HOW I ENGAGE
HOW I ENGAGE
I hold a small number of engagements at a time. They tend to take four shapes — defined less by deliverables than by the kind of engineering judgment the room is missing.
I work as a senior technical principal — brought in when the engineering judgment in the room has run out. When a vendor’s customer expects more rigor than the field team can supply. When a practice needs someone who has actually built the thing they are selling. When a board needs cybersecurity translated into the language of risk rather than alerts. The shapes below are how that judgment most often gets commissioned.
Vendor Technical Principal
For cybersecurity vendors whose customers expect engineering depth the field team cannot always supply. I serve as the senior technical voice in advisory boards, customer-success engagements, competitive escalations, and the high-stakes deployments where credibility with a sophisticated CISO decides the renewal. I represent the product in the room where it faces its toughest scrutiny — and make it land inside the customer’s engineering reality, not just the demo.
Practice Anchor
For MSSPs and consulting practices building, maturing, or rescuing a SOC capability. I anchor the technical work that turns a service line into a defensible practice: detection-engineering programs, SIEM rationalization, use-case methodology, SOC AI-readiness. The engagements where someone has to own the engineering truth — and where the difference between a practice that scales and one that churns is whether the underlying discipline was ever actually built.
Board & Strategic Advisor
For boards, audit committees, and executive teams that need independent cybersecurity judgment beyond what compliance reporting provides. A retained, quarterly-cadence relationship rather than a deliverable factory. I am the technical voice who can tell the board what the security posture actually means in risk terms, question the assumptions behind the dashboard, and translate between the CISO’s reality and the board’s fiduciary lens.
Signature Engagements
For organizations that want to commission a specific layer of the Risk Intelligence Stack directly — Network Exposure Audits at the Foundation, Detection Engineering at Operations, Loss Exposure Quantification at Translation, a SOC AI Readiness Assessment anchoring the Spine. Each is scoped to stand alone. Most begin at one layer and expand only when there is real value in expanding.
Every engagement begins from the same discipline — proactive by design, not reactive by default.
SELECTIVE PARTNERSHIPS
Vendor advisory & field partnerships
I work with a small number of cybersecurity vendors as a technical principal — in their advisory boards, professional-services engagements, and customer-success programs. The vendors I represent build products that can stand up to a serious CISO’s scrutiny, because that is the room I represent them in. If you are building something that has to survive technical examination, that is a conversation worth having.
How engagements work
A note on how I work: engagements are capacity-limited — I hold only a few at a time, so each gets genuine principal attention. Most begin with a conversation, not a proposal. I scope narrowly and deliver against the engineering truth rather than the optics. And I take on engagements where the outcome carries real value — not a tick in the box — because the work is the reputation, and I protect both.