This service is offered by introduction only. It is not listed publicly and is shared with qualified principals through licensed investigative counsel, chief of staff referrals, state or federal law enforcement liaisons, and existing client relationships. If you reached this page directly, please include the name of the person who referred you when you contact us.
Who this is for
This engagement model is built for principals who have received credible, persistent, targeted threats and who need a digital counterpart to the physical protection already in place (or being stood up). It is not a general cybersecurity service and it is not a replacement for law enforcement.
- Elected officials. State representatives, state senators, mayors, members of Congress, governors and lieutenant governors, and their immediate families.
- Judges. Sitting trial and appellate judges, retired judges with active threat histories, and judicial clerks attached to high-profile cases.
- Law enforcement leadership. Chiefs, sheriffs, commanders, federal agents, and prosecutors with disclosed identities on active cases.
- Corporate executives. C-suite principals, board members, and founders with named exposure in litigation, labor disputes, or activist campaigns.
- Protected dependents. Spouses, adult children, and household staff who share infrastructure with the principal.
- Anyone with a credible, persistent, targeted threat. Including private individuals introduced through counsel.
Scope of work
Engagements are scoped around six areas. Any given retainer may cover all six or a focused subset. Every line item below describes work we perform directly, not tools we resell.
1. Threat intelligence and OSINT
- Social media enumeration of the threat actor across Twitter/X, Facebook, Reddit, Instagram, YouTube, TikTok, Discord, Telegram, Mastodon, Bluesky, Truth Social, Rumble, Pinterest, Twitch, Kick, 4chan, and Kiwi Farms
- Username correlation and handle pivoting to build a single identity cluster
- Dark web monitoring for the principal's name, address, phone, email, family members, staff, and travel patterns
- Leaked credential searches against threat actor accounts where a handle or email is known (HIBP, DeHashed, public breach corpora)
- Doxxing surface audit on the principal. Data brokers, public records, geolocated social posts, real estate records, campaign finance filings, voter roll exposure
- Ongoing keyword and alias alerts with a weekly rollup brief
2. Communications forensics
- Email header analysis. Full Received chain, IP trace, VPN versus residential differentiation, SPF, DKIM, DMARC failure analysis, sender attribution
- SMS metadata extraction from the principal's device. Carrier subpoena work remains with law enforcement; we build the evidentiary packet
- Social DM preservation. Metadata capture from screenshots, preservation request drafting for platform legal teams, evidence-bundle export
- Voice call analysis. Caller ID spoofing detection, spectral analysis of recorded threats where a recording exists
- Deliverable: per-message forensic summary with IOCs and chain of custody
3. Device forensics (consent-owner devices)
- Phone extraction on the principal's device using commercial-grade tooling (Cellebrite-class workflow where licensed, open-source equivalents otherwise)
- Memory and disk forensics on any computer suspected of compromise
- Stalkerware and commercial spyware scan across personal devices
- Network capture on the home perimeter if implant activity is suspected
- Deliverable: forensic report with timeline, hashes, IOCs, and preservation copies suitable for hand-off to the FBI or State Police
4. Digital protection of the principal
- Home network hardening. Router firmware, Wi-Fi segmentation, DoH, IoT isolation
- Phone hardening. MDM profile review, app inventory, permission audit, 2FA upgrade to FIDO2 keys
- Email hardening. High-trust account migration, FIDO2 enforcement, DMARC configuration for personal domains
- Social media privacy audit across every account the principal uses
- Data broker opt-out campaign across the 60+ sites that resell public records
- Password manager deployment for the principal and immediate family
- Threat model briefing for staff, chief of staff, and household members
5. Law enforcement liaison
- Chain-of-custody forensic reports with timestamps, SHA256 hashes, documented acquisition procedure
- IOC packets formatted for FBI, CT State Capitol Police, CT State Police Major Crime Squad, FBI Joint Terrorism Task Force ingestion
- Testimony-ready witness statements and declaration drafts
- Direct coordination with the assigned detective or agent. We do not replace law enforcement; we prepare material they can use
6. Ongoing monitoring
- Automated keyword monitoring across public social platforms and forums
- Alert subscriptions on known threat actor public handles
- Weekly threat briefing with trend analysis
- Monthly principal review covering new exposure, closed exposure, and active incidents
What we do not do
Every principal protection firm should state this plainly. Crossing these lines creates criminal exposure for the principal, for the firm, and burns the case in any eventual prosecution.
