AI Governance & IT Risk Advisory
15+ years from building servers and databases in the datacenter to auditing enterprise systems and managing risk for financial services. Threat-informed risk assessment, AI governance, CRI Profile implementation, and control design — with hands-on technical depth behind every engagement.
Threat-Informed Methodology
A 12-stage process grounded in NIST CSF 2.0 — from asset classification through threat profiling and coverage analysis to evidence packaging. Likelihood is driven by adversary behavior, not opinion. Impact is driven by control gaps, not guesswork. Every finding is traceable.
Frameworks & Standards
Grounded in the frameworks that matter to regulators, auditors, and boards.
NIST CSF 2.0
Cybersecurity Framework
NIST AI RMF
AI Risk
MITRE ATT&CK
Threat Intelligence
CRI Profile
Financial Services
SCF
Secure Controls
ISO 42001
AI Management
EU AI Act
Regulation
OWASP LLM Top 10
AI Security
CIS Benchmarks
Hardening Standards
COBIT 2019
IT Governance
NIST SP 800-53
Security Controls
FAIR
Risk Quantification
Mentors
I owe my level of expertise to these three professionals. Each shaped a different dimension of how I approach risk, audit, and governance work.
Neil Lindholm
View on LinkedIn
Recruited me from IT management and trained me in ISACA COBIT-based audit methodology — the foundation of everything I do.
Satya Vithala
View on LinkedIn
Trained me in MITRE ATT&CK, CRI Profile, and threat-informed risk assessment to meet regulatory requirements.
Vince Werling
View on LinkedIn
Shaped my ability to turn technical analysis into corporate audit deliverables with enterprise impact at S&P Global.
Let's Work Together
Available for consulting engagements in AI governance, IT risk assessment, and threat-informed audit for financial services.