DEVOPS + SECURITY SERVICES · EU-FOCUSED · CYPRUS-REGISTERED AVAILABLE FOR ENGAGEMENT

DevOps and security for teams that take both seriously.

skipOPS is a small Cyprus-registered consultancy that runs cloud platforms for EU teams on AWS, GCP, and Azure. Kubernetes engineering, CI/CD, infrastructure-as-code, DevSecOps, and compliance architecture - delivered as project work or long-term retainers. Engineering-led; the deliverable is working code, not slideware.

We specialise in the overlap where DevOps and security actually meet - the places most consultancies skip because it needs kernel, crypto, and regulatory fluency at once. GDPR, NIS2, DORA, and Schrems II supplementary-measures work is a standard part of the engagement, not a bolt-on.

Get in touch See services
WORKING STACK
Cloud
AWS · GCP · Azure · hybrid · bare metal
Platform
Kubernetes · Helm · ArgoCD · Cilium · Istio
Security
Kyverno · Trivy · Tetragon · Vault · OpenBao
Data
CloudNative-PG · NATS · Redis · Rook
Observability
Grafana · Loki · Hubble · OpenTelemetry
01 · Services
What we do

DevOps and security, run by engineers who write code.

Two practices under one roof - because for regulated EU teams, platform reliability and security posture are the same problem. We name the services explicitly below so you can tell whether we're a fit before the first call.

§ DEVOPS

Platform engineering and cloud operations.

  • Kubernetes platform engineering

    Production K8s on EKS, GKE, AKS, self-managed, or bare-metal - bootstraps, migrations, upgrades, multi-cluster fleet ownership, operator and CRD design. Deep work with Cilium (CNI + eBPF datapath), Istio service mesh, umbrella Helm charts, and ArgoCD app-of-apps patterns.

  • GitOps and release engineering

    ArgoCD umbrella-chart patterns, Helm chart design and versioning, GitHub Actions / GitLab CI pipelines, release promotion flows (dev → staging → prod with BOM generation), cosign / SLSA supply-chain hardening, reproducible builds, updatecli-driven dependency automation.

  • Infrastructure as Code

    Terraform (cross-cloud), Helmfile, Kustomize. State management, module design, plan-review discipline, drift detection, import reconciliation for legacy infra.

  • Observability and SRE

    Grafana + Loki + Tempo + Mimir stacks, Cilium Hubble for east-west flow visibility, OpenTelemetry instrumentation, SLO definition, incident-response playbooks, on-call rotation setup.

  • Stateful workloads on Kubernetes

    CloudNative-PG (managed Postgres), NATS JetStream (messaging + event streaming), Redis, Rook-Ceph (storage), Velero (backup / DR). Stateful K8s done honestly - with restore drills, not just backup configs.

  • Cloud architecture and migration

    Greenfield cloud design, cross-cloud migrations, hybrid on-prem ↔ cloud bridges, cost optimisation audits. Multi-cloud when it serves the threat model; single-cloud when it doesn't.

§ SECURITY

DevSecOps and compliance architecture.

  • DevSecOps and supply-chain hardening

    Shift-left scanning (Trivy, Grype, Snyk), signed artefacts (cosign, sigstore), SBOM generation, dependency audit, secret-in-git remediation, SLSA-grade build pipelines.

  • Secret management architecture

    Vault and OpenBao deployments and migrations, dynamic-credential rotation, transit-engine envelope encryption, eliminating K8s Secret as an attack surface, HSM-backed unseal ceremonies.

  • Kubernetes security hardening

    Pod Security Standards, admission controllers (Kyverno, Gatekeeper), RBAC audits, Cilium network policies, runtime enforcement (eBPF, Tetragon, Falco), kernel-CVE response cadence.

  • Service mesh and zero-trust networking

    Istio mTLS everywhere, SPIFFE/SPIRE identity, Cilium L7 policies, STUNner for WebRTC, fine-grained authZ with OpenFGA. Zero-trust done as an architecture, not a buzzword.

  • EU compliance engineering

    GDPR supplementary-measure architecture, NIS2 Article 21 controls, DORA Article 10 implementation, ISO 27001 technical annexes, SecNumCloud-aware design. Schrems II technical measures done correctly.

