Our 2026 threat-landscape briefing for Brazilian operators is now open for registration. Reserve a seat
Eloquantico Start a conversation
About the practice

An independent security practice, built for the long engagement.

Eloquantico started in 2015 with a narrow conviction: most breaches are not the result of clever attacks, but of ordinary gaps left open too long. We close them, and we keep them closed.

Why we exist

We saw the same incident, again and again.

A misconfigured permission. A monitoring alert nobody triaged. A vendor with access long after the contract ended. The headlines talk about sophisticated threats, but the work that prevents most damage is patient and unglamorous.

So we built a practice around that work. No products to sell you, no platform to lock you into — just a team that treats your environment the way it would treat its own, and tells you the truth about where the risk really sits.

Abstract close-up of a circuit board representing layered digital infrastructure
How we work

Principles, not slogans.

These shape every decision we make on an engagement. We would rather lose a contract than break one of them.

01

Plain language

A finding nobody understands is a finding nobody fixes. We write for the people who have to act on it, not for other security engineers.

02

Evidence over assertion

We do not ask you to take our word for it. Every claim about your posture is backed by something you can inspect.

03

Independence

We sell no software and take no vendor commissions. Our only incentive is recommending what is right for your environment.

04

Handover by design

A good engagement leaves your team more capable than it found them. We document so you are never dependent on us.

05

Discretion

What we learn about your systems stays between us. Confidentiality is written into every agreement and into how we operate.

06

Proportion

Not every risk deserves the same response. We help you spend where it counts and leave the rest documented.

The team

Senior people, on your engagement.

Our consultants have run security at banks, fintechs, and health platforms. You work with them directly — not with a junior handed your account once the contract is signed.

RM

Rafael Mendonça

Founder · Practice lead

Twenty years across offensive testing and defensive architecture, including leading the security function at a Brazilian payments processor.

CA

Camila Andrade

Head of detection

Builds the monitoring pipelines behind our managed service. Former incident lead at a healthcare data platform.

TF

Thiago Ferreira

Compliance & governance

Translates LGPD and ISO 27001 obligations into controls clients can actually maintain. Background in regulatory audit.

Curious whether we're a fit?

The first conversation is about your situation, not our pitch. If we are not the right people for the job, we will tell you who is.

Start a conversation See what we do →