Eugene is growing fast. The cyber risk is growing faster. 10 years as a CIO and an MS in Finance to protect Lane County businesses from threats that scale with your ambition.
Schedule a Risk Sanity CheckCMMC 2.0 certification advisory for Eugene defense contractors. I guide DoD suppliers through gap assessments, CUI scoping, and C3PAO prep — in financial language your CFO can act on.
HIPAA governance and clinical data protection for Eugene's medical providers and regional health networks.
Executive IT oversight for Lane County's growing software and tech-services cluster.
Protecting production uptime and Operational Technology for Eugene's precision manufacturing and industrial base.
Audit-ready compliance and defensible IT governance for Eugene and Lane County law firms.
Risk governance and audit survival for Eugene's substantial nonprofit and advocacy sector.
Strategic IT for commercial property and residential development projects across Lane County.
Protecting field connectivity and supply chain data for agricultural operations in the southern Valley.
Technical oversight for credit unions, consumer finance, and investment management operations.
Implementing controls to keep cyber insurance valid and reduce liability for Eugene businesses.
I sit on your side of the table as a strategic advisor. My loyalty is to your outcomes. My process begins with a high-level assessment of your risk exposure and vendor landscape.
Once the strategy is defined, I coordinate delivery of Managed IT, Cybersecurity, and Compliance services through proven enterprise partners. You get the full weight of my CIO experience applied to your situation, not to a sales quota.
"The ideal CIO for any organization in search of a transformative leader who strikes the perfect balance between enterprise security and innovation."
Jason Assir
Enterprise Transformation Executive
"He led our IT transformation from an infrastructure back-office to a business-focused, application-oriented group with direct impact on operations and cost structure."
Gustavo Gradvohl
CFO, Natura PCR
"His ability to see the big picture while considering every detail. He bridges the gap between strategy and operations in a way that sets him apart."
Jeffrey Birch
Direct Manager
"A visionary leader with deep care for people and thorough knowledge of network and system administration."
Pershing Lum
Technology Executive
Most internal IT resources are already stretched across competing priorities, whether that is a single person or an entire team. What I bring is a completely different scope: strategic oversight, vendor governance, and the ability to coordinate a full suite of managed IT, cybersecurity, and compliance services through established enterprise partners. I work alongside whatever you already have in place, filling the gaps across high-level risk strategy, 24/7 managed support, and audit-ready compliance. Think of it as adding a CFO to a company that already has an accounting function. Entirely different mandate, no redundancy.
Most mid-market businesses leak between 15 and 20 percent of their IT budget through shadow IT, misaligned vendor SLAs, and auto-renewed contracts that no longer serve them. I conduct a high-level strategic assessment to identify where the biggest risks and inefficiencies are, then coordinate the right specialists to do the deep technical work. My MS in Finance means I frame the findings in terms your CFO and board can act on, shifting IT costs from unpredictable break-fix spikes to flat-rate operational predictability.
I quantify the Cost of Inaction. A single ransomware event costs mid-market firms an average of $1.4M in downtime, remediation, and legal exposure. That number does not include reputational damage or lost contracts. I present your board with a clear financial model showing reduced cyber liability, recovered budget from vendor waste, and the value of audit-ready compliance. The conversation shifts from what does this cost to what financial exposure are we eliminating.
If your company holds or is pursuing a Department of Defense contract — or if you are a sub-contractor to a prime that does — CMMC 2.0 certification is a contractual requirement. This applies to any business handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), regardless of size. The DoD has begun enforcing CMMC requirements in active solicitations, meaning non-compliant businesses are being excluded from awards. I help Eugene businesses determine exactly which level applies, scope their environment correctly, and build a compliant posture well before their contract deadline.
For businesses starting from a low baseline, CMMC Level 2 remediation typically takes 9 to 18 months from initial gap assessment to a clean third-party assessment. The cost depends heavily on how many of the 110 NIST SP 800-171 practices are already in place and the complexity of your environment. What most businesses underestimate is the cost of starting late — rushed remediation, missed contract opportunities, and emergency vendor engagements are far more expensive than a planned compliance roadmap. My MS in Finance means I give you a financially grounded timeline and budget your CFO can commit to, not just a technical checklist.
My role in an active incident is remote executive translation and strategic guidance. Not technical firefighting. A 24/7 enterprise Security Operations Center handles the rapid technical containment while I work directly with your leadership team remotely, translating the threat in financial and legal terms, coordinating your cyber insurer, and ensuring your communication to regulators and stakeholders is defensible. Either way, you get a calm, experienced strategist guiding your leadership while the engineers neutralize the threat in the background.
An executive's guide to tech spend. Every week I translate cybersecurity and IT cost decisions into plain financial language your CFO can act on.
452 subscribers and growing.
Subscribe on LinkedIn