Build a security program
that works in practice.
GRC consulting for SMBs, including asset management, policy development, security assessments, and ongoing advisory support.
Available for consulting
& contract work
For small and mid-size businesses that need GRC, compliance, and security program support — without the enterprise price tag.
Asset Management
Establish an accurate, documented inventory of systems, applications, and data assets — with the processes and ownership structure to keep it current.
Policy & Procedure Development
Create practical, business-aligned security policies and supporting procedures — from overarching security policy through functional policies and operational baselines.
Gap Assessments
Evaluate your current security posture against frameworks such as NIST CSF 2.0, SOC 2, and ISO/IEC 27001 — with a prioritized roadmap to close identified gaps.
Third-Party Risk Assessment
Evaluate the security posture of vendors and partners — identifying risk exposure from outside your perimeter and establishing a repeatable vendor review process.
Identity & Access Management
IAM program assessment and implementation across Okta, Microsoft Entra ID, and AWS IAM — covering least privilege, lifecycle management, MFA, and SSO.
Fractional GRC Retainer
Ongoing advisory to help mature your security program and maintain compliance initiatives — without the overhead of a full-time hire.
Let’s work together.
Available for project-based engagements, staff augmentation, and retainer work.
Get in TouchNot sure what you need?
That’s a fine place to start.
Send a message about your environment and I’ll let you know how I can help — or point you in the right direction if I can’t.
Send a Message