Skip to content
Bulwark Black Bulwark Black
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

About

Navy submarine vet. Solo engineer.

I'm Albert LaScola. I run Bulwark Black LLC, a service-disabled veteran-owned small business registered in Spokane, WA, working remotely with clients across the United States. Bulwark Black is two things under one roof: a daily cyber threat intelligence practice, and a shop that builds custom software and handles tech and security for small businesses.

I help people who got tired of being overlooked, oversold, or handed a ticket portal instead of a phone number. I do the work myself. I document it. I leave you stronger than I found you.

Background

How I got here.

I spent over a decade in the U.S. Navy submarine force, starting as a Sonar Technician and ending as a Senior Mission Systems Analyst running undersea-warfare operations. Submarines teach you to think in terms of redundancy, telemetry, and quiet competence. That's the bar I hold my own work to.

After the Navy I worked on VMware's Detection and Response Team (DART), primary triage, incident response, and continuous-monitoring work against FedRAMP, CMMC, and DFARS controls. Two years of watching real attacks against real environments changes how you think about "the basics."

I hold TS/SCI, an MS in Cyber/Electronic Operations and Warfare, a BS in Cyber and Network Security, and the usual stack of certs (Sec+, Net+, CEH, Certified Blockchain Practitioner). I also teach at Western Washington University, database systems and information governance, policy, and compliance. Teaching keeps me honest about explaining complex systems to people learning them for the first time.

What I've Built

I ship the things I'd want to use.

Most of what I build comes from being frustrated with the existing options. If a tool is brutal to use or priced for enterprises only, I build a version that isn't.

  • SAMscout.ai

    Multi-agent AI platform that writes federal contracting proposals. Built to give SDVOSBs and small primes the BD firepower of the bigger shops.

    samscout.ai →
  • Contractor Codex

    Branded client portal for service businesses. Time tracking, invoicing, Stripe, client approvals, all under your own brand, $10/mo.

    contractorcodex.com →
  • VA Disability Calc & Track

    iOS app for vets working VA claims. BVA-accurate math, 900+ diagnostic codes, encrypted document vault, fully offline. Built because the existing tools are bad.

    Download on the App Store →

Mission

What I'm here to do.

Give small businesses the same caliber of threat intelligence, custom software, and security that big organizations pay a fortune for, delivered directly by the person who does the work, remotely, anywhere in the country.

Approach

Fundamentals first. AI where it earns it.

I patch the basics, automate the boring, and use AI only where it actually helps. I say "no" when AI is the wrong tool. I document everything I touch. The work I ship for you is the work I'd ship for my own family.

What I will not do

Honest constraints.

  • · I will not sell you AI you don't need.
  • · I will not take a job I can't do well.
  • · I will not bypass safety checks to hit a deadline.
  • · I will not call a backup "done" without a real restore test.
  • · I will not lock you into anything you can't take with you.

For Agencies & Primes

The boring-but-important stuff.

If you're a contracting officer or a prime, here's everything you need to validate fit.

Identifiers

CAGE
17UL6
UEI
DVNTWBJ2HMP8
Status
SDVOSB · SAM Registered
State of Org
Washington
Clearance
TS/SCI

NAICS Codes

  • 541512
  • 541511
  • 541519
  • 541330
  • 541690
  • 541990
  • 811210
  • 334516
  • 561612
  • 425120
  • 336611