I provide services of information security consulting, technology strategy consulting, or a combination of the two, which often has a focus on IT operations assurance. Here are some examples of typical customers and work for them:

	For early stage technology companies, I provide technology strategy development, often an acting as Chief Technology Officer or working closely with executives and engineering leaders. These projects focus on articulation, selection, and alignment of market needs, innovative approach to meet those needs, customer perceived benefits enabled by the approach, and an account of potential substitute goods, alternatives, competition, and inaction.
	For small to medium sized technology companies, I provide similar services, but often specifically focused on the role of information security in the company's target markets, product definition, technical capabilities, integration, deployment, competitive factors, or customer perception. In some cases, the acting-CTO role is also part of the project, while in other cases it includes the security-related product and market strategy below.
	For established technology firms, I provide product and market strategy, including security-related competitive analysis; impact on product line and company competitive positioning; effect on product definition, packaging, delivery and deployment, including channels and integrators.
	For new and established technology firms, I provide security-specific technical consulting on the security-related or security-relevant aspects of technology and product. These services typically include security architecture, design, or review of applications, systems, and services;
	For enterprise IT organizations I provide security program review, design, and development, and related consulting on security technology acquisition, usage, practices, procedures, and risk management. In some cases, the focus on the company's IT security programs and practices, while in other cases the focus is on security technology design and deployment planning.
	For larger enterprise IT organizations I provide services related to IT operations assurance, often in a datacenter setting. Operations assurance includes but does not focus on technical security, but instead encompasses technology and practices related to critical system identification, management, integrity, reliability, accountability, and audit of IT asset management. Particularly in growing or maturing IT operations teams, the drive for higher accountability, together with internal or external compliance issues, creates a need for the definition of assurance practices or processes, in which there can be high value in the perspective of a previously uninvolved party.

Experience for these services draws on over 25 years in development and management in technology businesses that have been focused on distributed computing or information security.

Here you can also find some opinion, commentary, and information on a number topics, but with similar perspective and a focus on what I think is the essential point.

	In my Blog I focus on innovation and value, often with a slant to security, providing a running commentary on the continuing stream of tech innovations and why some create value and often others don't.
	My series of Selected Shorts consists of newsletter articles on security topics, each with a goal to de-mystify an issue that usually has a much simpler main point than the buzzwords would suggest.
	I also provide a listing of some mostly online Resources that I find useful - reference sites, news outlets, blogs, books, etc. - in either or both of the spheres of security/privacy/trust and innovation/creation/value.