Helping small businesses identify vulnerabilities, navigate compliance requirements, and build resilient security programs before threats become incidents.
Comprehensive evaluation of your security posture across people, processes, and technology. Delivered with a prioritized remediation roadmap and executive summary aligned to your risk tolerance.
Guidance through HIPAA, SOC 2, NIST CSF, CMMC, and ISO 27001. From gap analysis through audit readiness, handling documentation, controls mapping, policy drafting, and evidence collection.
Tailored training programs and phishing simulations that build a security-conscious culture from the front line up. Available as one-time workshops or ongoing managed programs with quarterly reporting.
Fractional Chief Information Security Officer support. Strategic security leadership, policy development, board-level reporting, and vendor oversight without the overhead of a full-time executive hire.
We start with a direct conversation about your environment, your priorities, and your concerns. No preparation required. This is an honest look at where things stand before any work begins.
I evaluate your security posture across people, systems, vendors, and policies, mapped against the frameworks your regulators and insurers recognize. Findings are shared as they emerge throughout the process.
You receive a prioritized action plan, and I stay engaged to help execute it. That can mean configuring controls, drafting policies, coordinating vendors, or serving as an ongoing security advisor. The engagement does not end with a report.
A comprehensive 50+ question framework covering every critical domain of your IT environment. Identify gaps across network security, access management, data protection, vendor risk, and more. Use it internally or bring me in to walk through it together.
I am a senior cybersecurity engineer with experience at large, world-wide organizations. That background spans defense-grade security requirements, large-scale enterprise environments, and the practical realities of protecting complex digital infrastructure.
I started Black Letter Security to bring that level of rigor to the organizations that need it most but are often overlooked: small businesses. Particularly law firms, where client confidentiality, regulatory obligations, and the sensitivity of case data make strong security not just good practice but a professional responsibility.
Every engagement is direct and actionable. You get a clear picture of where you stand, what is at risk, and exactly what to do about it.
Whether you have a specific project in mind or simply need a second opinion on your security posture, reach out directly. No sales process, no runaround.
Thank you for reaching out.