I perform periodic consulting on my own, through the University, and/or through KRvW Associates as appropriate. Please note that I do *not* conduct government-related “certification & accreditation” activities (i.e., audit and compliance) due to my professional views on their use and effectiveness.

My primary areas of cybersecurity consulting interest and experience are incident response, operational risk analysis, policy and process assessments, organizational outreach, executive education, and insights development. I am also conversant in forward-thinking matters related to critical infrastructure protection, full-spectrum information operations, privacy, and technology policy, among other areas.

If I can be of service, please feel free to contact me to discuss your requirements.