Services

FILE:
Services Overview
STATUS:
Open, accepting engagements
ENGAGEMENT:
Project, fractional, or retained

Here's what I actually do, all of it at a level your last vendor charged double for and delivered half of. Every one starts with a free conversation, because I'd rather tell you what's actually broken than sell you something that isn't the fix.

  • Security Architecture

    Zero-trust the right way. Identity, network, data. Designed so your auditors can't argue with it later.

  • Security Posture Evaluation

    Any script-kiddie can run nmap and Burp Suite and hand you a report. I follow up with the hard questions: how are you controlling traffic inside your Azure cloud? What's your AI and LLM security strategy? The ones nobody wants on the record.

  • Compliance & Regulatory

    I've worked across 25 global security frameworks, from NIST CSF in the States to GDPR in the EU to PIPL in China. I know how to map them to each other and present one unified compliance picture, audit-ready, and for less than your auditor will charge.

  • Incident Response

    Containment, forensics, regulator comms, carrier comms. I've run national-scale IR and managed incidents in over 75 countries. I protected Churchill Downs on Kentucky Derby race day, securing the payment environment behind $4B in card transactions across a single afternoon. Your bad day is something I've already seen.

  • Virtual CISO

    Senior-altitude security leadership without the full-time price tag. Board presentations, vendor calls, the awkward conversations no one wants to have. I'm not afraid to be the bad guy when I have to be, and I'll make you smile while I do it.

  • Executive Advisory

    Strategic advice for boards, founders, and General Counsel on what their security program actually needs, not what their vendors are selling them. Think of me as your advocate in a security negotiation. I've sat on the other side of that table too, and I know how they think.

"The first round is on me." No pitch deck. No sales team.