Bridging the gap between the boardroom and the factory floor. I ensure ransomware doesn't halt your production lines in Albany's manufacturing core.
Schedule a Risk Sanity CheckCMMC 2.0 certification advisory for Albany defense contractors. I guide DoD suppliers through gap assessments, CUI scoping, and C3PAO prep — in financial language your CFO can act on.
Protecting production uptime and Operational Technology for Albany's heavy industrial and precision manufacturing base.
Strategic risk audits for regional energy infrastructure and utility operations in the mid-Valley.
Securing the technical backbone of physical supply chain and regional distribution networks.
Protecting field connectivity and supply chain data for agricultural operations in the mid-Willamette Valley.
HIPAA governance and clinical data protection for Albany's medical providers.
Strategic IT for commercial property and industrial development projects in Linn County.
Audit-ready compliance and defensible governance for local and regional law firms.
Technical oversight for consumer finance, credit unions, and investment management operations.
Implementing controls to keep cyber insurance valid and reduce liability for industrial operations.
I sit on your side of the table as a strategic advisor. My process begins with a high-level assessment of your risk exposure and vendor landscape.
Once the strategy is defined, I coordinate delivery of Managed IT, Cybersecurity, and Compliance services through proven enterprise partners.
"The ideal CIO for any organization in search of a transformative leader who strikes the perfect balance between enterprise security and innovation."
Jason Assir
Enterprise Transformation Executive
"He led our IT transformation from an infrastructure back-office to a business-focused, application-oriented group with direct impact on operations and cost structure."
Gustavo Gradvohl
CFO, Natura PCR
"His ability to see the big picture while considering every detail. He bridges the gap between strategy and operations in a way that sets him apart."
Jeffrey Birch
Direct Manager
"A visionary leader with deep care for people and thorough knowledge of network and system administration."
Pershing Lum
Technology Executive
Most internal IT resources are already stretched across competing priorities, whether that is a single person or an entire team. What I bring is a completely different scope: strategic oversight, vendor governance, and the ability to coordinate a full suite of managed IT, cybersecurity, and compliance services through established enterprise partners. I work alongside whatever you already have in place, filling the gaps across high-level risk strategy, 24/7 managed support, and audit-ready compliance. Think of it as adding a CFO to a company that already has an accounting function. Entirely different mandate, no redundancy.
Most mid-market businesses leak between 15 and 20 percent of their IT budget through shadow IT, misaligned vendor SLAs, and auto-renewed contracts that no longer serve them. I conduct a high-level strategic assessment to identify where the biggest risks and inefficiencies are, then coordinate the right specialists to do the deep technical work. My MS in Finance means I frame the findings in terms your CFO and board can act on, shifting IT costs from unpredictable break-fix spikes to flat-rate operational predictability.
I quantify the Cost of Inaction. A single ransomware event costs mid-market firms an average of $1.4M in downtime, remediation, and legal exposure. That number does not include reputational damage or lost contracts. I present your board with a clear financial model showing reduced cyber liability, recovered budget from vendor waste, and the value of audit-ready compliance. The conversation shifts from what does this cost to what financial exposure are we eliminating.
If your company holds or is pursuing a Department of Defense contract — or if you are a sub-contractor to a prime that does — CMMC 2.0 certification is a contractual requirement. This applies to any business handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), regardless of size. The DoD has begun enforcing CMMC requirements in active solicitations, meaning non-compliant businesses are being excluded from awards. I help Albany businesses determine exactly which level applies, scope their environment correctly, and build a compliant posture well before their contract deadline.
For businesses starting from a low baseline, CMMC Level 2 remediation typically takes 9 to 18 months from initial gap assessment to a clean third-party assessment. The cost depends heavily on how many of the 110 NIST SP 800-171 practices are already in place and the complexity of your environment. What most businesses underestimate is the cost of starting late — rushed remediation, missed contract opportunities, and emergency vendor engagements are far more expensive than a planned compliance roadmap. My MS in Finance means I give you a financially grounded timeline and budget your CFO can commit to, not just a technical checklist.
My role in an active incident is remote executive translation and strategic guidance. Not technical firefighting. A 24/7 enterprise Security Operations Center handles the rapid technical containment while I work directly with your leadership team remotely, translating the threat in financial and legal terms, coordinating your cyber insurer, and ensuring your communication to regulators and stakeholders is defensible. Either way, you get a calm, experienced strategist guiding your leadership while the engineers neutralize the threat in the background.
An executive's guide to tech spend. Every week I translate cybersecurity and IT cost decisions into plain financial language your CFO can act on.
452 subscribers and growing.
Subscribe on LinkedIn