Reach our operations desk for pilots, deployments, support, or partnerships. Include your organization, scope, timeline, and any constraints—we’ll route it to the right operator and respond quickly.

Partner briefings

Funding accelerates production launch, expands telemetry reach, and puts trained veteran analysts on the front line of OT defense. Let’s brief you on the roadmap and tailor a partnership.

Coordinate a briefing

The hardest steel is forged in the intense heat of the hottest dumpster fires.

– Anonymous