Rochester Information Security - About
INDEPENDENT INFORMATION SECURITY EXPERTISE
Rochester Information Security provides specialized information security consulting with a focus on governance, risk, compliance, and audit preparation. As independent consultants, we deliver personalized, high-quality service without the overhead and bureaucracy of larger firms.
LEADERSHIP
David C. Frier, CISM, CISSP, etc.
I will build and mature your company's enterprise security and compliance program by leveraging many years of hands-on experience establishing comprehensive cybersecurity frameworks in complex, regulated environments. Drawing on proven success managing SOX ITGC compliance, leading NIST CSF implementations and SOC2 audits, and directing security operations for thousands of servers across multiple data centers, I can immediately drive your certification efforts while maintaining ongoing compliance with any relevant requirements. As leaders with experience managing teams of infosec professionals, I will mentor your team while personally executing critical security operations from vulnerability management and incident response to policy development and audit coordination, ensuring that you achieve audit readiness, strengthen security posture, and protect mission-critical intellectual property across your entire estate. CISM, CISSP, CRISC, and RIMS-CRMP certifications, combined with an ability to translate technical risk into business language for executive stakeholders, position us to deliver immediate value while building a sustainable, mature security program that supports your company's continued innovation and growth.
INDUSTRY EXPERIENCE
We've worked with organizations across multiple industries including defense contracting, healthcare, financial services, technology, manufacturing, and professional services. This diverse experience provides valuable perspective on industry-specific challenges and best practices that can be applied across different sectors.
APPROACH & PHILOSOPHY
Practical Over Perfect
Security and compliance should be practical and achievable. We focus on implementing controls that effectively manage risk while fitting your organization's culture, resources, and operational realities. The goal is sustainable security, not checkbox compliance.
Business-Aligned Security
Security exists to enable and protect the business, not to obstruct it. Every recommendation considers business objectives, operational impact, and resource constraints. The best security control is one that actually gets implemented and maintained.
Clear Communication
Complex security and compliance concepts explained clearly for all audiences. Whether briefing executives, working with IT teams, or training end users, We adapt communication style to ensure understanding and buy-in. No jargon, no confusion, just clear guidance.
Knowledge Transfer
Our goal is to make your team more capable, not create dependency. Engagements include knowledge transfer, documentation, and guidance so your staff can maintain and improve security programs after the engagement ends.
PROFESSIONAL BACKGROUND
Our information security careers span multiple roles across consulting, industry, and technical implementation. This breadth of experience provides practical insights into both the strategic and tactical aspects of security program management.
Certifications & Continuous Learning
We maintain relevant industry certifications and continuously update our knowledge as frameworks evolve and new requirements emerge. Security and compliance are moving targets; staying current is essential to providing accurate, relevant guidance.
WHY INDEPENDENT CONSULTING?
Working with an independent consultant offers distinct advantages over large firms. You get direct access to senior expertise without layers of junior staff. Engagements are more flexible and responsive to your specific needs. Costs are lower without the overhead of large organizations. And the relationship is more personal; we're invested in your success because our reputation depends on it.
CLIENT SUCCESS
Our success is measured by client outcomes. Organizations we've worked with have achieved successful certifications, passed audits with zero or minimal findings, won contracts requiring compliance, built mature security programs, and established sustainable compliance processes.
HOW WE CAN HELP
Whether you're just beginning to explore compliance requirements or you're in the middle of preparing for an audit, we provide practical guidance tailored to your situation:
Starting a Compliance Journey
Not sure which framework applies to your organization? Need to understand the scope of effort required? We help you identify applicable requirements, assess your current state, and create a realistic roadmap forward.
Implementing Controls
Working through implementation but need expert guidance on specific controls or best practices? We provide hands-on support to help your team implement effective, sustainable security measures.
Preparing for Audits
Audit coming up and want to ensure you're ready? We conduct readiness assessments, help organize evidence, prepare your team, and provide support throughout the audit process.
Building Security Programs
Need to establish a mature security program from the ground up? We help design governance structures, develop policies and procedures, and implement sustainable processes.
Ongoing Advisory
Want access to expert guidance as questions arise? Retainer-based advisory services provide regular support for maintaining compliance and addressing security challenges.
INDUSTRIES SERVED
We work with organizations across multiple sectors including:
- Defense contractors and government suppliers
- Healthcare and life sciences
- Financial services
- Technology and SaaS companies
- Manufacturing
- Professional services
- Critical infrastructure
CLIENT TYPES
Our services are designed for organizations at various stages of security maturity:
Small to Medium Businesses: Organizations that need enterprise-grade security but lack dedicated security staff. We provide accessible expertise to help you achieve compliance efficiently.
Growing Companies: Businesses facing their first compliance requirement due to customer demands, contract requirements, or regulatory obligations. We help you establish strong foundations.
Established Organizations: Companies with existing security programs that need specialized expertise for specific frameworks, audit preparation, or program enhancement.
CONFIDENTIALITY
All client information is treated with strict confidentiality. Initial conversations and any information shared during consultations are protected. Non-disclosure agreements are available and standard practice for all engagements.
NEXT STEPS
Step 1: Reach out via email or phone to schedule an initial consultation.
Step 2: We'll have a discussion about your needs, objectives, and current situation.
Step 3: If there's a good fit, we'll provide a detailed proposal for your review.
Step 4: Once you're ready to move forward, we'll finalize the engagement and get started.
QUESTIONS?
Have questions before reaching out? Here are answers to common inquiries:
Q: Do you work with organizations outside the United States?
A: Yes, we work with international clients. Most services can be delivered remotely, and we're experienced with international standards like ISO 27001.
Q: What size organizations do you typically work with?
A: We work with organizations ranging from small businesses to large enterprises. Service delivery is scaled appropriately for organization size and needs.
Q: How quickly can you start?
A: It depends on current commitments, but we often can begin new engagements within 1-3 weeks of agreement.
Q: Do you offer fixed-price engagements?
A: Yes, most project-based work is offered at fixed prices with clearly defined deliverables. Retainer and hourly arrangements are also available.
Q: Can you work with our existing IT team or security staff?
A: Absolutely. We complement existing teams and focus on knowledge transfer so your staff becomes more capable.
LET'S TALK
We look forward to learning about your organization and exploring how we can support your security and compliance objectives. Reach out today to schedule a consultation.