The common theme in my consulting has been roadmap. My value-add to an organization is at its height when the organization has a target for security but does not know how to get there. These organizations include, but are not limited to: large enterprises who wish to strengthen their security program, small enterprises in need of security-related compliance processes, and vendors of security products who wish to see them used by large enterprises. Activities within these and other consulting assignments include, but are not limited to:

1. metrics identification
2. application and infrastructure security requirements
3. information security governance gap analysis and guidance
4. policy creation or consolidation
5. compliance assessments and/or recommendations (e.g. Red Flag, SOX, HIPPA)
6. research on information security topics
7. information security product evaluation and/or selection
8. information security business evaluation
9. business recovery application configuration and testing