Senior security leadership, on contract.
Fractional vCISO · interim security director · strategic advisory · senior leadership contract. For organizations that need direction at the security-program level — without (or before) a full-time hire.
The value proposition.
Build and run security programs from the ground up. Set risk-based priorities. Align security investment to business objectives and regulatory obligations.
Led security teams of up to 20. Develop talent, define roles, build the operating model that makes a security function sustainable — not heroic.
Translate threat landscape and technical risk into terms leadership and boards act on. Own the security narrative to executives, auditors, and customers.
Zero Trust adoption. EDR/XDR at enterprise scale. Secure-SDLC programs. Cloud security across AWS and Azure.
Program-level command of NIST 800-53/800-171, CMMC, HIPAA, PCI-DSS, ISO 27001, SOC 2. Built and operates a compliance platform that puts the GRC discipline in software.
Strategy backed by hands-on command.
Most security leaders are either strategists who've lost the technical thread, or engineers who can't operate at the executive level. The track record here is both — setting program strategy andpersonally architecting the controls. Application security and code review inside SOX / GLBA / PCI DSS regulatory environments. A twenty-person vulnerability-management program at the enterprise tier. Zero Trust adoption and EDR/XDR rollout across thousands of endpoints. Government and defense cyber operations anchored to NIST SP 800-53. Strategy that's credible because it's grounded in the work.
Three ways organizations engage.
vCISO, interim security director, or program lead for organizations that need senior security direction without a full-time executive hire.
Security strategy, risk and maturity assessments, program design, board / executive guidance, regulatory-readiness leadership (CMMC, HIPAA, PCI).
Lead a security function or major initiative on contract, hands-on.
Where the strategy was earned.
Engagements framed by regulatory domain and controls catalog rather than employer name. Specific organizations available on request and verifiable on LinkedIn.
Senior security leadership at multiple tier-1 financial institutions. Application security program build-out and secure-SDLC governance. Architecture and code review at enterprise scale. Twenty-person vulnerability-management program leadership. Cloud infrastructure security, reliability, and incident leadership — all inside the SOX, GLBA, and PCI DSS regulatory perimeter.
US Army IT Specialist with deployed cyber-operations service in Afghanistan and Kuwait. Operating discipline tied directly to NIST SP 800-53 — the federal controls catalog underneath NIST 800-171, CMMC, HIPAA Security Rule, and PCI DSS. Mission-critical operational security under deployed conditions, where controls only count if they hold when challenged.
Hands-on leadership of Zero Trust adoption, EDR/XDR rollout across 5,000+ endpoints, DLP and RBAC program design, and cloud security across major hyperscalers. Ten-person security team leadership. Strategy backed by personal architecture and engineering work — not slide-deck advisory.
CISA · CISM · CCNP · Microsoft
CMMC Registered Practitioner — in process.
Key 102 Solutions LLC · Veteran-Owned Small Business · Phoenix, AZ.
Start a conversation.
If your organization needs senior security direction — for a quarter, a year, or a specific initiative — a discovery call is the right first step. Bring the question; I'll bring the framing.