Security & Governance
- FILE:
- Security & Governance
- STATUS:
- Active engagements; accepting new
- CAPABILITIES:
- Virtual CISO · Security Architecture · Audit Prep · Compliance Programs · Risk & Governance Frameworks
- FRAMEWORKS:
- NIST CSF · ISO 27001 · SOC 2 · HIPAA · PCI DSS · CMMC · FedRAMP · GDPR · PIPL
- TYPICAL ENGAGEMENT:
- Retained or fractional; 90-day stand-up or rolling
Advice is easy. Anybody can hand you a slide deck. Sometimes the answer is coaching and knowledge, so you come out of the engagement sharper than you went in and the problem stays fixed because you actually understand it. Other times the answer is a product or platform that just automates the whole thing for you. I do both. Most of what's below started the same way: I ran into something broken, or stupid, or missing, and figured I could do better. Some of it protects elections and runs compliance for the people who answer to the board. Some of it just sounded fun at 2 a.m. All of it is mine, built start to finish, and it's the reason I can tell a client "yeah, that's possible", because I've usually already built the thing that does it.
// The board
Cyber governance and compliance — every risk, on the record.
EDGAR
You can't secure what you can't see. EDGAR sees all of it.
CGAP
Governance maturity, measured from real evidence instead of a slide deck.
SourceIQ
Disinformation got cheap. SourceIQ tells you what you're actually looking at.
Recon
The people who know your attack surface best are the ones trying to get in. Recon levels the field.
