is Principle Logic
I've always believed that you can't secure what you don't acknowledgeSM. I focus on performing realistic information security assessments that help you find the weaknesses that count - the vital few rather than the trivial many. This approach will help you take the pain out of your compliance requirements, and most importantly, minimize your business risks. See what my clients have to say about my work.
I have over 27 years of experience in IT - 21 of which have been in information security. For the past 15 years I've worked for myself as a consultant, writer, professional speaker, and expert witness on information security and compliance. See my bio page for more about my background and my resources page for links to the books, articles, whitepapers, webcasts, and videos I've written and recorded as well as links to my blogs and Twitter updates.
What I do
If you want the services of an information security expert who can assess your business's information security from an unbiased outsider's perspective, an expert witness to help you with your case, a writer to help you develop information security content, or a well-known speaker for a keynote address, seminar, panel, or webcast I can assist you. See my services page for more details.
Who typically hires me
How I'm different
I don't have "CEO" or "President" on my business card. I'm not a hands-off "analyst" calling the shots from the sidelines either. I'm a hands-on practitioner. I focus on being street smart and practical in my work. I'm a technical engineer at heart that equally understands the business side of IT and information security. I don't sell or install security products. I focus solely on performing assessments, making recommendations for remediation and then stepping away. This eliminates any conflicts of interest. I don't claim to be everything to everyone but I am confident in my information security skills.
I'm not an auditor. I come in peace. I deliver reports to make you look good - and help you get better. I go beyond the checklists and basic vulnerbility scans. I provide a custom analysis of the weaknesses that matter in your environment - the ones that the regulators, your business partners, your auditors and your customers want to know about.
I sell advice. I'll show you where you are now and where you need to be. You'll see immediate payback and dramatic improvements in your information security program over the long haul like my other clients have. The good news is that you won't have to worry about completely retooling your systems and operations based on what I find. Contrary to common recommendations, most information security weaknesses have simple solutions that don't have to be complicated or expensive.
My formal education in engineering and business management combined with over two decades of hands-on technical experience allows me to provide practical recommendations that make good long-term business sense. I won't deliver a thick, fluffed-up report that looks pretty on the outside with no substance on the inside. I'll tell you just what you need to know - in a way that's easy for you and your team to understand.
I'm a Certified Information Systems Security Professional - CISSP - the industry standard and highest-level certification in my field. When it comes to my expert witness work and speaking engagements I'm also a great communicator who can filter reality and facts from the hype and noise and present it in a way that everyone understands. Don't take my word for any of this. See what my clients have to say.
Perhaps most importantly, I've been doing my own thing working for myself since 2001. I'm going to keep it that way so you'll know I'll be around for the long haul.
Finally, I've authored/co-authored 12 books on information security including:
What you can expect when working with me
You'll start and end up with someone that knows your business, your network, and your needs and offers practical advice on dealing with the information security risks at hand. If we determine that your project requires greater resources than one person can handle, I'll pull in other industry leaders I've worked with and have grown to trust to ensure your work is completed in a prompt and professional manner. Either way, you'll deal with one email address, one phone number, and one person - period.
The bottom line is that I have performed the hands-on work, written the books, given the speeches, and taught the classes to form a solid reputation for my information security expertise, leadership in the industry, and ongoing customer loyalty. You'll be truly pleased.
For your convenience I accept: