Projects

Mission: To Fix the Broken Industry (this is behind everything I do)
Mission Before Money: If we focus on the mission, we’ll make money. If we focus on the money, we won’t make the mission.

I don’t treat “projects” as services or products. These are the places where ideas meet reality — where thinking gets tested, patterns repeat, and consequences are real. Some are companies. Some are programs. Some are long-running experiments. All of them reflect how I think about security, leadership, accountability, and complexity.

Being a guy with ADHD, there’s a lot…

FRSecure

FRSecure was founded to help organizations make better risk decisions without vendor influence or compliance theater. Over many years, it became clear that most failures in security aren’t the result of intelligence — they’re the result of incentives, fear, and avoidance of hard truths.

FRSecure’s work is about results, not rhetoric.

SecurityStudio

SecurityStudio started with a simple idea: make risk manageable and objective. Too often, risk gets buried in jargon, checklists, and frameworks that don’t speak the same language teams actually use. SecurityStudio is built to give practitioners a shared, practical way to talk about risk — not just measure it.

For many teams, the hardest part of security isn’t the standards — it’s the conversations and decisions. SecurityStudio was built to help with that.

CISSP Mentor Program

The CISSP Mentor Program was created in 2010 to remove unnecessary barriers to learning and professional growth. It started as a small, free mentoring effort and grew into a large (100,000+) , community-driven program focused on helping people actually understand security — not just memorize it.

The program emphasizes fundamentals, judgment, and real-world thinking over test tricks and credential chasing. For many participants, it’s less about passing an exam and more about learning how to reason clearly inside complex systems.

It exists because access to good education shouldn’t depend on who you know or what you can afford.
This is a human-first leadership program, grounded in honesty, judgment, and real-world dilemmas….

CvCISO Program

The CvCISO program was created to help security leaders navigate complexity without gloss or bravado. It’s a training and certification experience for virtual CISOs and experienced practitioners who must lead without typical corporate authority.

This is a human-first leadership program, grounded in honesty, judgment, and real-world dilemmas.

Project Broken Mirror

Project Broken Mirror is a community-driven effort to map and understand the external attack surface of public systems in the United States. It’s not a product. It’s an ongoing experiment in situational awareness and collective insight — and it reflects a belief that visibility enables better decisions.

It reflects a simple belief: better visibility enables better decisions.

F5 Project

The F5 Project is a nonprofit focused on helping individuals rebuild their lives after incarceration, addiction, or isolation through housing, employment support, recovery programs, and community-centered care. Serving on the Board of Directors is a reminder that leadership isn’t just strategy — it’s responsibility to people when the stakes are real. (link: https://www.f5project.org/)

Writing & Speaking

My writing and speaking are projects in their own right — ongoing attempts to make sense of complexity, accountability, and the patterns that keep repeating in systems, organizations, and people.

If you came here because you read something that felt like clarity instead of noise, this is why.

UNSECURITY

UNSECURITY was written as a blunt assessment of why the information security industry keeps failing — despite decades of effort, billions of dollars, and endless frameworks.

The book challenges comfortable narratives, compliance theater, and the tendency to confuse activity with effectiveness. It asks uncomfortable questions about accountability, incentives, and why the same mistakes keep repeating themselves under different names.

It wasn’t written to be popular. It was written to be honest.

UNSECURITY v2.0 (in progress)

UNSECURITY 2.0 is a continuation — and a reckoning.

It revisits the core ideas of the original book in light of what has (and hasn’t) changed since its publication. New technologies, new threats, and new promises have emerged — but many of the underlying failures remain the same.

This version goes deeper into complexity, irresponsible technology adoption, accountability gaps, and the human cost of decisions made without context or ownership. It’s less about what tools we use, and more about how we think — and what happens when we refuse to slow down and reflect.

More to come, but I’ll leave you with this…

I’m not offering services here. These projects are expressions of how I think, what I value, and how I try to make sense of a messy world. If anything here resonates, you’re welcome to explore deeper — but there is no polished sales pitch hidden behind the words.