No project manager, no junior staff, no handoff. You work with me directly, from the assessment through the build.
I served in the U.S. Air Force and spent three years in Department of Defense SOC operations. I hold CompTIA Security+, and I work in GRC, RMF, and NIST. I built Waldman Systems to bring that discipline to firms that hold sensitive client data and cannot afford to get security wrong.
A small law firm runs on Microsoft 365 and carries a duty to protect client confidences under its bar rules on technology competence and confidentiality. Most firms have never had that environment assessed. I secure it, document it, and keep it current, then automate the manual work that slows the firm down.
I run my own mail infrastructure on Postfix and Dovecot. I understand email security at the protocol level, not just the admin dashboard. That is the difference between a vendor who reads you a Secure Score and one who can tell you why your DMARC is failing.
I take a limited number of firms at a time. When your firm is in an engagement, you have my attention. You are not one of fifty accounts on a queue.
The same sequence on every engagement. I secure the foundation before I build anything on top of it.
I review your Microsoft 365 tenant against your confidentiality and data-handling duties. MFA, conditional access, sharing, mail flow, and account privilege all get checked and written up.
I fix what the assessment finds. MFA and conditional access go on. Permissions drop to least privilege. Email gets anti-phishing, SPF, DKIM, and DMARC.
I write down what changed and why. You get a record you can hand to a client, an insurer, or the bar. Nothing about your security is a black box.
With the foundation secure, I automate the manual work. Matter reminders, intake routing, time tracking, and follow-up tasks run inside Microsoft 365.
I keep the controls current. Patching, access reviews, and a monthly report. On a retainer, I am on call when something breaks.
Every engagement ends with documentation you can read and follow. If you ever stop working with me, you keep the controls, the records, and the automations.
I came up in DoD SOC operations and GRC. Most automation consultants do not think about access control until something breaks. I start there.
I map what I do to your confidentiality and data-handling obligations, so your security is something you can show a client or an insurer, not just claim.
I am not managing fifty accounts. When your firm is in an engagement, you have my full attention and a direct line to me.
Documentation, controls, and automations are yours. No lock-in, no dependency on me to keep the lights on.
A fixed-fee review of your Microsoft 365 environment. Written risk findings, prioritized fixes, and a scoped remediation plan. The $1,500 is credited toward your first retainer month if you continue within 30 days.
Book Your Security Assessment View Services