birchny

$ whoami

IT, security, and compliance — built for companies too small to have their own team for it.

Founder-led IT support, cybersecurity, and security compliance for startups and small businesses.

$ contact --start

$ services --list

// it-support

IT Support

Day-to-day IT that scales without an in-house team: endpoints, infrastructure, and help-desk-level support.

// cybersecurity

Cybersecurity

Practical, right-sized security programs: cloud security, identity & access management, endpoint protection, incident response, and SOC-style monitoring.

// compliance-grc

Security Compliance & GRC

SOC 2, ISO 27001, HIPAA/GDPR/CCPA-aligned programs, audit readiness, and policy and risk management — the part that unblocks deals.

$ cat about.md

I specialize in building and running cybersecurity programs — cloud security, data security governance, endpoint protection, identity & access management, incident response, network security, risk management, and SOC operations. I've done this across security, fintech, ad-tech, legal, and e-commerce, which means I've seen how the same control looks different depending on who's asking (an auditor, an investor, or a customer's security questionnaire).

Before specializing, I spent over a decade in IT and security more broadly, which is part of why I don't treat security as a bolt-on: it has to work with the infrastructure you actually have.

On the compliance side, I read the regulations (GDPR, CCPA, HIPAA) so you don't have to, and translate them into frameworks that hold up — NIST, COBIT, FedRAMP, SOC 2, PCI DSS, and ISO 27001. The goal isn't a binder on a shelf; it's a program that passes audits and doesn't slow the business down.

$ contact --start

Tell me about what you're working on.