Consulting Services Benefits:
Many years of practical experience in corporations of all sizes and sorts have helped to hone our skills and allow us to temper our knowledge with wisdom.
Our in-depth technical knowledge and clear business understanding gives us the ability to provide solutions that work for your business.
Our independence from products, vendors, and your organizational issues provides us with a unique view that enables us act in your sole interest.

What our clients tell us:
Our business processes help facilitate orderly change over time. We communicate effectively with both management and technologists. We are direct, discrete, and very easy to work with.

Advocacy Programs


  • Timely assistance on the most difficult and complex information protection issues.
  • Help evaluating protection products, vendors, technologies, programs, and plans.
  • Help developing internal information protection programs.
  • Expert assistance available as needed.
Advocacy provides clients with on-demand independent information protection expertise.

Our Approach:

  • An initial corporate protection overview provides the context to properly address your needs.
  • On a regular basis, we brief and sit in on corporate security committee meetings.
  • As needed, we research and report on special topics and help address critical issues.
The advocacy program provides a key team member that would otherwise be missing.

Select Advocacy Examples:

  • Outside "member" of corporate security committees.
  • Due diligence on risk management decisions about information technology.
  • Help implementation teams make technology decisions for a new global protection initiative.
  • On-site assistance during product/vendor reviews.
  • Strategic planning for a global protection program.
  • Evaluation of expert witness testimony and computerized forensic evidence.
  • Help funding agencies assess areas to support.
  • Supplement in-house expertise during Internet expansion and network redesign process.

  • Protection Posture Assessment
    An Initial Corporate Protection Overview

    Basic Understanding:

    Dependencies + Vulnerabilities + Threats = Risk
    - Suitable Mitigating Actions = Residual Risk

  • How does the business operate?
  • What are the critical business functions?
  • How are they implemented?
  • What would happen if:
  • information was corrupted?
  • information became unavailable?
  • the wrong information was sent out?
  • The business implications of information protection failures.


  • What is implemented?
  • How is it operated?
  • What protection is in place?
  • Known vulnerabilities?
  • Actual incidents and what was done?
  • Suspected incidents and what was done?
  • Other concerns?
  • Weaknesses in technology, operations, personnel, structure, ...


  • Insiders
  • Private detectives
  • Reporters
  • Consultants
  • Whistle blowers
  • Hackers
  • Crackers
  • Club initiates
  • Tiger teams
  • Competitors
  • Police
  • Government agencies
  • Infrastructure warriors
  • Nation States
  • Economic rivals
  • Military organizations
  • Information warriors
  • Nature
  • Maintenance people
  • Professional thieves
  • Hoodlums
  • Vandals
  • Activists
  • Crackers for hire
  • Deranged people
  • Organized crime
  • Drug cartels
  • Terrorists
  • Spies
  • Organizational Issues:

  • Protection management
  • Protection policy
  • Standards and procedures
  • Documentation
  • Personnel security
  • Technical safeguards
  • Protection audit
  • Incident response
  • Protection testing
  • Physical protection
  • Legal considerations
  • Protection awareness
  • Training
  • Education
  • Organizational suitability
  • Mitigation Strategies:

  • We use analytical tools to help develop a wide range of protection strategies that could work.
  • We combine our organizational knowledge with these strategies to develop strategies that can work within the client's environment and culture.
  • We work with the client to find the best strategy to meet their needs.
  • We help the client work within their organization to mitigate risks while minimizing business impact.
  • Risk mitigation strategies must be suited to the organization or they will ultimately fail.

    Process and results:

    To contact us, send email to fred at