Background
I founded EFROS in 2009 after fifteen years of enterprise IT and cybersecurity work. The goal was simple: build the kind of technology partner I wished had existed when I was on the other side of the table as a CIO. Security-first, operationally rigorous, and accountable by SLA. Sixteen years later, that's still the engagement model.
I see how the pieces connect before others see the pieces themselves. That's what the work is — infrastructure, security, and integration are three disciplines that have to move together to produce the outcomes clients actually care about. Most vendors sell one piece and hope the handoffs work out. We run all three under one SLA because that's the only version of the model that doesn't fall apart during real incidents.
Focus areas
- Security-first enterprise architecture
- MSP/MSSP operations at scale (500+ client environments)
- Zero Trust implementation (NIST SP 800-207, CISA ZTMM)
- Compliance programs: SOC 2, HIPAA, PCI-DSS, CMMC, FFIEC
- Incident response and ransomware readiness
- Cloud migration across AWS, Azure, GCP
Credentials
Certifications listed below are verifiable through the issuing bodies. The field experience is what actually matters — these are the minimum bar for the work we do, not the ceiling.
Writing
I write most of the EFROS blog. Topics come from client work. When the same question surfaces across multiple engagements, that's usually a sign the market is underserved on the topic, and I'll spend a few hours writing up what we've learned. Recent pieces cover the 2026 threat landscape, the MDR vs EDR vs XDR decision, and the CMMC 2.0 roadmap for defense subcontractors.