Cyber Security Services

I help organizations protect what matters most

Helping your people focus their time, effort and money on REAL threats.

As your cybersecurity partner, I help teams build clarity and confidence, align strategy with risk, and protect data and operations from real threats — not theoretical ones.

Book a Free Discovery Call

Threat / Risk Consulting for SMB & Charities

See Your Real Risks — and Fix What Matters First

Focus on Fundamentals: Identify the most common and costly attack vectors first — email, endpoint, identity, and data exposure.
Evidence-Based Prioritization: Quantify both impact and likelihood so you spend resources where risk is real, not theoretical.
Actionable Risk Matrix: Deliver clear, prioritized recommendations mapped to your current maturity and budget.
Business-Aligned Reporting: Translate technical risk into executive language — enabling smart, fast decisions.
Compliance-Ready: Aligns with common frameworks (NIST CSF, CIS Controls, ISO 27001) without overwhelming small teams.
Rapid Baseline Review: Most assessments completed within 2–3 weeks, focusing on what can be improved immediately.
Tool-Agnostic Approach: No product pitching — pure strategy, clarity, and measurable threat reduction.
Human + Technical Insights: Combine hands-on testing with interviews, policy review, and log-based analytics.
Next-Step Roadmap: Clear 30-, 60-, and 90-day action plan to lower exposure and demonstrate progress.

Book a Call today

Contract Review & Vendor Negotiations

Negotiate smarter, not harder — and make sure the tech you buy actually reduces risk.

Independent, Vendor-Neutral Advice: No hidden commissions, no bias — I represent your interests, not the vendor’s.
Contract Risk Analysis: Identify hidden liabilities, weak SLAs, missing breach clauses, and data ownership gaps before you sign.
Solution Validation: Evaluate vendor claims, architectures, and integrations for real-world feasibility and security.
Cost vs. Value Optimization: Ensure security spend aligns with business risk reduction, not marketing hype.
Vendor Due Diligence: Assess supplier risk posture, compliance readiness, and incident history.
Negotiation Support: Leverage decades of enterprise experience to secure better terms, pricing, and accountability.
Procurement Simplified: Translate technical language into business and legal clarity for procurement and executives.
Ongoing Oversight: Optionally manage vendor performance, renewals, and roadmap alignment post-contract.

Book a Call to discuss

Fractional CISO Services

Enterprise-grade security leadership, scaled for small and mid-sized organizations.

Strategic Security Leadership: Get CISO-level guidance without hiring a full-time executive.
Policy & Governance Development: Build pragmatic, right-sized policies, standards, and response playbooks.
Security Roadmap Design: Define 6-, 12-, and 24-month security goals aligned to business growth and budget realities.
Team Enablement: Mentor IT and operations staff to adopt best practices in risk management and cyber hygiene.
Board & Executive Reporting: Translate technical metrics into business risk insights for leadership and investors.
Incident Readiness & Response Oversight: Establish incident response plans and coordinate vendor or MSP actions when events occur.
Compliance Alignment: Prepare for frameworks like NIST CSF, ISO 27001, SOC 2, and privacy regulations (PIPEDA, GDPR).
Continuous Risk Monitoring: Maintain visibility on evolving threats, emerging regulations, and vendor performance.
Flexible Engagements: Part-time retainer, project-based, or interim leadership options available.

Book a Call to optimize your performance!

Ad-Hoc Security Consulting

Targeted expertise — when you need it, for exactly as long as you need it.

On-Demand Expertise: Get senior-level security guidance for urgent issues, project spikes, or executive questions.
Flexible Scope: From quick policy reviews to deep-dive investigations, engagements can range from hours to weeks.
Incident Support: Rapid assistance with breaches, phishing outbreaks, or ransomware containment.
Architecture & Design Reviews: Evaluate network, cloud, or application designs for security gaps and improvement opportunities.
Security Awareness & Training: Tailored sessions for teams, executives, or boards — practical and culture-fit.
Second-Opinion Services: Independent validation of prior assessments, vendor pitches, or MSP recommendations.
Bridging the Gap: Ideal for organizations without a dedicated security lead or between full-time hires.
Clear Deliverables: Concise recommendations and prioritized next steps — no fluff, no upsell.

Book a Call to discuss how we work together on your cyber program

Let me help you to find the best path

Let's talk strategy

Testimonials

Trusted by executives & employees

"I had the pleasure of working with David at Niagara Casino's during a time when it was undergoing a lot of transition. He was a great person to work with, and I would highly recommend him to anyone that was interested in his services."

Tom M., Director Managed Services

"David is a ... visionary leader who really understands the challenges of enterprises in the security space. Very insightful and always thinking of "out of the box" solutions to help ... our clients in the daily turmoil of the cyber-security world."

Ameen S., Director - Sentinel Zea

"David's knowledge of all things Security is highly regarded and his relationships with Clients is second to none. David truly cares about his clients, team ... and the Security portfolio will, I'm sure, prosper under his leadership."

Frank P.

FAQs

Frequently Asked Questions

What makes your approach different from other security consultants?

I focus on real threats first — using risk probability and impact, not hype. My assessments are vendor-neutral, pragmatic, and backed by decades of enterprise-level experience scaled for SMBs.

Do you sell or resell and security products?

No. I don’t take commissions or reseller margins from vendors. My job is to represent your interests and ensure every dollar you spend actually reduces measurable risk.

We already have an MSP or IT provider — why would we need you?

Most MSPs manage uptime, not security strategy. I work alongside your MSP to build governance, risk frameworks, and incident playbooks — strengthening the partnership, not replacing it.

Can you work with our existing tools and systems?

Absolutely. I adapt to your current tech stack, focusing on configuration, process, and training before recommending any new tools.

What size of business do you typically work with?

Primarily small to mid-sized organizations (10–500 employees) — including law firms, clinics, tech startups, manufacturers, and nonprofits.

What does a typical engagement look like?

It usually starts with a short discovery call to understand your priorities, followed by a scoped engagement plan (2–6 weeks) with clear deliverables and fixed pricing.

How is pricing structured?

Flexible options: flat-rate assessments, retainer-based Fractional CISO support, or hourly ad-hoc consulting. No long-term lock-ins unless requested

What kind of reporting deliverables do we receive?

You’ll get a concise executive summary, a visual risk matrix, and prioritized recommendations with actionable next steps — not a 100-page binder no one reads.

COMPANY

Home

Health Services

About Us

LEGAL

Terms & Conditions