Security Consulting and Assessments

Everything here is vendor-agnostic. I don't resell hardware or software, I don't take finder's fees, and I don't run your operations. When I recommend a control or a product, it's because it fits your risk, not because it's on a price list I benefit from.

Assessments

A security program and gap assessment tells you where you actually stand against the standard that matters: NIST 800-171, NERC CIP, ISO 27001, or CIS Controls. You get a gap analysis, a maturity rating, a third-party and vendor risk read, and a remediation roadmap your board, auditor, or insurer can act on. A convergence assessment goes after the gaps a conventional audit misses because it never looks at the cameras, the controllers, or the OT boundary.

Architecture and hardening

Independent security architecture for the network and systems underneath your operation, and hands-on hardening of the platforms I work in daily: Windows server and workstation, Cisco, Aruba, and the rest. This is the tuning-and-hardening work that closes the gap between a system that passed acceptance testing and one that actually holds up.

Project and program oversight

Independent oversight for a specific build: a Genetec deployment, a network modernization, a site or campus security upgrade. I sit on your side of the table, hold the integrator and the design to a standard, and catch the problems before they're poured into concrete or pulled through conduit. I've spent enough years watching poorly deployed systems pass sign-off to know exactly where to look.

Related advisory areas