Selected Work

Case Studies

Real product work with clear context, delivery approach, and business outcomes.

Cybersecurity SaaS

NistCheck

NistCheck is a web application that helps organisations benchmark and improve cybersecurity maturity against NIST CSF v2.

Built for founders and CTOs who need strong technical execution with clear business impact.

Visit nistcheck.com

NistCheck dashboard showing assessment metrics and recent reports
NistCheck dashboard view used by teams to track posture, progress, and reporting status.

"Crave Tech met our rigorous security standards while delivering a platform tailored to our use-case requirements. Their practical product and technical insights helped us shape an extensible, partner-ready platform that is engaging, user-friendly, and aligned with our vision."

Context

Teams needed a practical way to understand current cybersecurity posture, identify gaps, and prioritize improvement activities using a recognized framework.

Existing approaches were often spreadsheet-heavy, hard to maintain over time, and difficult to communicate clearly to leadership and stakeholders.

The product goal was to reduce dependency on expensive external consulting by giving internal teams a credible self-serve path to complete assessments and plan uplift work.

Challenge

The product had to balance usability and rigor, while supporting different user maturity levels and handling security-sensitive workflows.

A major technical constraint was dynamic report generation, including AI-assisted narrative content tailored to each assessment.

The reporting pipeline needed to produce consistent, readable output across varied assessment inputs while keeping generation times acceptable for an in-app workflow.

Security quality had to be demonstrably high for launch readiness, not just a best-effort implementation.

Solution

Designed and built a secure SaaS experience with guided assessments, evidence-backed scoring, maturity benchmarking, and team collaboration support.

Architected for free and paid plans so users could start quickly and upgrade when they needed deeper analysis and reporting.

Designed the tenancy model to support a partner ecosystem, allowing consultancies to operate their own NistCheck tenant and manage customer organisations within that environment.

Mobile was treated as a first-class experience from day one, with core assessment and reporting workflows designed to work reliably on phones and tablets as well as desktop.

The delivery emphasized clear user guidance at each step so teams could move from assessment to action without requiring deep framework expertise up front.

Core flows included creating new assessment revisions while preserving historical reports and trend data, inviting collaborators, and generating AI-assisted reports for stakeholder communication.

Delivery Approach

Delivered by a single engineer over approximately nine months, using product-led iteration and AI-assisted development workflows.

Started with deep problem framing to understand the business model and ensure architecture decisions supported extensibility, future growth, and multiple delivery use cases.

Embedded security, observability, and release discipline from the early stages to avoid rework later.

Working solo enabled rapid end-to-end decision making across product, architecture, and implementation while maintaining a coherent technical direction.

Technical Stack

Backend: C# .NET 8 API + background worker

Frontend: React, Tailwind CSS, shadcn/ui

AI reporting: Node.js PDF report generation service powered by the OpenAI API platform

Data: PostgreSQL

Cloud: Azure

Infrastructure: Terraform

Payments: Stripe for billing and customer management

What Shipped

  • Guided NIST CSF v2 assessment workflows for structured, repeatable posture reviews.
  • Evidence-backed scoring and maturity tracking to support credible internal reporting.
  • AI-assisted dynamic report generation with exportable PDF outputs.
  • Assessment revision workflow that keeps historical statistics and past reports intact for longitudinal tracking.
  • Collaboration flow for inviting team members and coordinating contribution across assessments.
  • Partner ecosystem tenancy support so consultancies can run NistCheck as a service with their own customer content boundaries.
  • Role-aware account management with Stripe-backed subscription flows.
  • Cloud-hosted production deployment on Azure with infrastructure managed in Terraform.

Outcomes

~9 months

Concept to production launch

1 engineer

End-to-end build and release delivery

Core feature shipped

AI-assisted dynamic report generation

Design-partner cohort

Early users validating workflow and report usefulness

Independent pentest completed

Received one of the cleanest reports the vendor had seen

This project is currently in early validation. Initial usage confirms demand and provides high-signal feedback for prioritizing roadmap improvements before broader marketing rollout.

Why It Matters

NistCheck demonstrates the ability to take a complex, compliance-adjacent problem from concept to production with strong engineering discipline, practical UX decisions, and AI used where it delivers clear user value.

For founders and CTOs, the key outcome is a technically credible product that helps enterprise teams identify actionable cybersecurity improvements while lowering assessment costs versus traditional consulting-heavy approaches.

It also establishes a platform model for partner-led growth, where consultancies can use NistCheck as a business service to deliver value and generate their own revenue streams.

It also shows how a focused delivery model can produce a robust SaaS foundation quickly, ready for growth, feature expansion, and go-to-market scaling.

Need This Level of Technical Delivery?

If you are a founder or CTO building an AI-enabled product and need end-to-end execution with strong engineering standards, let's talk.

Start a conversation

Gaming Venue Platform

Reveal

Reveal is a cloud-connected content and operations platform for touchscreen display systems deployed in gaming venues across New Zealand.

Built for operators and technical decision-makers who need reliable venue software, centralized content control, and low operational overhead.

Client: Advance Gaming

Reveal touchscreen interface showing venue information and rotating content panels
Reveal venue display view with branded content, compliance information, and rotating visual modes.

Context

The previous generation system was aging and did not support modern cloud-based customization for client-managed venue content.

Updating on-screen information often depended on internal staff workflows, creating avoidable operational load and slower turnaround for venue changes.

Challenge

Reveal displays had to remain functional during poor connectivity or internet outages, while still guaranteeing legally required venue licence information was always viewable.

The platform also needed robust tenant isolation and role-based access across organisations, venues, and internal support staff.

Solution

Delivered a three-part architecture: a deployed touchscreen application, a multi-tenant client portal, and a cloud-hosted web layer powering display content sync.

The venue experience included key information surfaces such as about, contact, gambling help, game rules, grant recipients, jackpot information, and venue licence details.

Added rotating visual modes including poster display and background rotation, with configurable venue specific branding, information, and a home-screen video panel centrally managed through the portal and synced to deployed Reveal endpoints.

Delivery Approach

Delivered by a single engineer in approximately three months, spanning product design, architecture, implementation, infrastructure, and deployment.

Prioritized resilience and data synchronization behavior early so deployed systems remained stable in real-world connectivity conditions.

Technical Stack

Backend: C# .NET 8 API

Portal + web app: React, Tailwind CSS, shadcn/ui

Deployed app: Electron + Node.js desktop runtime

Data: PostgreSQL

Cloud: AWS

Infrastructure: Terraform

What Shipped

  • Touchscreen venue software optimized for always-on display reliability.
  • Multi-tenant client portal with role and permission controls across organisations and venues.
  • Cloud-sync content management workflows for both client teams and Advance Gaming staff.
  • Display content system for venue information, compliance content, and dynamic visual modes.
  • Configurable home-screen video panel with centralized cloud management and device sync.
  • Cloud-hosted web delivery layer consumed by deployed Reveal endpoints.

Outcomes

~3 months

Single-engineer concept-to-production delivery

Operational uplift

Fewer incidents and less manual intervention required

Client self-service enabled

Venue teams can update content directly without support bottlenecks

Why It Matters

Reveal shows how to modernize a legacy, hardware-adjacent product into a cloud-managed platform without sacrificing reliability in constrained real-world environments.

For founders and CTOs, this demonstrates practical strength in offline-tolerant architecture, multi-tenant platform design, and end-to-end product execution on a tight timeline.

More Case Studies Coming

Additional product and AI delivery case studies are in progress and can be shared privately on request.

Request details