Security Leadership, Advisory, and Strategy

I act as a fractional CISO, security advisor, and strategist for regulated and operationally complex organizations: defence suppliers, critical infrastructure, public safety, and the operators who serve them. Strategy and governance, risk and compliance, framework alignment, vendor and third-party risk, and the board-level translation that turns a technical problem into a decision your leadership can actually make. The kind of leadership that usually means a quarter-million-dollar hire, sized instead to a few days a month.

I work remotely, which means location isn't a constraint. Most of this is done over a call and a shared screen, with on-site time when an assessment or a build calls for it. I'm based in Ontario and take engagements across Canada and the United States.

2 things set this apart from a conventional advisor. The first is defence supply chain compliance. I was doing NIST 800-171 and CMMC readiness in 2019 and 2020, and Canada's new CPCSC runs on the same technical baseline, so it's familiar ground rather than a framework I'm reading up on. The second is the boundary where operational technology, IT, and physical security meet. That's where a lot of real exposure hides, and it's rarely where a pure-IT advisor thinks to look.

Where to start

Independent. Vendor-agnostic. No reseller agreements and no kickbacks, so a recommendation is a recommendation, not a quote in disguise.