I live and breathe compliance and security—not just as a consultant or advisor, but as someone who works directly in the field every day. I bring practical, battle-tested strategies to the table, grounded in the realities of today’s regulatory and security environments. My approach is hands-on, collaborative, and focused on driving meaningful results for every client.

I’ve supported teams and organizations in:

• Government: Driving compliance and security initiatives for high-stakes frameworks and complex environments.

• Technology: Building secure SaaS products that meet global standards while enabling growth in regulated industries.

• Small Business: Helping businesses implement technology and security solutions that scale efficiently and securely.

• Healthcare: Guiding organizations through HIPAA, HITRUST, and other healthcare-specific compliance challenges.

I bring extensive experience across a wide range of compliance and security frameworks, enabling organizations to achieve regulatory excellence, strengthen security, and drive growth:

U.S. Standards

• FedRAMP (Moderate & High): Guiding organizations through certification, audits, and continuous monitoring.

• StateRAMP: Supporting cloud providers in meeting state-level compliance requirements.

• DoD Impact Levels (IL2-IL5): Ensuring compliance for defense and federal contractors.

• CMMC (Cybersecurity Maturity Model Certification): Preparing organizations for evolving DoD requirements.

• HIPAA: Ensuring privacy and security compliance in healthcare environments.

• ITAR/EAR: Advising on export controls and technology transfer regulations.

Global Standards

• ISO 27001: Designing and maintaining Information Security Management Systems (ISMS).

• SOC 2: Preparing organizations for Type 1 and Type 2 audits to meet trust service criteria.

• GDPR: Ensuring compliance with European data privacy regulations.

• NIS 2 Directive: Assisting organizations in meeting EU cybersecurity standards.

• DORA (Digital Operational Resilience Act): Supporting financial institutions in achieving operational resilience.

• ISMAP (Japan): Ensuring compliance with the Information System Monitoring Assurance Program.

• IRAP (Australia): Guiding organizations through the Australian Government security assessment process.

• Korea CSP: Supporting compliance with Korean Cloud Security Programs.

Industry-Specific and Emerging Standards

• TISAX: Ensuring compliance with security standards for the German automotive industry.

• HITRUST: Implementing and maintaining the Common Security Framework (CSF) for healthcare.

• Zero Trust Architecture: Implementing Zero Trust principles based on industry guidance.

• CCPA: Navigating California Consumer Privacy Act compliance requirements.

When I’m not working on product strategy or mentoring teams, I’m a proud dad and co-host of the Zero Trust Journey podcast. Through the podcast, I share insights and practical strategies to help organizations embrace Zero Trust and build resilient security solutions.