I make critical infrastructure both secure and operational —
without sacrificing either.
Lead | Adapt | Overcome
Most security advisors hand you a compliance checklist and call it done. That's not strategy — it's risk transfer. Critical infrastructure runs on uptime. Every control you implement must answer two questions: does it reduce real risk, and does it let your people keep the lights on?
As your fractional CISO, I embed into your leadership team with the depth of a full-time hire and the agility of an outside expert. I've operated in environments where security failures don't just cost revenue — they endanger lives and national security. That shapes every recommendation I make.
No vendor bias. No bloated frameworks for their own sake. Just clear-eyed, mission-driven security leadership that your board can understand and your operations team can execute.
Protecting operational technology and industrial control systems without disrupting the physical processes that keep critical infrastructure running.
Translating complex threat landscapes into board-level risk postures. Frameworks built for action, not shelf display — aligned to NIST, IEC 62443, and NERC CIP.
Adversarial thinking applied to your specific infrastructure. Identifying attack surfaces before threat actors do, with tactical mitigations your team can implement now.
Rapid containment, root cause analysis, and recovery — built around preserving operational continuity while neutralizing active threats and preserving forensic integrity.
From NERC CIP to CMMC to TSA cybersecurity directives — compliance programs that satisfy regulators and actually improve security posture instead of just creating paperwork.
AI adoption and cybersecurity are the same problem from two angles. Shadow AI, data governance failures, and regulatory fragmentation — addressed with a unified strategy.
Rapid baseline of your current security posture, threat landscape, and operational constraints — no assumptions, no boilerplate.
Executive-level risk briefing and a tailored security roadmap that aligns with your business objectives, not just compliance checklists.
Embed as your fractional CISO — leading your team through implementation, vendor selection, and program maturation in the field.
Ongoing advisory, tabletop exercises, and board reporting that keeps your defenses sharp as threats and operations evolve.
Mid-market utilities, energy, water, and transportation companies have enough compliance pressure — and not enough security leadership. That's exactly where I operate.