I've spent 14 years doing this work at a small liberal arts college. I understand the pace of shared governance, the complexity of managing a decentralized campus environment, and the very specific challenge of being responsible for the security and privacy of thousands of students, faculty, and staff, often as a team of one or two.

I'm not an enterprise security consultant who has adapted their pitch for higher education. This is where I come from. The frameworks I use, the policies I've written, the vendor contracts I've negotiated, and the incidents I've managed all happened in a higher education context. I’ve built relationships and support at an institution that looks a lot like yours.

WHO THIS IS FOR

• Small liberal arts colleges (500–3,000 students) without a dedicated CISO or privacy officer

• Community colleges navigating growing compliance obligations on tight budgets

• Institutions that are part of consortia like CLAC, AJCU, CIC, or regional groups

• Business officers and VPs of Finance who own GLBA Safeguards Rule compliance but don't have IT depth

• IT directors who need a senior-level thought partner without adding headcount

• Presidents and provosts preparing for board-level conversations about AI, cybersecurity, or data governance

WHAT I UNDERSTAND THAT OTHERS DON'T

• Shared governance means security policies require faculty buy-in, not just administrative mandates. I know how to get it

• Your IT department is likely wearing six hats; I help you prioritize without creating more work

• FERPA, GLBA, PCI, and state privacy laws all apply simultaneously. I've managed all of them

• Cyber insurance renewals for small institutions are increasingly painful - I've successfully renewed coverage with cost reduction through demonstrated program maturity

• Your peer institutions face the same challenges; I'm connected across the higher education security and privacy communities.

SERVICES MOST RELEVANT TO HIGHER EDUCATION

• GLBA Safeguards Rule compliance assessment and implementation that’s tailored for institutions of your size

• Fractional CISO / vCISO retainer will provide ongoing advisory, policy support, and senior-level presence when you need it

• AI governance framework development aims to help campuses navigating generative AI in instruction and administration

• Incident response planning and tabletop exercise facilitation that is built for the realities of a campus environment

• Data privacy program assessment that understands FERPA, state law, and institutional policy alignment

• Board and trustee briefing preparation - translating security risk into terms that resonate in the boardroom