Custom software engineering
Product surfaces, internal tools, back-office systems and integration layers written from scratch or continued from a previous vendor.
Est. Practice
Index / 01
SEC AUDIOLOGY LIMITED is an independent technology practice. We design, build and operate software, data systems and cloud infrastructure for organisations that need work done properly — once, with a small team, and with the discipline to hand it back in working order.

Practice
Our work sits at the boundary between product engineering and operational technology. We are usually invited in when a system has outgrown its original shape — when the team that built it has moved on, when the load has changed, or when the organisation around it has changed faster than the code.
We prefer engagements where the outcome matters more than the schedule of demos: replacing a fragile pipeline, rewriting a legacy interface, standing up a private cloud environment, bringing a first version of a product to a state where it can be trusted with real customers.
Principles
Simplicity is a feature.
Fewer moving parts. Fewer services than the diagram wants. Fewer clever abstractions than seem justified at first.
Reversible decisions first.
We prefer choices that can be undone cheaply, and we resist committing to expensive ones before we have to.
Observability by default.
Systems we ship report on themselves. Logs, metrics and traces are part of the delivery, not something added afterwards.
Boring where it matters.
Databases, queues and language runtimes are chosen for durability and staffability rather than novelty.
Ownership handed back cleanly.
Documentation, runbooks and access transfer are treated as project deliverables, not favours.
Service areas
Product surfaces, internal tools, back-office systems and integration layers written from scratch or continued from a previous vendor.
Environment design, migration work, cost consolidation and platform engineering across the major public clouds and self-hosted estates.
Pipelines, warehouses, event streams and the reporting layer that sits above them.
Threat modelling, access review, secrets hygiene, dependency posture and incident preparation.
Bringing separately built systems into a coherent whole through well-defined interfaces.
Rewriting or extracting portions of long-lived applications so the parts that still earn their keep can continue to do so.

Problems we take on
Systems that no longer match how the business actually operates.
A tool built around a workflow that has since changed twice.
Costs that grew without anyone deciding they should.
Cloud bills, licence sprawl, duplicated services, environments nobody remembers standing up.
Data that exists but cannot be answered from.
The report is a person, and the person is overloaded.
Security posture that has drifted since the last audit.
Credentials in code, unpatched images, permission grants nobody has reviewed in eighteen months.
A product that works for early users but not for scale.
The next order of magnitude will break something predictable — pick which and rebuild it.
Software approach
We work in short, honest iterations. A written specification precedes serious code; the first version is deployable; and the production environment exists on day one, not week ten. We keep the number of concurrent branches small, and we prefer merging early over integrating late.
Languages
TypeScript, Python, Go, Rust and Java, chosen for the workload rather than the fashion of the quarter.
Runtimes
Containers on Kubernetes or managed platforms; serverless where the workload genuinely fits.
Interfaces
HTTP APIs, event streams and gRPC, documented from the same source that generates the client.

We design environments to be understood, not just to work. That usually means fewer accounts than the reference architecture suggests, network topologies that can be drawn on a single page, and identity models that can be reviewed without an expert present.
Security work is not a report; it is a set of habits inside the engineering process. We review dependencies before they enter production, treat secrets as first-class infrastructure, and draft incident procedures before they are needed rather than afterwards.

Data & analytics
Batch and streaming pipelines built with tools that operations teams can reason about — Airflow, dbt, Kafka, Flink — with documented lineage from source to dashboard.
BigQuery, Snowflake, Redshift and Postgres, sized to the workload rather than the largest option on the menu.
Business logic captured in versioned, tested SQL so that a chart can be traced back to the definition it depends on.
Dashboards and internal reports designed with the person who will actually read them, not the person who requested them.
Transformation
Transformation programmes usually fail at the join between the technology and the people who have to use it. We spend the early weeks understanding the current shape of work, and the later weeks removing the parts of the new system that would have made it feel like a downgrade.
Phase
Current-state mapping
Phase
Sequenced migration plans
Phase
Change readiness
Industries

Delivery
01
Framing
We begin with a written brief describing the outcome, the constraints, and the definition of done. No work starts until this is agreed.
02
Discovery
A short structured period spent reading the existing code, watching the current process, and speaking with the people who rely on it.
03
Prototype
A minimum end-to-end version, running in a real environment, used to expose the assumptions that need to be corrected.
04
Build
Iterative delivery with regular releases. Scope is renegotiated openly when reality changes.
05
Handover
Documentation, runbooks, credentials and knowledge transfer sessions treated as project deliverables.
06
Aftercare
An agreed period during which we remain available to the team that will operate what we built.
Quality
Testing is written alongside the code it protects. Continuous integration is treated as a system that has to remain green. Code review is a conversation about the design, not a rubber stamp on the diff.
Unit
Fast, deterministic, close to the code.
Integration
Real dependencies, real data shapes.
End-to-end
The critical journeys, kept few and kept passing.
Non-functional
Performance, load, and failure-mode tests where they matter.
Collaboration
We favour engagements where a compact team of senior engineers works directly with the people who own the problem. There is no account layer between the client and the person writing the code. Meetings are short, scheduled, and end with written decisions.

Questions
Correspondence
Enquiries about engagements, non-disclosure agreements, and scoping conversations are handled by email. We aim to reply within two working days.