- No hacking the threat actor.We do not access the threat actor's email, social, cloud, or device accounts. That is a Computer Fraud and Abuse Act violation regardless of motive.
- No wiretap. We do not intercept live communications without a lawful wiretap order. Federal Wiretap Act and Connecticut eavesdropping law both apply.
- No illegal database access. Law enforcement databases, DMV records, private investigator databases that require licensing we do not hold, credit header data outside permissible use: off limits.
- No stalking or harassment of the threat actor. No physical surveillance that crosses into intimidation, trespass, or pretext.
- No confrontation. We do not contact, warn, or engage the threat actor. That work belongs to law enforcement and counsel.
- All offensive work is on the principal's consented devices. Every forensic acquisition, every account review, every network capture happens on the victim's own property with signed consent on file.
Engagement structure
Engagements begin with a paid initial threat assessment and move to a monthly retainer once the principal is onboarded. Every engagement is scoped and priced in writing before work begins.
| Phase | Deliverable | Fee range |
|---|---|---|
| Initial threat assessment | Threat actor profile, principal exposure audit, device triage, 30-day hardening plan, law enforcement briefing packet | $5,000 to $10,000 one-time |
| Monthly retainer | Ongoing monitoring, weekly brief, incident response retainer, hardening follow-through, family coverage | $2,000 to $5,000 per month |
| Incident response surge | Active threat escalation. Forensic acquisition, IOC packet, law enforcement handoff | $250 to $500 per hour, retainer credited |
| Family and staff coverage | Spouse hardening, dependent device review, shared account audit | Add-on to retainer, custom scoped |
Every engagement is custom scoped. The ranges above reflect typical work. Principals with multiple active threats, litigation exposure, or interstate threat activity generally fall at the upper end.
Law enforcement coordination
We work alongside, not in place of, the agencies with jurisdiction. Principal engagements in Connecticut typically coordinate with one or more of the following:
- Connecticut State Capitol Police. First stop for threats directed at legislators or the Capitol complex. We prepare written incident packets for their investigators.
- Connecticut State Police Major Crime Squad. For threats that rise to felony level under Conn. Gen. Stat. § 53a-61aa or related statutes.
- FBI field office (New Haven). For interstate threats under 18 USC § 875 or threats against federal officials under 18 USC § 115.
- FBI Joint Terrorism Task Force. Where the threat pattern fits domestic violent extremism or organized online harassment campaigns.
- Local police. For residence-proximity threats and immediate welfare concerns.
Where an engagement is routed through counsel, work product is delivered under attorney work-product privilege to the maximum extent permitted.
Frequently asked questions
Do you replace law enforcement?
No. Law enforcement has powers we do not have: subpoena, warrant, arrest, prosecution. We build the digital evidence that lets them move faster and charge more completely. Every engagement assumes law enforcement is involved or will be.
How fast can you onboard a principal?
Initial threat assessment typically starts within 48 hours of signed engagement and retainer. For an active incident, we can begin remote work within hours and travel to the principal the same day within Connecticut, next day for most of the Northeast.
How is confidentiality handled?
Every engagement is covered by a mutual NDA. Where the engagement is routed through counsel, we also work under attorney work-product privilege. No principal is named publicly. No case details are used in marketing or case studies without written release. Dashboards and files are encrypted at rest on our side and access-logged.
What is your jurisdiction?
Connecticut primary, available nationwide on referral. We coordinate with local licensed investigators where required by state licensure law. Solo-led delivery means the principal works with the same person from intake through close.
Are family members covered?
Yes when scoped in. Spouse hardening, dependent device review, and shared account audits are standard add-ons. Adult children who are not part of the household are scoped separately.
Do you provide physical protection?
No. We are the digital side. We coordinate directly with executive protection teams and licensed security firms handling physical protection. Where a principal has no physical team in place, we can introduce vetted partners in Connecticut and the Northeast.
Contact
This service is by introduction only. Contact security@valtikstudios.com with referral details. Please include the name of the person who referred you, a brief description of the threat environment, and preferred contact method. We do not discuss specifics over unencrypted email; expect a short exchange to move to Signal or an encrypted channel before substantive discussion.