I bring the same rigorous, AI-augmented assessment methodology I use for the Defense Industrial Base to Pacific Northwest companies that need mature cybersecurity programs — without the cost or overhead of a full-time CISO.
Part-time, embedded security leadership at the executive level. Policy, risk management, board reporting, and program maturation on a schedule that fits your business.
System Security Plans, gap analysis, POA&Ms, and control implementation that stands up to DIBCAC or C3PAO assessment — because I have led those assessments.
The same methodology that reduced SSP drafting time from weeks to hours. Faster, higher-quality artifacts with explicit source citations.
Objective third-party reviews of your current program before a formal assessment or audit. Find the gaps that matter.
Deep-dive interviews, architecture review, and evidence collection. I map controls to your actual operations — not theoretical policies.
Iterative synthesis of System Security Plans, gap analysis, and draft POA&Ms with inline citations back to source documentation.
Hands-on or advisory support to close gaps. I prioritize what actually moves the needle on risk and audit readiness.
Most fractional CISOs have never sat on the other side of the table during a formal DIBCAC assessment. I have led them. I know exactly what assessors look for.
Barry Morgan is a U.S. Navy submariner turned enterprise technologist with 20+ years experience. Since 2022 he has served as Cybersecurity Assessor with DCMA/DIBCAC, pioneering AI-augmented methodologies.
Seattle CISO makes that assessor-grade expertise available to organizations before they face a formal assessment.
Whether you are preparing for a CMMC assessment or need an interim security leader — I am ready to help.