Services

Security and compliance work that moves at the speed of your business

Core Services

Security & Compliance Advisory

This is where most engagements start. I assess where you stand, identify the gaps that actually matter to your customers and auditors, and build a plan you can execute with the team you have. The output is a clear set of priorities — not a 300-page report that sits in a drawer.

SOC2 & ISO 27001 Readiness

SOC 2 Type II and ISO 27001 are the two certifications your enterprise customers will ask for most. I manage the full readiness process — from scoping and control mapping to supporting your team through evidence collection and auditor fieldwork. Clients who work with me don’t get surprised during their audit.

vCiso & Risk Management

You need experienced security leadership in the room — on calls with enterprise customers, in front of your board, and when a security incident tests your response plan. I serve as your fractional CISO on a retainer basis, giving you consistent senior-level oversight without the cost of a full-time hire.

FedRAMP Readiness

FedRAMP authorization starts with knowing your gap. I guide SaaS companies through the pre-ATO process — control mapping against NIST 800-53, System Security Plan development, and continuous monitoring strategy — before bringing in a 3PAO. The result is an organization that arrives at the formal authorization process prepared, not surprised.

HIPAA Compliance Advisory

or SaaS companies that handle protected health information, HIPAA compliance is a business requirement, not an option. I conduct structured gap assessments against the HIPAA Security Rule, deliver a prioritized remediation roadmap, and help you build the documentation your covered entity clients and business associates require.

How I Work

  1. Discovery — We talk about your business, your growth goals, and what’s driving the compliance conversation. No intake form. Just a direct conversation about where you are and what you need.
  2. Assessment — I identify your actual risk exposure and compliance gaps — mapped to the specific framework or customer requirements that matter to you, not a generic checklist.
  3. Execution — I guide your team through implementation: policies, controls, documentation, and evidence. I stay close to the work so nothing slips through the cracks before your audit window opens.
  4. Ongoing Support — Security isn’t a project with an end date. Clients who want a longer-term partner can engage me on a retainer basis for continuous risk oversight and strategic advisory.

This is a good fit if:

. Security or compliance is showing up in sales conversations
. You are preparing for SOC 2 Type II or ISO 27001
. You need senior guidance without the overhead of a full-time hire
. You want someone who tells you the truth about your risk, not what you want to hear

This is not a good fit if:

. You are looking for a template package or a compliance checkbox
. Price is the only selection criteria
. You need a large implementation firm with bench depth

Engagements are advisory, remote, and scoped based on your needs.
Most clients start with a focused assessment before moving into longer-term support.

Let´s talk about your security needs

Security tends to become urgent at the worst possible time — usually when a deal is on the line, or an auditor has already sent their request list. If you’d rather get ahead of it, let’s talk now while the timeline is still yours to control.

Schedule a discovery call