Home Services Pricing Insights About Book Your Security Assessment
About

I am the engineer
you would hire.

No project manager, no junior staff, no handoff. You work with me directly, from the assessment through the build.

Founder & Principal

William Waldman

Veteran-Owned

I served in the U.S. Air Force and spent three years in Department of Defense SOC operations. I hold CompTIA Security+, and I work in GRC, RMF, and NIST. I built Waldman Systems to bring that discipline to firms that hold sensitive client data and cannot afford to get security wrong.

A small law firm runs on Microsoft 365 and carries a duty to protect client confidences under its bar rules on technology competence and confidentiality. Most firms have never had that environment assessed. I secure it, document it, and keep it current, then automate the manual work that slows the firm down.

I run my own mail infrastructure on Postfix and Dovecot. I understand email security at the protocol level, not just the admin dashboard. That is the difference between a vendor who reads you a Secure Score and one who can tell you why your DMARC is failing.

I take a limited number of firms at a time. When your firm is in an engagement, you have my attention. You are not one of fifty accounts on a queue.

Credentials & Background
U.S. Air Force Veteran Military service · Veteran-owned business
CompTIA Security+ Certified · Core security fundamentals
3 Years DoD SOC Operations Security monitoring · Incident response · Threat triage
GRC · RMF · NIST Governance, risk, and compliance frameworks
Infrastructure Automation Self-hosted Postfix & Dovecot mail · Protocol-level email security
Microsoft SC-200 Microsoft Security Operations Analyst In Progress
My Methodology

Assess. Harden. Document.
Automate. Maintain.

The same sequence on every engagement. I secure the foundation before I build anything on top of it.

01

Assess

I review your Microsoft 365 tenant against your confidentiality and data-handling duties. MFA, conditional access, sharing, mail flow, and account privilege all get checked and written up.

02

Harden

I fix what the assessment finds. MFA and conditional access go on. Permissions drop to least privilege. Email gets anti-phishing, SPF, DKIM, and DMARC.

03

Document

I write down what changed and why. You get a record you can hand to a client, an insurer, or the bar. Nothing about your security is a black box.

04

Automate

With the foundation secure, I automate the manual work. Matter reminders, intake routing, time tracking, and follow-up tasks run inside Microsoft 365.

05

Maintain

I keep the controls current. Patching, access reviews, and a monthly report. On a retainer, I am on call when something breaks.

06

You own it

Every engagement ends with documentation you can read and follow. If you ever stop working with me, you keep the controls, the records, and the automations.

Why Work With Me

What makes this different.

1

Security background, not just automation

I came up in DoD SOC operations and GRC. Most automation consultants do not think about access control until something breaks. I start there.

2

Built for a law firm's duties

I map what I do to your confidentiality and data-handling obligations, so your security is something you can show a client or an insurer, not just claim.

3

A limited number of firms at a time

I am not managing fifty accounts. When your firm is in an engagement, you have my full attention and a direct line to me.

4

You keep what I build

Documentation, controls, and automations are yours. No lock-in, no dependency on me to keep the lights on.

Start with the assessment

A fixed-fee review of your Microsoft 365 environment. Written risk findings, prioritized fixes, and a scoped remediation plan. The $1,500 is credited toward your first retainer month if you continue within 30 days.

Book Your Security Assessment View Services