Secure Origin | Security & Infrastructure for Nonprofits, Newsrooms & NGOs

Cybersecurity services

What we do for your organization

From validating your defenses to managing compliance — hands-on security expertise without the enterprise overhead.

Run real adversary techniques against your environment. See what gets detected, fix what doesn't.

Identify exploitable weaknesses in your environment before attackers do — with clear, actionable findings tied to real business risk.

SOC co-management

Strengthen your security operations without replacing your team. We work alongside your existing analysts to improve detection, response, and daily workflows.

Compliance readiness

Navigate SOC 2, ISO 27001, and other frameworks with hands-on guidance and co-management — without the complexity or cost of a big consulting firm.

Phishing simulations

Test your team's resilience against real-world social engineering — and build lasting awareness through targeted, realistic simulations.

Security training & awareness

Build a security-conscious culture with practical, role-based training your employees will actually retain and apply.

Trusted by security leaders

Results backed by evidence, not assumptions

Our clients include public media organizations, managed security providers, and mission-driven teams who need their security validated — not just documented.

"Rafael worked with us on a purple team engagement to validate our detections and test whether our response SLAs held up against realistic attack scenarios. The engagement clearly showed where detections and processes worked as expected and where gaps existed, backed by concrete evidence rather than assumptions. It helped us prioritize improvements that directly strengthened our SOC operations and detection quality."

Rahman Shah — Director of Cybersecurity, PBS

"Rafael brings purple team expertise and SOC operational excellence. He has an ability to think like an adversary while strengthening defensive capabilities. His work at Secure Origin demonstrates deep technical knowledge, from threat emulation to detection engineering."

Ahmed Bukhari — CISO, Ace of Cloud

Secure hosting

Infrastructure built for sensitive work

Privacy-focused hosting on open source infrastructure in Iceland and the EU — designed for teams that need to know exactly where their data lives and who operates it.

Matrix / Element

End-to-end encrypted messaging for teams and sources — hosted in jurisdictions with strong press freedom protections.

Nextcloud

Secure cloud storage and document exchange for newsrooms and NGOs — a private alternative to commercial cloud drives.

SecureDrop

On-premises whistleblower submission systems deployed following Freedom of the Press Foundation guidelines. Available in the greater Los Angeles area.

Custom deployments

Threat-model-driven infrastructure for at-risk organizations — dedicated nodes, zero trust access, cross-provider replication.

View hosting plans →

Case studies

See how it works in practice

Real-world scenarios showing how we combine security consulting and managed hosting for organizations like yours.

Press freedom

Securing an investigative newsroom

Validated defenses, encrypted comms, SecureDrop deployment, and hosting outside US jurisdiction.

Case study · 8 min read

Nonprofits & NGOs

Protecting an international human rights NGO

Funder-ready compliance, field staff training, and encrypted infrastructure for sensitive operations.

Case study · 7 min read

Privacy-first

Security for a legal aid nonprofit

Security assessment, privileged data migration, and managed hosting with clear data residency.

Case study · 6 min read

View all case studies →

Work with us

Security and infrastructure from the same team

Whether you need your defenses validated, your compliance program built, or secure infrastructure stood up for your team — one conversation gets you started.

Schedule a call

Protect your work. Control where it lives.