Frameworks We Support
A career built across cybersecurity and infrastructure — including hands-on compliance-adjacent work in PCI-regulated enterprise environments — applied directly to your specific compliance situation.
HIPAA Security Rule
Gap analysis against HIPAA Security Rule requirements, administrative and technical safeguard review, policy documentation feedback, and preparation for OCR audits or internal assessments.
PCI-DSS
Readiness guidance and control documentation support for PCI-DSS compliance. Prior experience as firewall and security lead for multiple PCI DSS ROC audits — including scoping, control evidence, and QSA coordination.
NIST 800-53 / Control Mapping
Control mapping, baseline alignment, and documentation support. Useful for organizations aligning to federal standards, working with government contractors, or seeking a rigorous security baseline.
Policy, Procedure & Risk Register
Review and feedback on existing policies, procedures, and risk registers. Identify gaps, improve language, and align documentation to your actual control environment. Development support for organizations starting from scratch.
Audit and Compliance Preparation
Evidence organization, control narratives, and pre-audit readiness review. Reduce the stress of audit season with structured preparation delivered in advance of assessor visits.
The Fractional Model
Most growing businesses need senior security expertise — but not a $200,000+ full-time hire. Fractional engagement gives you access to CISSP/CISM-level guidance on a project or monthly basis.
No Full-Time Hire Required
Engage for a one-time project, a defined sprint, or ongoing monthly support — whatever matches your current needs and budget.
Written Guidance
Findings, recommendations, and roadmaps delivered in writing — shareable with your board, leadership team, or auditors.
Evening Consultations
Availability Monday through Sunday evenings means no lost business hours. Async-first communication keeps things efficient.
Continuity Without Overhead
Month-to-month engagement with clear scope. No long-term contracts required. Scale up or wind down as compliance needs evolve.
Common Engagement Types
Compliance Gap Assessment
One-time review against HIPAA, PCI-DSS, or NIST 800-53. Written findings with remediation priorities.
Ongoing Monthly Guidance
Fractional vCISO or GRC support. Regular check-ins, written updates, and leadership-ready reporting.
Audit Preparation Sprint
Focused 60–90 day engagement to prepare documentation, evidence, and controls ahead of a scheduled audit.
Policy Library Review
Review and annotate your existing policy documentation. Identify gaps, inconsistencies, and alignment issues.
Who This Is For
Healthcare organizations, financial services firms, and businesses handling regulated data — particularly those that are growing, preparing for an audit, or facing a compliance deadline without a dedicated security team on staff.
Also well-suited for organizations that have recently acquired a compliance obligation (e.g., a new client contract requiring HIPAA BAA or PCI attestation) and need to get up to speed quickly.
Professional Certifications
-
ISC² CISSP - Certified Information Systems Security Professional -
ISACA CISM - Certified Information Security Manager -
ISC² ISSMP - Information Systems Security Management Professional -
ISC² CCSP - Certified Cloud Security Professional
Request a Free Consultation
Describe your compliance situation and goals. We'll follow up within one business day.