The Week-Zero Audit - You Just Raised Your Series A. Your MVP Code Won't Survive Your Series B.
I'm Anosh Malik. I've been building complex systems since I was 9 years old, starting with RuneScape private servers and graduating to architecting a multi-part GTA 4 mod at 15.
At 17, I cold-called my way into my first professional role. Since then, I've been the first engineer at three high-risk startups: Tessian (Employee #11), BUMP (YC W18), and Nossa Data.
I've seen what happens when "move-fast" MVP code meets "Bank of England-grade" compliance. I'll audit your stack in 5 days and show you exactly how to bridge that gap.
What You Get - The Week-Zero Audit Deliverables
In 5 days, I'll personally conduct a high-intensity audit of your stack, security, and processes. On Friday, you'll receive a P0 Triage Report with a prioritized, actionable roadmap.
1. Security & Compliance Audit
What: A full review of your AWS/GCP/Azure (multi-cloud) org setup and IAM policies. A deep dive into your Zero Trust Access (e.g., Teleport, Tailscale) and SSO/ACL systems.
Why: So you don't wake up to a £2M breach or fail your first SOC 2 audit.
Outcome: A clear gap analysis for your next ISO27001 or SOC 2 audit, with cost estimates for each vulnerability.
Proof
At Nossa Data, I led the full ISO27001 security refactor. I migrated the entire stack from a single AWS account to a secure multi-account AWS org with SSO, implemented Teleport with strict ACLs for database access, and used Pulumi for Infrastructure-as-Code. This isn't theoretical. I've walked this exact path from "move-fast" startup to audit-ready platform.
2. Scalability & Architecture Review
What: A "stress test" and performance profile of your core NestJS/FastAPI application. A review of your SQL Database (Postgres, MySQL, RDS) performance, focusing on indexing and query inefficiencies. A CQRS / Event-Driven analysis.
Why: To prevent your monolith from breaking under scale and identify architectural bottlenecks before they cause outages.
Outcome: A technical roadmap showing exactly what needs to change to handle 10x traffic without a full rebuild.
Proof
At BUMP, I was the first full-stack engineer hired to fix the scaling problem. The entire backend was a single-file Parse.js app. I migrated it to a NestJS + GraphQL API and architected a CQRS-based event-driven order system for a StockX-like marketplace handling millions in transactions. I know what "technical debt" looks like at scale.
3. Process & DevOps Audit
What: A full review of your CI/CD pipeline (Docker build times, k8s deploy strategies). An analysis of your Observability Stack (e.g., Datadog, Sentry, ELK) and incident response process. An analysis of your Git workflow, code review quality, and testing culture. A "bus factor" and knowledge-silo report.
Why: To find the inefficiencies your team is too close to see and identify single points of failure.
Outcome: A process optimization roadmap with specific improvements to CI/CD speed, deployment reliability, and team workflows.
Proof
At Tessian (Employee #11 → 200 employees), I deployed to the Bank of England using on-premise Ansible scripts and co-engineered a high-throughput email gateway with a full Concourse CI/CD pipeline. At Tilt.app, I reduced Docker build times by 55% and optimized database indexing by ~350%. I've optimized pipelines for both startups and banks.
The Lore - The Pattern
I've been the first engineer at three startups. I know what "first hire" code looks like. I know the shortcuts you took to ship fast. I know which ones will kill you at scale and which ones are fine.
- Tessian (Employee #11). Joined as the first client-side engineer. Helped scale the company to 200+ employees (Sequoia, Accel, Balderton backed; acquired by Proofpoint). Deployed to the Bank of England and Dentons using on-premise Ansible scripts. Led the migration of the flagship Outlook Add-in from VB.NET to modern C#.
- BUMP (YC W18). Recruited by the CTO as the first engineer on the new full-stack team. Migrated the entire backend from a single-file Parse.js app to a scalable NestJS & GraphQL API. Architected a CQRS-based event-driven order system for a StockX-like marketplace handling millions in transactions.
