01
Senior by default
Every engagement is staffed by people who have shipped, broken and repaired production systems for a living.
№ 01 — Manifesto
NOTSOBAD LTD is a small, deliberate technology house. We build the cloud platforms, intelligent systems and secure software that quietly run the things organisations depend on every day.

NOTSOBAD LTD is a privately held technology company assembled from engineers, designers and operators who would rather build one good thing than ten loud ones.
We work across software, cloud, intelligent automation and security — the four disciplines that decide whether a modern organisation moves with confidence or moves with anxiety. Our remit is to remove the anxiety.
We are headquartered as a registered limited company and operate through a distributed network of senior practitioners. Every engagement begins with the same question: what is the smallest, most durable thing we can build that earns its keep?
We exist to give organisations software that is honest about what it does — systems that fail gracefully, scale predictably, and respect the people who depend on them. Our mission is not novelty. It is durability.
We imagine a decade in which intelligent, secure systems become as quiet and reliable as electricity. Our role is to engineer the parts of that future that organisations will eventually take for granted.
01
Every engagement is staffed by people who have shipped, broken and repaired production systems for a living.
02
We will tell you when a project should be smaller. We will not invent work to fill a calendar.
03
We invest in understanding your industry before we write a line of code or draw a single diagram.
04
Our systems are designed to be readable by the team that inherits them five years from now.
05
Threat modelling is part of the design phase, not a checklist tacked on at the end.
06
We write proposals, reports and documentation as if a thoughtful non-engineer will read them. They usually do.
Code is read more often than written. We optimise for the reader.
We document what failed as carefully as what worked.
We design for the team that comes next, not the one applauding now.
We treat unfamiliar problems as the most interesting kind.
The people using the software are real. Their time is finite.
Every system we ship has a maintainer with a name attached.
Tools are means, never ends. We invest deeply in a curated stack so we can move quickly without surprising ourselves a year later.

Phase 01
Listening, mapping constraints, interviewing the people closest to the problem.
Phase 02
Writing the smallest possible specification that everyone can disagree with productively.
Phase 03
Architecture, threat modelling, interface sketches, written in language non-engineers can audit.
Phase 04
Iterative shipping in short, observable cycles. Real metrics from week one.
Phase 05
Documented handover, ongoing care, and a named engineer accountable for the system.
01
02
03
04
05
06
07
08
09
10
11
12

Independent strategy, architecture review and technology due diligence. We are most useful when a decision is genuinely difficult — replatforming, vendor consolidation, post-acquisition integration, or untangling years of accumulated technical debt.

Web applications, internal platforms and back-office systems engineered to outlast their authors. We write code that the next team can read on their first day.

Cloud-native architecture, migration and platform engineering on AWS, GCP and Azure. We build platforms that are observable on day one and affordable in year three.

Applied machine learning, retrieval-augmented generation and decision-support systems. We treat AI as a discipline, not a marketing posture — and we are honest about when it is the wrong tool.

Threat modelling, application security review, identity architecture and incident readiness. We help teams move from anxious compliance to a posture they can explain to their board in two minutes.

Process redesign, platform consolidation and operating-model change — delivered alongside the people who will live with the result long after we have left the room.
№ 16 — By the numbers
240+
Production systems shipped
98%
Engagement renewal rate
18
Countries served
6yrs
Median client tenure
Cloud · Platform
Migration of a continental freight platform from legacy data centres to a multi-region Kubernetes estate. Reduced incident volume by 64% in the first year.
AI · Healthcare
A clinical document extraction pipeline used across 38 hospitals, replacing a manual workflow with auditable, reviewable automation.
Security · Finance
End-to-end identity, authorisation and audit architecture for a regulated treasury system handling cross-border settlement.

NOTSOBAD LTD is a network of practitioners — engineers with a median of fourteen years in production, designers who write code, and operators who have run platforms at scale. We grow slowly and only when we find someone we would trust with a system we cared about.
“The team treated our codebase with the kind of patience usually reserved for archival work. Six months in, we still understand every system they touched.”
“They argued against half the scope we proposed and were right about all of it. We shipped a smaller, sturdier thing in a third of the time.”
“NOTSOBAD does the unglamorous parts of platform work without complaint — observability, runbooks, the things our previous vendors quietly skipped.”
“Their security review was the first one we actually finished reading. Plain language, concrete remediations, no theatre.”
With a written brief and a structured conversation. We are happy to spend the first session understanding the problem before discussing whether we are the right people to solve it.
Both. Long-lived platforms tend to suit retainer arrangements; bounded deliveries suit fixed-scope engagements with clear milestones.
Almost always. The most successful engagements involve a deliberate transfer of knowledge to the in-house engineers who will own the system afterwards.
It means we design and document systems so that the team inheriting them in three to five years can extend them confidently, without needing to call us.
Mutual NDAs, named-handler access, and a documented data-handling protocol that we will walk through before any sensitive material changes hands.
NOTSOBAD LTD is a registered limited company operating through a distributed team. Correspondence is by email; engagements run remotely or on-site as the work requires.
2020
NOTSOBAD LTD is incorporated by a small group of engineers who wanted a calmer way to build software.
2021
Delivery of a logistics platform that becomes the practice's reference architecture for the next three years.
2022
Formal cybersecurity capability established, led by a former incident-response practitioner.
2023
Kubernetes and platform engineering becomes a standalone offer, serving multi-region clients.
2024
The applied AI group is formed, with a working principle that the most useful AI is often the least visible.
2025
The team grows to span eighteen countries, all remote, all senior.
2026
A deliberate, distributed practice — still small enough to know every system we maintain by name.
№ 22 — Innovation
We maintain a small internal research budget. It funds the quiet experiments — retrieval architectures, deterministic build systems, new ways to make cloud bills legible — that occasionally graduate into client work.
Innovation, for us, is not a posture. It is a discipline of trying things, writing down what failed, and being willing to put the honest result on paper.
Median 60% reduction within twelve months of platform handover.
Cost-engineering engagements typically return 3–5× their fee in year one.
Teams ship weekly where they previously shipped quarterly.
Documentation produced as code, signed off as part of every release.
NOTSOBAD LTD operates as a fully distributed practice. Our practitioners work from eighteen countries across four continents, following the same working principles regardless of timezone.
Code review on every change, automated testing as a precondition for merge, observability instrumented at design time.
Aligned with ISO/IEC 27001 control families, SOC 2 trust-service criteria, and OWASP application-security guidance.
Documented runbooks, named on-call ownership, post-incident reviews published internally within seven days.
№ 26 — Closing remarks