Compliance is vastly over-rated when compared to actually attaining a security posture that meets risks with controls.

Vision:  Acting as a trusted adviser over dozens of engagements we have confirmed that, if you measure objectively --  the effort needed to actually produce a solid cyber security posture amounts to only 10 percent additional effort compared to simply producing the appearance of 'compliance'.

Mission: Focus on IT governance and Information Technology deployment. Bring clarity of purpose to information security management. Introduce repeatable procedures through a defined framework to establish successful implementation & stable operations.

Specialization and Focus:  Regulatory Exam Preparation and Support Assessment of cyber security posture Blockchain risk assessment Cyber security maturity assessment Governance assessment Process visualization Policy framework alignment audit Implementation practices (procedures)  Review policy vs. deployment gaps assessment  Implementation road-map  Staff skills assessment & training plan  Framework for monitoring detailed self-audit programs Gaps assessment and remediation Litigation Support Expert Witness Testimony

Typical Deliverables: Security Posture Development Business Continuity Management Technology Recovery Planning Business Recovery Planning Disaster Recovery Planning Crisis Management Planning Process Flow Diagrams Vulnerability Assessment Analysis Penetration Test Analysis  Technology Gaps Tracking Cyber Security Program IT General Controls Program Compliance Reporting Risk Assessment by Business Unit Self-Audit Reporting Policy Development

Consulting Practice: Deliver affordably priced information security services advising senior management and corporate boards.  Exceed expectations, produce lasting improvement in cyber security implementation . Regulatory / Frameworks   OCC, FFIEC, GLBA, HIPAA, PCI, DOD CIS, NIST Typical engagements: On Call Defined Scope of Work Staff Augmentation Technology Transfer Instruction

Background:  40 years IS experience Contacts:           Certifications (no longer maintained):  GSNA,   CISSP,  S+,  ,  , MCSA, GISP                          our 'hat's off' to the professionals at SANS - you are our heroes.

Acknowledgments: The deployment and validation road map provided by the Center for Internet Security specifically their CIS 20 Controls Download is the central guide to our consulting practice. They have earned, and receive from us full credit for the work. The road-map makes projects to improve cyber security implementation much more effective.