Umbra Penance designs, ships, and hardens SaaS, mobile, and embedded software, with security architected in from the first commit, not bolted on before launch.
Most studios build software, then scramble to secure it before launch. We do the opposite. Umbra Penance is run by an engineer who builds production systems and breaks into them for a living, so your product ships fast, audited, and ready for enterprise scrutiny from day one.
We don't lead with a tech stack. We sit down with you, understand the problem, then pick the right tools and method to solve it, and deliver against a fixed scope with a tangible result.
From idea to production: multi-tenant SaaS, web apps, and dashboards with tenant isolation, role-based access, and least-privilege security built into the architecture, not patched in before launch.
Production AI features and machine-learning models, from intelligent automation and reporting to systems that classify and detect in real time. Shipped with AI-accelerated delivery.
Firmware, device integration, and hardening for connected hardware, with automated conformance testing and validation before anything ships to the field.
Ongoing retainer for teams without a security hire: code review through an attacker's lens, hardening, release sign-off, and architecture advisory, on call when you need it.
Lead Auditor-led gap assessment and controls guidance to get you certification-ready, so security stops blocking enterprise deals and starts winning them.
Black-box and grey-box testing of your app, API, and infrastructure. We find what an attacker would, rate it by risk, and tell you exactly how to fix it.
You usually have to choose: a builder who ships, or a security specialist who audits. Here you get both: one accountable engineer, no handoffs.
The same engineer who architects your multi-tenant SaaS also runs penetration tests for a living. Security thinking is baked into every decision, not reviewed at the end by someone who didn't build it.
An ISO 27001 Lead Auditor in the room means security becomes a sales asset. Get certification-ready and stop losing enterprise contracts to a failed security questionnaire.
We ship faster using agentic AI workflows like Claude Code and the Claude API, without sacrificing architectural discipline or code quality. More product, sooner, for the same budget.
No account managers, no offshore relay, no finger-pointing between dev and security teams. You talk to the person writing the code and signing off the risk.
A transparent process with fixed scope and no surprises, so you always know what's happening and what comes next.
A free discovery call to understand the problem, followed by a fixed-scope proposal with clear deliverables and timeline.
Agile, AI-accelerated delivery with transparent progress. For audits, structured testing against OWASP and ISO frameworks.
Security review, hardening, and validation. Every engagement closes with documentation you can actually act on.
Knowledge transfer, clean documentation, and an optional retainer to keep things secure as you grow.
Umbra Penance is founded and run by Adel Acheli, a software and cybersecurity engineer who builds production systems by day and tests their defences by trade.
His work spans leading the end to end build of a multi-tenant SaaS platform and owning its application security: enforcing row-level data isolation across more than 20 tables, designing least-privilege access control, and running pre-release penetration testing. Alongside that he has delivered embedded firmware and connected camera systems, applied software research at university level, and a body of security work ranging from intrusion-detection machine-learning models to live machine exploitation.
The result is a single point of accountability from architecture through to deployment. Code is reviewed the way an attacker would read it, and every engagement closes with documentation you can act on.
Founder & Lead Engineer Adel Acheli
