I don't think it's enough anymore for a security professional to know one thing well. The job means covering enough ground across the discipline — governance, identity, cloud, network — to see how it all fits together. That's the model NAXS Labs runs on: strengthening the cybersecurity posture of small and mid-size businesses. They're the weakest link in the chain that protects the nation.
I didn't come up through a helpdesk or a SOC. Before cybersecurity, I spent years in the automotive industry and running my own entrepreneurial ventures, including online retail. None of that maps directly onto GRC — but it's part of why I don't buy the idea that security is a single lane. Different rooms, different problems, and the same lesson each time: how organizations actually operate, how people make decisions under pressure, and how to communicate with people who aren't technical.
I served in the United States Navy aboard the USS Kitty Hawk — a forward-deployed aircraft carrier in Yokosuka, Japan. That's where I learned what accountability looks like when the stakes are real: strict procedures, clear communication, and no ambiguity about who is responsible for what. Those habits didn't leave when I got out.
I built the cybersecurity knowledge deliberately — a Master's in Cybersecurity from WGU, a credential stack that spans cloud security, identity, networking, and governance, and hands-on work building and operating infrastructure to make the theory real. I'm based in Providence, Rhode Island.
These are the commitments I hold myself to on every engagement, with every client.
I'll tell you what you actually need — even if that means telling you the problem is smaller than you thought, or that you don't need me for it.
Security has a jargon problem. I translate findings into clear, actionable language so you can make informed decisions without a decoder ring.
Every engagement ends with documentation you own. The goal is to leave you better off — not dependent on me for things you could handle yourself.
Perfect security doesn't exist. I focus on realistic improvements that meaningfully reduce your risk without paralyzing your operations.
You'll always know who to call and what's happening. No black box, no waiting weeks for an update on your own systems.
The threat landscape changes. I stay current on emerging vulnerabilities, frameworks, and best practices so my advice doesn't get stale.
Most small organizations share the same problem: real compliance exposure, limited budget, and no in-house security expertise to bridge the gap. That's exactly where I focus.
HIPAA obligations, PHI exposure, and vendor relationships that carry real regulatory risk. Small practices rarely have a dedicated security function to manage any of it.
Law firms, accounting firms, financial advisors — businesses that handle client data and face growing compliance requirements with limited technical staff.
Donor data, grant compliance, and lean IT budgets. Nonprofits face real security obligations without enterprise resources to meet them.
Western Governors University
Incident handling and security essentials.
Systems security practitioner; cloud security
Certified to plan and lead audits of information security management systems (ISMS) against the ISO/IEC 27001 standard.
Tell me what you're dealing with and I'll let you know if and how I can help. If I'm not the right fit, I'll say so.