About ArcForgeLabs

Why these tools exist.

Patrick Donohue

Patrick Donohue

IT Infrastructure & Cybersecurity — Spokane, WA

35+ years in IT infrastructure and cybersecurity, most recently in the financial sector. Author of API-ocalypse Now: Python’s Guide to Secure and Flexible Data Handling. Builder of tools that solve problems I’ve actually run into.

ArcForgeLabs exists because two categories of problem keep showing up in every organization I’ve worked with, and most of them never see it coming.

The first: your domain is a public artifact. DNS records, email authentication policies, TLS certificates, HTTP headers, subdomains — all of it is queryable by anyone with a terminal. Attackers run exactly this reconnaissance before deciding whether to pursue a target. Most organizations have never run it on themselves.

The second: employees report suspicious emails all the time. Most of those reports go nowhere. No response, no feedback, no triage — which means the next person to receive the same phish has no better odds than the first.

Surface Sentinel handles the first problem. Ephemeral Sentinel handles the second. Both return plain-language results that someone without a security background can act on.

Enterprise IT, financial sector infrastructure — the kind of work where configuration mistakes have real consequences and a phishing email reaching the wrong person isn’t theoretical. These tools automate that diagnostic work.

Neither tool will replace a full penetration test or a comprehensive security audit. What they will do is tell you whether the basics are covered before you spend money on something more elaborate. In most environments I’ve assessed, the basics weren’t.

How I build things

Every tool I build follows the same rule: answers, not dashboards. A finding that requires a security specialist to interpret is not useful to the person responsible for acting on it. “Your DMARC record is missing, here’s what that means for you” is more actionable than a risk score on a dial.

Results are deterministic and explainable. No black boxes, no model inference applied to something that doesn’t need it. Every finding has a source. Every score has a calculation. If you want to know why something flagged, the information is there.

And every tool is explicit about scope. Surface Sentinel reads only what is publicly visible — if it can see something, an attacker can too. Ephemeral Sentinel checks signals, it doesn’t guess. Neither overpromises. Overstating what a tool does is worse than understating it.

The tools

Surface Sentinel Scans your domain’s public footprint and returns a plain-English report of what’s exposed, misconfigured, or at risk. Live → Ephemeral Sentinel Analyzes suspicious emails for phishing signals and social engineering patterns, then explains what it found in plain English. Live →

The advisory side

Tools show you the problem. Sometimes you need help solving it — without a consulting firm engagement, a statement of work, or advice filtered through a sales process.

I offer direct advisory for teams that found something and need to know what to do about it: remediation guidance, practical prioritization, honest answers. Decades of real-environment experience, not vendor certifications.

Scan My Domain → Talk to Me