Principles That Guide My Work

At Source Cyber Solutions, I believe that cybersecurity is not just a technical discipline; it is an ethical imperative. Every risk assessment, every policy, and every recommendation carries real-world implementation implications and consequences for real people.

Here are the principles that define how I work.

1. Human Judgment Over AI Automation

Artificial Intelligence is a powerful tool, but it lacks the intuition, context, and lived experience required to navigate complex, unique business environments. AI cannot detect the subtle nuances of a flawed control implementation or the hidden risks in a specific organizational culture.

My Promise:

  • Every assessment is reviewed by a human expert with a vast career of field experience and deep knowledge of the security landscape and industry regulations.
  • I never feed your sensitive data into public AI models for training.
  • I leverage AI for efficiency where appropriate, but never for judgment.

In Governance, Risk, and Compliance, the human element is paramount.

2. Radical Transparency

Trust is built on honesty. I strive to be as transparent as reasonably possible about my methods, my data practices, and my limitations.

  • No Hidden Agendas: If a finding is low-risk, I say so. If you don’t need a service, I tell you.
  • Tailored Communication: I speak the language of your audience; whether it’s technical depth for engineers or strategic risk for the C-suite.
  • Transparent Methods: My privacy policy is public and plain-spoken. I don’t use tracking cookies, analytics, or third-party data brokers.

Read my Privacy Policy →

3. Made in America

All work is performed onshore, in the United States, leveraging American ingenuity and unwavering integrity.

I do not offshore my analysis or outsource my judgment. In the nuanced world of risk management, understanding cultural context, regulatory language, and business dynamics is key. Language barriers and time-zone delays can obscure critical details.

When you work with me, you are working with a partner who understands the American business landscape, the regulatory environment, and the stakes involved in protecting your reputation and your people. I am also equipped to navigate the complexities of multinational and international engagements when required.

4. Partnership, Not Transactions

You are not a ticket number or a revenue metric. You are a partner.

I care deeply about security because I know what is at stake. I invest in long-term relationships, not one-off engagements. I treat your challenges as if they are my own. Your security is my priority.

5. Security & Privacy by Design

I don’t just tell clients to “walk the walk”: I do it myself. Every aspect of Source Cyber Solutions is engineered to reflect my values:

  • Minimal Third-Party Services: I limit my digital footprint to reduce attack surface. I carefully vet every vendor I use, doing my due diligence to prioritize those with transparent privacy policies and a track record of responsible security practices and respecting user data.
  • Data Stewardship: I recognize that while your organization remains the Data Owner, I act as your Data Custodian during the engagement. I collect only the data strictly necessary to perform my work, treat it with the highest standard of care while it is in my possession, and respect your ultimate authority over how it is used, retained, or disposed of.
  • Audited & Open Source Tools: I prefer tools I can inspect and trust over “black box” proprietary software.
  • Local-First Workflow: I prioritize solutions that maximize control over your data, minimizing reliance on opaque third-party ecosystems.
  • End-to-End & Zero-Knowledge Encryption: Wherever possible, I use tools that ensure only you and your intended recipients can access your data. I choose solutions and vendors based on their cryptographic guarantees, not just their server locations or marketing promises.

6. Education Over Gatekeeping

Cybersecurity is complicated, but it shouldn’t be a secret club. I believe knowledge should be shared, not hoarded.

  • Mentorship: I actively mentor newcomers to the field.
  • Community: I share insights, tips, and best practices freely.
  • Empowerment: My goal is to leave you more knowledgeable than when we started.

Security is everyone’s responsibility. I am here to help you understand yours.

7. Protecting People, Not Just Data

A data breach is a financial and reputational disaster for a business. But for the individuals whose data is exposed, the impact can be devastating: identity theft, fraud, and loss of privacy.

I am driven by the mission to not only protect businesses but to protect people and empower businesses to do the same.

My Core Values

  • Pragmatic: I solve real problems, not theoretical ones.
  • Ethical: Bound by professional codes and personal integrity.
  • Relentless: Always learning, always adapting.
  • No Shortcuts: Quality and thoroughness are non-negotiable.

“Security is a process, not a product.” — Bruce Schneier