Oh yeah, I’m thinking coldcard + ledger for the multisig because ideally you want multiple hardware vendors, so two separate supply chains would have to be attacked, or two separate vulnerabilities would have to be exploited for your funds to be at risk.