Information Risk Management and Cyber Security Consulting Services

| Governance | Risk | Compliance | Culture | Assessments | Strategies | Policies | Training | Writing | vCISO |


Information security is at a crossroads.  For the past 20+ years we’ve continued to introduce new and evolving security technologies without giving much thought to the bigger picture.  These days most organizations are working with a level of unsustainable technical complexity that actually creates enormous gaps in the protective strength of their control systems.

We are also at a crossroads in terms of our orientation to external 3rd party compliance requirements.  Most organizations are so focused on meeting compliance requirements that they’ve lost sight of their own unique organizational context, including their brand and culture, thus making it harder to balance compliance with actual organizational and business needs.

Lastly, we are at a crossroads in terms of how we engage people in the process of security.  All security breaches are the result of human error – ALL OF THEM!  So if people are at the heart of the entire security paradigm, then why are people usually the last part of the security equation to be taken into account.  Most organizations are missing out on this vital realization.

These are just a few of the challenges that we are facing today.  Others include huge misunderstandings in terms of risk management methods, poorly defined technical requirement gathering techniques, ineffective security workflow and prioritization practices, unreadable policy and process documents, the absence of sensible metrics and measures, and more.

At SecureITExperts we take a very different approach to what most people call ‘information security’.  If you are looking for a security adviser that will help you plug ‘leaks in the damn’, then we are not for you.  We work with organizations that are ready to step back from the brink of confusion and chaos, assess the situation, and come up with a pragmatic strategy that works!

We do this by looking deeply at your organizational culture, identifying the internal and external security requirements that matter, assessing all of the risks that apply to the entire information ecosystem, building a strategic framework that includes a contextually-relevant layered approach, and actively engaging you and your people in the process of information stewardship.

We can also take a more standard approach as well – drawing from a rich background across all current compliance programs like PCI, HIPAA, SOX, FISMA, and so on; best practice frameworks like the ISO 27000 series, the NIST security publication library, and dozens of others; and numerous related disciplines in the areas of business, psychology, education, and more.

Whatever it is that you are looking for, our service offerings can be structured to meet your needs – as small independent engagements that focus on one or two isolated issues, as larger broad-ranging engagements with the goal of retooling your entire security program, or anywhere in between.  In the end we will get you to a place of clarity, action, and results – whatever the goal may be!

For more information please take a look at our SERVICES page, call us at 425-877-0919, or e-mail us at  We look forward to hearing from you…

SecureITExperts operates out of the Seattle Washington (Shoreline) and Orlando Florida (Melbourne) areas, offering services across the country.  Many of our services are structured for delivery as virtual engagements, but we can work remotely or travel to your location as needed.