- Nossa Data. Joined as the first hire and delivered the 2-week MVP (FastAPI, React, Next.js, AWS) to onboard 12 pilot companies including Toyota and Vodafone. Promoted to Head of Engineering and scaled to 170+ companies in 6 weeks. Led the full ISO27001 security refactor using Pulumi, migrating from a single AWS account to a secure multi-account organization with SSO and Teleport access control.
Recent Example: Tilt.app
A live-streaming e-commerce platform preparing for a high-spike seller event. I was brought in as a Senior Full-Stack Contractor to stress-test their infrastructure.
What I Found in Week 1:
- Database load bottlenecks. Critical inefficiencies that would crash under concurrent stream traffic
- Inefficient indexing. Query performance ~350% slower than optimal
- Slow CI/CD pipeline. Docker builds eating 45+ minutes per deploy on GitLab CI
What I Fixed:
- Weekend database migration. Migrated from Postgres to AWS RDS Aurora (Terraform-managed)
- 350% query optimization. Restructured indexes and optimized database queries
- 55% faster CI pipeline. Optimized Docker multi-stage builds and caching layers
- Frontend refactor. Rebuilt user onboarding flow using Vue 3 and Tailwind CSS
Result:
The live stream handled thousands of concurrent viewers without incident. The platform scaled. The startup survived.
This is what a "Week-Zero Audit" looks like in practice: Find the P0 issues. Fix them before they become outages.
Investment & Terms
A fixed fee of £7,500 + VAT.
50% upfront to book the sprint. 50% on delivery of the P0 Triage Report.
What's the ROI?
- Avoid catastrophic failures. A single production outage during a funding round costs you your Series B.
- Pass compliance audits. A failed SOC 2 audit delays your enterprise deals by 6-12 months.
- Prevent security breaches. A security breach costs £2M+ in GDPR fines, legal fees, and lost trust.
This audit identifies those risks BEFORE they happen. The ROI is 100x+.
FAQ - Common Questions
Everything you need to know about the Week-Zero Audit.
Why 5 days?
Each day has a clear purpose:
- Day 1: Infrastructure & Security Deep Dive
- Day 2: Application Architecture & Database Performance
- Day 3: DevOps, CI/CD, and Observability Stack
- Day 4: Team Process, Git Workflow, and Knowledge-Silo Analysis
- Day 5: P0 Triage Report Compilation & Delivery
What happens after the audit?
You have three options:
- Option 1: Use the P0 Triage Report with your existing team
- Option 2: Hire me for implementation (separate engagement, rates TBD)
- Option 3: Hire your own contractors using the report as a blueprint
The report is yours. What you do with it is up to you. This is not a bait-and-switch to upsell services.
Why hire a "First Engineer" to audit my stack?
I've been the first technical hire at three startups (Nossa Data, BUMP, Tessian). I know what "first hire" code looks like. I know the shortcuts you took to ship fast. I know which ones will kill you at scale and which ones are fine.
Most auditors have only worked at big companies. They'll tell you to "rewrite everything" because they don't understand startup constraints. I do. I've lived it three times. I'll tell you what MUST be fixed (P0), what CAN wait (P1), and what's fine as-is.
Do you have experience with [specific tech]?
I've worked extensively with: Python (FastAPI), TypeScript/JavaScript (NestJS, Node.js, React, Next.js, Vue.js), AWS (RDS, Fargate, Lambda, IAM, VPC), Docker, Kubernetes, Terraform, Pulumi, PostgreSQL, MySQL, MongoDB, Redis, GraphQL, and more.
If your stack includes something I haven't used, I'll be upfront about it during the triage call.
Ready to scale your MVP or audit your technical foundation?
Based in
- London
3rd Floor, 86-90 Paul Street, London
England, United Kingdom, EC2A 4NE