What Do I Do, Exactly?
I design, build, and deliver processes, programs, and culture you need to amplify your business, cyber, and operational resilience. Need help meeting or exceeding the information security expectations of your partners, clients, or shareholders? You may have come to the right place.
How Can I Help You?
That’s the important question. You may be in the right place if you’re a:
- VC/Board Member seeking an external, independent resource/perspective
- Member of a leadership team who needs guidance in the contexts of resilience, information security, risk management, and/or compliance
- Legal counsel seeking expert witness/SME
- Academic/writer/journalist/security researcher
- Someone new to applied resilience/infosec/technology seeking mentoring
Or maybe yours is a unique situation. That’s cool. Use the contact info at the end, arrange a quick chat, see if we’re a fit. If not, I can point you in the right direction.
To avoid over-engineering and enhance flexibility, we’ll begin by determining which deliverables fit your situation. A core principle of my methodology is a lean, agile approach that gets to good fast, with great or ideal as a second or third-phase goal.
Here’s a sample of some deliverables:
- Threat Models (To ensure we don’t over-engineer things and answer important questions like: How much of your owned risk is acceptable? What’s not worth worrying about? What is?)
- Logical Data Flow Diagrams (Cool, colorful data inventory diagrams answer questions like: How does information flow into your organization, where does it live, who has access to it, and where does it go?)
- Data Classification Plans (An important step to protect your own data and that of your clients. Data is valuable but not all data is valued equally.)
- Live and Simulated Incident Response Exercises (The most valuable time you can spend with your team)
- and more!
Why Work With Me?
Teams know me as a resourceful collaborator, and leader, a people-focused generalist who understands the hidden machinery and how it fits together, especially in the context of technology and risk. I elevate your business, cyber, and operational resilience to ensure you can stay focused on your adaptation, growth, and success.
Who Am I?
My name is Chad Calease.
Professionally (for nearly 20 years), I’ve been a partner to business leaders who rely on my expertise to prepare their organizations for strategic response to a broad spectrum of unplanned scenarios.
Personally, my Twitter bio sums me up well:
he|him|dude, parent, partner, ludic, neurodivergent, grateful for many gifts. Mom said, “There’s always one weirdo on every bus.” But I can never find them.
Pragmatic vs. Academic
It’s not uncommon to hear stories of IT/security advisors with strictly academic approaches to their recommendations. In reality, it’s okay to have good as a starting or short-term goal, to elevate your organization’s resilience quickly and achieve a sustainable and workable approach with great as a next-step type of goal.
My guidance is tailored to your needs, capabilities, and budget. Technology and/or security purism has its place but I focus on outcomes that produce value right away.
How Does This Work?
The process is fast.
I guarantee you’ll learn things you didn’t know about your operations. Some of them good.
Get in touch using the contact info at the bottom. Through quick conversations, I build colorful and easy-to-understand risk and threat models of your operations in its current state. Then, together we decide what next steps make sense for a future-state model that achieves your goals. We do this in a phased approach & each step is decided by you.
I ensure we don’t over-engineer things so we don’t bring a tank to a knife fight. We build a strategy aligned with the size & scope of your industry, as well as relevant compliance laws to demonstrate your commitment to good practices for your own clients.
The diagnostic process can take a few days to a few weeks, depending on the complexity of your organization. Oh, and I’m there for implementation, too. I don’t walk away after analysis & recommendations are made & the invoice is paid like way too many consultants do.
How Else Can I Help?
I often answer questions like:
- “We’ve been hacked! Can you help?” I prefer to work with clients pro-actively before something not awesome happens but it’s not unusual to be introduced to clients on the worst day of their lives. I’m experienced with Digital Forensics & Incident Response across a broad spectrum of events.
- “Is our technology fit-for-purpose?” I might analyze your current IT, security & general technology environment & help you define, prioritize & measure alignment to the needs of your organization & then address gaps.
- “Is my office/home network secure?” I might assess your operational resilience then help you prioritize & mitigate concerns.
- “Are we aligned to industry expectations?” I might assess your organization’s alignment to your industry’s compliance expectations with international privacy & data protection frameworks, laws & standards, including ISO, GDPR, HIPAA, PCI, CCPA & more.
- “Who has access to our (and our clients) information?” I might help you define and reduce your organization’s third-party risk to meet the expectations of existing and/or new business clients.
- “We need everything. Can you help?” I might design & help you build lean, predictable startup technology infrastructure & strategy to make the most of your investments in IT, resilience, risk management, & outsourcing to the cloud.
Some related services include:
- Help your organization provide informed & appropriate responses to your clients’ security/GRC (Governance, Risk, & Compliance) questionnaires & requirements
- Help you build operational resilience against a broad spectrum of unplanned events & changes that impact your productivity, reputation, & bottom line
- Guide you through strategic incident response to unplanned disruptions to your business, like cybercrime, human error, & global events
- CrashCourse –> In 20 minutes or less, I will elevate your team’s understanding & capacity to handle unplanned events that disrupt regular business operations
- Advise on how to create & formally introduce your own, internal resilience program & team/steering committee
- Serve as your board’s technology, information security & resilience subject matter expert
- Help you build a resilience mindset & a team culture focused on eliminating preventable losses across your operations
- Establish your 3rd-party risk assessment process for governance, risk management & compliance purposes
- Verify you’re not over/under-cyber/liability-insured
- Keep you informed on current, relevant & emerging threats & applied resilience engineering practices
- Conduct annual team incident-response simulations (remote/table-top)
- Ensure technical information brought to you is accurate, complete & what actions to take with it
When Might I Help?
I can help when you’re frustrated or impatient about the IT, security, & resilience (or lack thereof) in your organization. Maybe you’re concerned about your alignment to industry standards & risks to your organization. I can help you ask the right questions of your current providers, verify the accuracy and completeness of the responses you receive, and synthesize all of that information into step-by-step, actionable intelligence you decide on.
Who Have I Helped?
All my work is under mutual non-disclosure agreements (mNDAs) to protect all parties, so affiliations aren’t acknowledged here. Please get in touch, I’m happy to share relevant bits and lessons learned, as appropriate. If we work together you know I treat you and your organization with the same level of discretion and respect.
I Work For You
While I work with you, your team, and your larger orbit of clients, partners, vendors, service providers, etc. I have allegiance only to you. I provide an agnostic, objective, and practical perspective. My analysis, synthesis, and guidance are truly independent. I answer only to you. I focus on your interests and concerns.
Confidentiality: Every conversation with me is confidential. mNDAs can be arranged.