Fractional CISO
Get expert advice and help making the right decisions around security and privacy when you are still months or years from your first full time hire. Whether you are at the stage where you need a few questions answered each month, or a couple hours per week, the earlier you start thinking about security, the better.
If you have a compelling technology that aligns with my my values, I’d love to advise you and your team on an ongoing basis, inclusive of all other services below, as they become appropriate.
Security and Privacy Risk Assessment
Covering your entire organization or scoped to a particular aspect of your infrastructure or product, get actionable recommendations to improve your security practices and capabilities. There is no such thing as perfect security, but making the right investments in technology, people and processes can minimize the chances of an attacker succeeding.
Assessments are a multi-phased process that can last a few weeks to several months depending on the scope and size of your organization. As a part of the process, I’ll work together with your IT and/or product leads to develop inventories of your data, technology assets, policies and practices.
Pre-acquisition/Pre-investment Diligence
Specialized assessments focused on the issues that can impact mergers, acquisitions or siginificant investments, from either side of the deal.
Getting attention from significant new investors or large firms? Understand what specific risks can put a deal in jeopardy, or adversly impact post-close integration.
Looking to become a partner/investor or acquire another company? Get an unbiased assessment of their security posture and risks you’ll own, along with integration support for your new employees and assets.
Program Building and Support
Whether from an assessment or on your own, you’ve identified specific security program needs but don’t have the resources or expertise to get set up on your own. From requirements to design, implementation, training and documentation, I can help you build the capabilities you need to address your critical security and privacy risks and ensure your team is prepared for the most likely threats.
If we’ve worked together previously, and you have short-term support needs for existing programs, I’m available to fill in on less interesting ops work for the opportunity to reconnect with old friends and colleagues.
General Consulting
If you have security and privacy questions that don’t fit the above categories, I might be able to help or refer you to someone who can. Don’t hesitate to get in touch!