  • Incident response and recovery

    Breach-response playbooks, forensic-grade audit-log design, disaster-recovery drills with Velero restore tests, RTO/RPO targets against a real threat model, post-incident write-ups that don't protect egos.

NOT FOR US

We don't do UI/UX, frontend, data science, managed-SaaS onboarding, or certification theatre. If your problem is closer to "we need someone to click through the AWS console for a compliance audit" than "we need someone to rewrite our K8s platform" - we aren't a fit, and we'll tell you so on the first call.

02 · Approach
How we engage

Small scope, clear outcomes, working code.

We'd rather deliver one thing that actually lands than six in-progress workstreams. Here is what that looks like in practice.

§ A

Project-based or retainer.

Typical project: 4–12 weeks with a named deliverable (a migrated platform, a hardened CI/CD, a compliance-ready architecture). Typical retainer: monthly hours against an ongoing SRE or security backlog with defined escalation paths. Fixed-fee when the scope is clear; time-and-materials when it genuinely can't be.

§ B

Engineering-led, not account-managed.

Whoever answers your kickoff call is the person writing the Terraform and the Go. No layer of account executives between you and the engineers. Slower scaling on our side, faster and cleaner decisions on yours.

§ C

No slideware.

Deliverables are running code, merged PRs, documented runbooks, and honest architecture write-ups. If a slide deck shows up, it's because you need one for an internal audience - not because that is the work.

§ D

Honest about scope.

If something we would usually ship inside an engagement is actually a bad fit for your situation, we say so. If a problem is better solved by hiring internally than by extending a contract, we say that too. The short-term revenue loss pays for itself in referral quality.

§ E

EU time zone, EU regulatory fluency.

We operate in CET / CEST. Our team reads GDPR / NIS2 / DORA source text, not vendor summaries. If a US-based consultancy has told you "Frankfurt region is good enough for Schrems II" and you do not believe it - we are who you call to actually check.

§ F

NDAs, references, and the boring stuff.

Mutual NDA on request before discovery. References from prior engagements available under NDA for serious procurement reviewers. We carry professional indemnity insurance appropriate for consulting work of this scope.

03 · Company
Who we are

A small Cyprus-registered consultancy that likes hard problems.

skipOPS Ltd was founded in 2025 to do DevOps and security work most consultancies don't touch - the kernel-plus-crypto-plus-regulatory corner. We keep the team small on purpose; scaling headcount degrades the product we're selling, which is direct access to senior engineers.

LEGAL ENTITY
SKIPOPS LTD
Cyprus-registered private company
Registration number HE433806
REGISTERED OFFICE
Paphos, Cyprus
51 Griva Digeni
Athineon Court, Office 202
8047 Paphos, Cyprus
OPERATING TIME ZONES
CET / CEST
EU business hours. Client work covers UK + continental EU; on-call arrangements negotiated per engagement.
OPEN-SOURCE WORK
CloudTaser
One of the artefacts of our DevSecOps practice is CloudTaser - a Kubernetes data-sovereignty layer we built and now maintain. Source at github.com/cloudtaser.
04 · Contact
Reach us

Let's talk.

Evaluation, scoping call, procurement paperwork, partnership inquiry - all routes open. Replies within two EU business days.

ENGAGEMENTS

[email protected]

Initial scoping, engagement inquiries, procurement, partnerships. Include a one-paragraph description of the problem and any hard deadlines; we reply with availability and a proposed kickoff call.

REGISTERED OFFICE

Paphos, Cyprus

SKIPOPS LTD · HE433806
51 Griva Digeni, Athineon Court, Office 202
8047 Paphos, Cyprus

OPEN SOURCE

github.com/cloudtaser

The operator, wrapper, and eBPF codebases behind CloudTaser live here. Useful as a sample of the kind of code we ship on engagements - kernel-level, honest about failure modes, CI-backed.

LEGAL

NDA on request

Mutual NDA available on request before discovery. Professional indemnity insurance in place. References from prior engagements available under NDA for serious procurement reviewers.