What we do
308 works where consequence is physical and failure travels. Defence, health and critical infrastructure, and the people those systems exist to protect. We bring the rigour of a serious advisory firm and do the engineering ourselves. One mode delivers and runs technology in live environments. The other builds what no one sells yet.
Request the capability overview
The problem
The old path doesn't work.
The usual route to capability is a spec, a tender, a prime, and a chain of subcontractors. By the time someone starts building, the requirement has passed through four layers and a year has gone. The need has changed. What ships is over-specified, late, and locked in behind proprietary interfaces. The fault is not bad people or thin budgets. It is structure. The people who understand the mission are kept apart from the people who build it. 308 closes that gap by being both.
How we're built
Two modes, one loop.
Continuity delivers and runs operational technology today. Integration, deployment, managed operations, inside defence, health and critical infrastructure. Research builds what no one sells yet, funded by Continuity. Every engagement puts us inside real environments, and what breaks or is missing there feeds the next product. Delivery funds invention. Invention sharpens delivery.
Capabilities
What an engagement draws on.
Every engagement is bespoke, so capability is assembled to the problem rather than sold from a catalogue. Most draw on some combination of the following. The full capability matrix is shared on request.
Continuity
Protect. Reducing exposure and stabilising systems where failure compounds. Cyber exposure management, incident response, OT and ICS hardening, business continuity, critical-function mapping, physical and site resilience.
Transform. Re-architecting technology, process and structure when incremental change will not hold. Enterprise architecture, legacy modernisation, cloud and platform migration, operating-model redesign, process reengineering, governance and decision rights.
Expand. Preparing an organisation for greater exposure as it enters new markets, partnerships or regimes. Market-entry strategy, partnership design, distribution and logistics, regulatory mapping, export controls, third-party risk.
Research
AI and Autonomy. Defensive AI design, implementation and MLOps, autonomous systems, ML assurance and test.
Software and Automation. Secure software engineering, systems integration, DevSecOps, robotic process automation.
Mission Systems. ATAK and TAK integration, sensor and ISR fusion, tactical comms and networks, situational-awareness tooling.
Cyber and Assurance. Autonomous cyber defence, interoperability testing, validation under constraints, sovereign assurance.
How we engage
Scoped to the problem. Built to hold.
We take on a small number of engagements at a time. A typical path runs like this. We map the real process, not the whiteboard version, agree what must hold and what must change, stand up a secure environment to build in, deliver against agreed criteria, and stay to run it or hand it over with the knowledge transferred. Pace follows consequence. We move quickly where we can and slowly where we must, and we do not ship until it survives contact with the operational environment.

Posture
Risk-led, secure by default.
Security is designed in from the start. We threat-model every workflow, draw trust zones end to end, and gate every release the same way. Secrets held in a vault. Signed and immutable artefacts. Dependency and policy checks before deploy. Tamper-evident audit logs. Compliance evidence is pulled from the pipeline as the work runs, not reconstructed at audit time. When something fails, it stays contained inside its trust zone. The posture comes from defence-industry practice. We apply it to everything we build.
Sovereignty and resourcing
Built where it lands. Led from Australia.
We resource by one rule. The people who build a capability should belong to the country it serves. A delivery in Australia is done end to end by Australian-based people, our own and our partners', with no exceptions. A delivery for an allied nation is led from Australia but performed in that nation, by its people, so the benefit lands where the capability is used. Data stays in the country it serves. We never place work outside a defined group of allied nations, and we never move work into a jurisdiction the client did not choose.

Boundaries
What we don't do.
We don't sell strategy decks or transformation roadmaps disconnected from delivery. We don't operate as a vendor-led integrator re-badging someone else's work. We are not tied to a vendor's channel, so we pick what the problem needs rather than what we resell. We don't pursue offensive capability. And we don't bid on everything. We take work where we hold a real technical or operational edge and where the environment will teach us something.