How I Help
See How I Help
I help small and midsize organizations address security, compliance, and privacy challenges in a way that is realistic, sustainable, and aligned with how the business actually operates.
Many organizations understand they should improve their security and compliance posture, but struggle with where to start, what truly matters, and how to move forward without over-engineering or overspending. I help bring clarity to that uncertainty.
My work focuses on aligning people, processes, and technology so that controls bring real value, make sense in context, risks are understood, and decisions are defensible.
What this typically looks like
Executive and Leadership Guidance
I work directly with founders, executives, and senior leaders to translate cybersecurity, privacy, and compliance requirements into business-relevant decisions. This includes clarifying responsibilities, trade-offs, and priorities so leadership can act with confidence rather than reacting to fear, vendor pressure, or audit noise.
Security and Compliance Readiness
I help organizations prepare for frameworks and regulatory expectations (such as SOC 2, ISO 27001, ISO 42001, PCI DSS, GDPR, CMMC, CPCSC, and others) by focusing on intent, effectiveness, and proportionality, rather than blindly implementing controls solely to satisfy audits. The objective is not just compliance, but controls that are understood, operated, and maintained over time.
Privacy and Data Protection
I support organizations in building practical, defensible privacy programs that reflect how data is actually collected, processed, and shared. This includes readiness for regulations such as PIPEDA and GDPR, as well as the development and alignment of privacy policies, notices, and supporting documentation. My approach emphasizes clarity, accountability, and integration with existing business processes, rather than privacy theatre or copy-paste documentation.
Incident Readiness and Tabletop Exercises
I design and facilitate tabletop exercises that test not only technical response, but leadership decision-making, communication, and organizational behavior under stress. These exercises often reveal gaps that policies, audits, and tooling fail to expose, and provide concrete insights to strengthen preparedness.
Organizational Alignment and Change
Security, compliance, and privacy initiatives introduce change. I help organizations implement that change in a way that respects culture, capacity, and operational reality. The goal is adoption and resilience—not friction, fatigue, or performative controls.
How I Work
I am intentionally selective and work best with organizations that value:
- Honest advice over reassurance
- Progress over perfection
- Long-term improvement over quick fixes
I do not resell tools, push vendors, or apply one-size-fits-all solutions. My role is to provide independent, experience-based guidance that helps organizations build a security, compliance, and privacy posture that is understandable, defensible, and sustainable.