Leverage technology and maximize business value while aligning security, privacy, and compliance.
Services.
-
Writing
I publish field notes on cybersecurity at https://blog.balancedsec.com.
The writing is practical and opinionated, grounded in real engagements rather than theory, and aimed at three kinds of reader: people preparing for the CISSP, working security professionals who want to go deeper, and newcomers trying to get oriented.
Topics I cover regularly:
- CISSP exam preparation and the eight domains
- AI security and the new attack surface it creates
- Risk, governance, and how programs actually mature
- Security architecture and engineering in practice
New here? The Start Here guide (https://blog.balancedsec.com/p/start-here-ai-security-cissp-and) maps the articles to where you are and tells you exactly where to begin.
-
Education
BalancedSec Academy. The Academy (https://academy.balancedsec.com) is an AI-powered learning platform that prepares candidates for the CISSP exam. Instead of handing you a static study guide, it builds the material into an interactive experience that adapts to how you learn and where you're weak. The platform is in founding beta now, and early participants get full access.
Coaching and one-on-one instruction. For people who want closer guidance, I offer coaching and one-on-one instruction to help you prepare for and pass the CISSP. That means exam strategy, focused work on your weakest domains, and a study plan built around your schedule.
-
Consulting
I provide vCISO and advisory services for organizations that need security confidence and compliance without a full-time executive. The engagements vary, but the goal is consistent: a security program that fits the business, holds up under scrutiny, and doesn't cost more than the risk it manages.
What that looks like:
- vCISO and fractional security leadership. Senior security direction on a part-time or interim basis, from board-level conversations to day-to-day program decisions.
- Security program and team build-out. Standing up a security operations program and team from scratch, or assessing and maturing one that already exists.
- Secure software development guidance. Helping teams build security into the development process instead of bolting it on afterward.