Senior security leadership, on contract.
Fractional vCISO · interim security director · strategic advisory · senior leadership contract. For organizations that need direction at the security-program level — without (or before) a full-time hire.

What your program gets.
Build and run security programs from the ground up. Set risk-based priorities. Align security investment to business objectives and regulatory obligations.
Build the operating model that makes your security function sustainable — not heroic: develop talent, define roles, and stand up a structure a team of up to twenty can run without depending on a single hero.
Translate threat landscape and technical risk into terms leadership and boards act on. Own the security narrative to executives, auditors, and customers.
Zero Trust adoption. EDR/XDR at enterprise scale. Secure-SDLC programs. Cloud security across AWS and Azure.
Program-level command of NIST 800-53/800-171, CMMC, PCI-DSS, ISO 27001, SOC 2. Built and operates a compliance platform that puts the GRC discipline in software.
Strategy backed by hands-on command.
Bring in a fractional security leader and the usual risk is a mismatch — a strategist who's lost the technical thread, or an engineer who can't operate at the executive level. Here you get neither. You get a leader who sets program strategy with your executives, then sits with your engineers and architects the control itself: application security and code review inside SOX / GLBA / PCI DSS environments, a twenty-person vulnerability-management program at enterprise scale, Zero Trust adoption and EDR/XDR across thousands of endpoints, defense cyber operations anchored to NIST SP 800-53. The point isn't the résumé — it's that the strategy holds because whoever sets it has done the work, and will do it alongside your team.
Three ways organizations engage.
vCISO, interim security director, or program lead for organizations that need senior security direction without a full-time executive hire.
Security strategy, risk and maturity assessments, program design, board / executive guidance, regulatory-readiness leadership (CMMC, PCI).
Lead a security function or major initiative on contract, hands-on.
The experience your program inherits.
The environments behind the advice your team gets — framed by regulatory domain and controls catalog rather than employer name. Specific organizations available on request and verifiable on LinkedIn.
Senior security leadership at multiple tier-1 financial institutions. Application security program build-out and secure-SDLC governance. Architecture and code review at enterprise scale. Twenty-person vulnerability-management program leadership. Cloud infrastructure security, reliability, and incident leadership — all inside the SOX, GLBA, and PCI DSS regulatory perimeter.
US Army IT Specialist with deployed cyber-operations service in Afghanistan and Kuwait. Operating discipline tied directly to NIST SP 800-53 — the federal controls catalog underneath NIST 800-171, CMMC, and PCI DSS. Mission-critical operational security under deployed conditions, where controls only count if they hold when challenged.
Hands-on leadership of Zero Trust adoption, EDR/XDR rollout across 5,000+ endpoints, DLP and RBAC program design, and cloud security across major hyperscalers. Ten-person security team leadership. Strategy backed by personal architecture and engineering work — not slide-deck advisory.
CISA · CISM · CCNP · Microsoft
Key 102 Solutions LLC · Veteran-Owned Small Business · Phoenix, AZ.
Start a conversation.
If your organization needs senior security direction — for a quarter, a year, or a specific initiative — a discovery call is the right first step. Bring the question; I'll bring the framing.
