I bridge the gap between technical complexity and financial solvability. 10 years as a CIO and an MS in Finance to audit your risk and protect your balance sheet.
Schedule a Risk Sanity CheckSecuring Ag-Tech IP and supply chain logistics in the heart of the Valley.
Defensible IT governance and audit-readiness for high-compliance professional firms.
Protecting production uptime and Intellectual Property in the regional manufacturing core.
Strategic IT oversight for commercial property, residential housing, and regional construction.
Modernizing the digital footprint and securing data for the automotive retail sector.
Executive IT oversight for the Silicon Forest's high-tech and software clusters.
Securing the technical foundation of the physical supply chain and distribution hubs.
Financial-grade oversight for Accounting, Tax, and Investment Management firms.
Risk governance and audit survival for regional advocacy and nonprofit hubs.
Business Services • Consumer Finance • Insurance • Hospitality • Private Clubs • Commercial Property
If your company holds or is pursuing a DoD contract, CMMC 2.0 certification is a contractual requirement — not optional. I guide Willamette Valley defense contractors through the full process: gap assessment, CUI scoping, System Security Plan (SSP) documentation, and C3PAO assessment prep. My MS in Finance means the compliance roadmap is something your CFO can budget and your board can stand behind.
Gap assessments against all 110 NIST SP 800-171 practices. I identify what you're missing and build a prioritized remediation plan your assessor can verify.
Correct scoping of your Controlled Unclassified Information environment prevents overspending on controls for systems that don't need them.
Losing certification means losing the contract. I translate your compliance posture into financial language your leadership can underwrite and defend to auditors.
I sit on your side of the table as a strategic advisor. My process begins with a high-level assessment of your risk exposure and vendor landscape.
Once the strategy is defined, I coordinate delivery of Managed IT, Cybersecurity, and Compliance services through proven enterprise partners.
"The ideal CIO for any organization in search of a transformative leader who strikes the perfect balance between enterprise security and innovation."
Jason Assir
Enterprise Transformation Executive
"He led our IT transformation from an infrastructure back-office to a business-focused, application-oriented group with direct impact on operations and cost structure."
Gustavo Gradvohl
CFO, Natura PCR
"His ability to see the big picture while considering every detail. He bridges the gap between strategy and operations in a way that sets him apart."
Jeffrey Birch
Direct Manager
"A visionary leader with deep care for people and thorough knowledge of network and system administration."
Pershing Lum
Technology Executive
Most internal IT resources are already stretched across competing priorities, whether that is a single person or an entire team. What I bring is a completely different scope: strategic oversight, vendor governance, and the ability to coordinate a full suite of managed IT, cybersecurity, and compliance services through established enterprise partners. I work alongside whatever you already have in place, filling the gaps across high-level risk strategy, 24/7 managed support, and audit-ready compliance. Think of it as adding a CFO to a company that already has an accounting function. Entirely different mandate, no redundancy.
Most mid-market businesses leak between 15 and 20 percent of their IT budget through shadow IT, misaligned vendor SLAs, and auto-renewed contracts that no longer serve them. I conduct a high-level strategic assessment to identify where the biggest risks and inefficiencies are, then coordinate the right specialists to do the deep technical work. My MS in Finance means I frame the findings in terms your CFO and board can act on, shifting IT costs from unpredictable break-fix spikes to flat-rate operational predictability.
I quantify the Cost of Inaction. A single ransomware event costs mid-market firms an average of $1.4M in downtime, remediation, and legal exposure. That number does not include reputational damage or lost contracts. I present your board with a clear financial model showing reduced cyber liability, recovered budget from vendor waste, and the value of audit-ready compliance. The conversation shifts from what does this cost to what financial exposure are we eliminating.
If your company holds or is pursuing a Department of Defense contract — or if you are a sub-contractor to a prime that does — CMMC 2.0 certification is a contractual requirement. This applies to any business handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), regardless of size. The DoD has begun enforcing CMMC requirements in active solicitations, meaning non-compliant businesses are being excluded from awards. I help your businesses determine exactly which level applies, scope their environment correctly, and build a compliant posture well before their contract deadline.
For businesses starting from a low baseline, CMMC Level 2 remediation typically takes 9 to 18 months from initial gap assessment to a clean third-party assessment. The cost depends heavily on how many of the 110 NIST SP 800-171 practices are already in place and the complexity of your environment. What most businesses underestimate is the cost of starting late — rushed remediation, missed contract opportunities, and emergency vendor engagements are far more expensive than a planned compliance roadmap. My MS in Finance means I give you a financially grounded timeline and budget your CFO can commit to, not just a technical checklist.
My role in an active incident is remote executive translation and strategic guidance. Not technical firefighting. A 24/7 enterprise Security Operations Center handles the rapid technical containment while I work directly with your leadership team remotely, translating the threat in financial and legal terms, coordinating your cyber insurer, and ensuring your communication to regulators and stakeholders is defensible. Either way, you get a calm, experienced strategist guiding your leadership while the engineers neutralize the threat in the background.
An executive's guide to tech spend. Every week I translate cybersecurity and IT cost decisions into plain financial language your CFO can act on.
452 subscribers and growing.
Subscribe on LinkedIn