Free 30-min call · No slides · No pitch

30 minutes with a senior engineer who has audited 100+ vibe-coded apps.

No slides, no sales deck, no junior account exec. You talk directly to the person who reviews code for a living, about your specific situation. If something useful comes out of it, that's the point. If not, you got 30 minutes of expert time, free.

Who's on the call

Francesco de Lorenzi
Francesco de Lorenzi
Founder, LeaderNova
  • · 15+ years: hands-on engineer → CTO → founder; ex-CTO, Onport (Farfetch Group) — led the technical due diligence behind two M&A exits
  • · Digital-forensics consultant for law firms & law enforcement since 2011
  • · Built a malware-removal tool at 12 — 300k+ downloads, covered by BBC News, ANSA, RAIUNO
  • · Has personally audited 100+ vibe-coded apps in the last 6 months
The senior engineer on your call

What we'll cover

  • A clear sense of where your biggest security risks are right now, given your stack
  • Whether you're hitting any compliance deadlines (SOC 2, NIS2, EU AI Act)
  • What an audit would reveal, and whether you actually need one
  • An honest opinion on whether scanner SaaS is enough for your situation, or if you need a human reviewing your code
  • 2–3 specific tactical recommendations you can implement before we even start anything formal

What we will NOT cover

  • Sales pitch — we have a written rule about this
  • Pricing discussion, unless you raise it first
  • Contract pressure of any kind
  • Slide deck
  • Junior account exec — you talk to a senior engineer, or to Francesco

Who books these calls

Three archetypes, almost no one outside them.

Founders shipping to their first enterprise customer

You built it with Lovable, Cursor, or Bolt. The prospect just sent you a security questionnaire. You don't speak fluent SOC 2 yet. The call is for understanding what to do next.

VPs of Engineering at Series A SaaS

You inherited a vibe-coded codebase, you have a NIS2 or SOC 2 deadline, and you need an outside read on whether you'll make it. The call is for triage, not theater.

Operators between roles

You're building something stealth, on personal capital, and you don't want to look unprofessional when it launches. The call is for a private conversation about what's exposed.

Pick a time

30 minutes. Calendar invite arrives in seconds.

We'll ask for a few details up front so the call starts at context, not at introductions: your role, what you built it with, what triggered this conversation, and your rough timeline.

June 2026
Loading…
S
M
T
W
T
F
S
Pick a day first
30 min

How we work

Vibe-code specialists

We focus only on apps shipped with Lovable, Cursor, Bolt, v0, Replit, and Supabase. Your stack is what we audit every day.

EU residency

Your code is scanned in EU-based infrastructure. GDPR-aligned by default and NIS2-fluent.

Productized, not bespoke

Fixed scope, fixed timeline, fixed price. You see exactly what you'll get before you commit. No SOW theater.

Findings guarantee

If a paid audit doesn't surface validated findings to the agreed bar, you don't pay. Detailed in your engagement terms.

Honest answers to three real questions

What if I don't have a budget yet?

Take the call anyway. Most people who book don't have a signed-off budget — the call helps you figure out whether you need one and what to put in it.

Will you be selling something?

Only if you ask. We have a written team rule: no pitching unless the buyer brings it up. You'll get the help and the honest read regardless of whether anything follows.

Can my CTO join?

Yes — the call usually works better with both of you in the room. Send the calendar invite to whoever needs to hear the same answers at the same time.