About

Why this exists.

Patrick Donohue

Patrick Donohue

IT Infrastructure & Cybersecurity — Spokane, WA

35 years in IT infrastructure and cybersecurity, most recently in the financial sector. Author of API-ocalypse Now: Python's Guide to Secure and Flexible Data Handling. Builder of tools that solve problems I've actually run into.

SurfaceSentinel exists because most small businesses have no idea what they look like from the outside — and attackers are counting on that.

Your domain is a public artifact. DNS records, email authentication policies, TLS certificates, HTTP response headers, open ports — these are all queryable by anyone. Attackers run exactly this reconnaissance before they decide whether to pursue a target. Most organizations have never run it on themselves.

I've spent 35 years doing assessments, writing policies, and cleaning up after incidents. The pattern that shows up every time: the basics weren't covered. Not because people didn't care — because nobody showed them what the basics looked like from the attacker's side, in terms they could act on without a security background.

SurfaceSentinel runs the same passive reconnaissance an attacker would run before targeting your organization. It translates those findings into plain language with specific next steps. No credentials required. No agent to install. Just an honest look at what's publicly visible about your domain.

It won't replace a full penetration test or a security audit. It will tell you whether the doors are locked before you spend money on a better alarm system.

How I build things

Every tool I build follows the same principle: answers, not dashboards. A finding that requires a security specialist to interpret is not useful to the person responsible for acting on it. A risk score that explains itself is.

Results are deterministic and explainable — no black boxes. Every finding has a source. Every score has a calculation. If you want to understand why something scored the way it did, the information is there.

And every tool is explicit about scope. Understating what it does is better than overpromising. SurfaceSentinel reads only what is publicly available. If it can see something, an attacker can see the same thing.

Also from the same shop

Ephemeral Sentinel

When employees report suspicious emails, they usually hear nothing back. Ephemeral Sentinel automatically analyzes every submission and returns a plain-language verdict — no analyst required for routine triage, no silence. Deterministic phishing triage at scale, without an LLM making decisions nobody can explain.

Learn more →

Questions or feedback: support@arcforgelabs.com

Built by ArcForgeLabs