Cerbi is a logging governance company. We make it technically impossible for sensitive data to reach your observability platforms — by enforcing rules at the moment the log is written, inside the application process, before any sink is ever called.
Origin
The problem showed up the same way every time. A security review, a compliance audit, or an incident investigation would reveal that PHI was already in Splunk. Tokens were already in CloudWatch. Audit trails that were supposed to be clean had been contaminated for months. Every team had already shipped the problem before anyone knew to look.
The standard response was to add post-ingest scrubbing, tighten sink-level masking, or write internal guidelines that rarely got followed. None of it worked reliably, because the problem was always framed as a pipeline problem when it was actually an emission problem.
Cerbi moves the enforcement point to where it belongs: the call site, inside the application, before any network call is made. CerbiStream enforces governance rules in-process on every log event. CerbiShield provides the central control plane that manages those rules across every service in the fleet without requiring anyone to update application code.
The goal is a product that makes the right behavior the default behavior — one that ships into existing .NET logging frameworks without requiring a rewrite and without adding latency to the hot path.
Microsoft Partner (ISV)
Independent Software Vendor partner program
Harvard Innovation Labs
i-Lab venture program participant
Open Source (MIT)
CerbiStream SDK is fully open source on GitHub
Based in
Fort Myers, FL
United States
Advisor
Waseem Kawaf
Coach, Harvard Innovation Labs i-Lab
Background
Built by someone who has lived the problem
Cerbi was founded by Thomas Nelson, a principal-level software architect with experience across .NET, Azure, distributed systems, DevSecOps, identity, observability, and enterprise governance.
Cerbi comes from real platform work, not a theory exercise. The problem is simple: companies often have logging standards, but those standards rarely execute where logs are created.
Cerbi exists to move that control closer to the application, before sensitive fields, inconsistent schemas, and noisy events reach downstream systems.
Relevant background
Principal-level software architect
Enterprise .NET, Azure, DevSecOps, and distributed systems
Author of Introducing Microsoft Orleans
Microsoft Partner / ISV program participant
Harvard Innovation Labs participant
Builder of CerbiStream, CerbiShield, runtime governance, analyzers, and signature packages
What this means for Cerbi
Source-first governance
Cerbi focuses on governing logs before they leave the application, not just detecting problems after ingestion.
Developer-friendly rollout
Start in observe mode, add guidance, and enforce only when rules are trusted.
Enterprise-aware design
Policy management, RBAC, reporting, scoring, deployment history, and audit evidence are designed for real operating environments.
Honest boundaries
Cerbi does not replace logging vendors, does not guarantee compliance certification, and does not use AI to silently control production policy.
A note from the founder
“I built Cerbi because I kept seeing the same gap: teams had logging standards, but no practical way to make those standards execute where logs start. Cerbi is meant to help developers ship safer logs without forcing a big-bang migration or replacing the tools they already use.”
Thomas Nelson, Founder of Cerbi
The product
CerbiStream
In-process enforcement engine. Runs inside your .NET application, intercepts log events at emission, and applies governance rules before any sink is called.
CerbiShield
Governance management console. Deploys into your Azure tenant. Manages rules, roles, and audit trails across every service without requiring application code changes.
Get started
Want to understand how Cerbi fits your logging stack?