Security, governance, and complex systems — engineered, not improvised.
Most technology failures are not caused by a lack of frameworks, tools, or expertise.
They fail when judgement is deferred at precisely the moment it is required.
Hypotenuse Lab exists to work in those moments.
Hypotenuse Lab is the research-led advisory practice of Hypotenuse Consulting.
What we do
We advise senior leaders and technical decision-makers facing high-stakes problems in complex, regulated, or fast-moving environments — where uncertainty is real, incentives are misaligned, and “best practice” is no longer a sufficient answer.
Our work is concerned less with optimisation, and more with:
- deciding what actually matters
- making trade-offs explicit and defensible
- producing artefacts that survive technical, regulatory, and organisational scrutiny
Themes
Security beyond compliance
When formal controls exist, audits pass, and yet confidence is still missing.
AI governance and risk
Where capability advances faster than accountability, and decisions have irreversible consequences.
Assurance of complex systems
Including payments, regulated infrastructures, and environments that cannot simply “fail fast”.
Outputs, not theatre
We do not produce generic slideware, alignment workshops, or vendor-led narratives.
Our outputs typically include:
- board-level papers and decision briefs
- reference architectures and control models
- assurance frameworks and implementation plans
These are designed to be used, challenged, audited, and defended — not merely presented.
Explore
What this is — and what it is not
Hypotenuse Lab is a small, research-driven advisory practice.
We work with a limited number of organisations each year, typically when:
- the problem is structurally difficult
- material regulatory or reputational exposure exists
- failure would be expensive to explain after the fact
If you are looking for generic advice, rapid scaling, or pre-packaged solutions, this is unlikely to be a good fit.