Woodstock, GA · Serving organizations statewide

Security leadership, at the depth your business actually needs.

Orcannus provides fractional CISO leadership and cybersecurity consulting for Georgia defense contractors, manufacturers, healthcare organizations, and government and education entities — the ones too exposed to skip security, and too lean to carry a full-time executive for it.

Two service models
CMMC 2.0 readiness
HIPAA aligned
Georgia-based, in person
What we do

Two ways to work together.

Every engagement lands at one of two depths — a defined project, or a standing seat at the table. Nothing else. No bundled products, no upsell path — just the security leadership and expertise your organization needs, scoped honestly.

Targeted depth · project-based

Cybersecurity Consulting

Defined scope, defined deliverable, defined end date. Brought in to close a specific gap — a compliance deadline, an assessment, a plan that needs to exist before you can move forward.

  • CMMC 2.0 gap assessments & SPRS scoring
  • Risk & vulnerability assessments
  • Security policy & procedure development
  • Incident response planning
  • Vendor & third-party risk review
  • HIPAA control mapping
Full depth · embedded & ongoing

Fractional CISO

Standing security leadership on a recurring, part-time basis — the strategic seniority of a full-time CISO, scaled to the hours your organization needs and priced accordingly.

  • Security strategy & program ownership
  • Board & leadership reporting
  • Budget planning & vendor management
  • Ongoing compliance maintenance
  • Audit & assessment representation
  • Incident command when it counts
Who we work with

Built for four kinds of exposure.

Each of these industries carries obligations that outgrow a part-time IT person, long before they justify a full executive hire.

DEFENSE

Defense contractors

CMMC 2.0 Level 1 and Level 2 readiness for the defense industrial base — SPRS scoring, POA&M management, and audit preparation.

MANUFACTURING

Manufacturing

Protecting operational technology, intellectual property, and supply chain relationships from the threats that actually target this sector.

HEALTHCARE

Healthcare

HIPAA-aligned security programs for practices and organizations that can't afford a breach — or the fine that follows one.

GOVERNMENT & EDUCATION

Government & education

FERPA-aligned data protection and security programs for school systems, and security leadership for local government offices navigating limited budgets and real exposure.

How it starts

Three conversations before anything is scoped.

01

Discovery call

A straightforward conversation about where your organization stands today — what's regulated, what's at risk, and what's actually keeping you up at night. No pitch, no pressure.

02

Scope & proposal

A written proposal naming the exact deliverables, timeline, and cost — for a consulting engagement, or the recurring structure for a fractional arrangement. You'll know precisely what you're agreeing to.

03

Engagement

Work begins on the agreed cadence, with regular check-ins and plain-language reporting — to you, or to your board, whichever the engagement calls for.

About Orcannus

Based in Woodstock. Focused on Georgia.

Orcannus is a Woodstock, Georgia-based practice built around one idea: most small and mid-sized organizations need real security leadership long before they can justify — or afford — a full-time executive to provide it.

That's the entire practice. Fractional CISO leadership and cybersecurity consulting, delivered in person to organizations across Georgia, without a product to sell or a suite to upsell into.

Credentials & standards
  • Cybersecurity Degree — SPSU '11
  • Certified AI Expert — Coursera
  • Certified FERPA — ed.gov
  • Experienced CMMC-AB — Cyber AB
  • Certified Ethical Hacking
  • Ongoing (ISC)² Security — CISSP
  • 30+ years industry experience
Questions

Before you reach out.

A fractional CISO acts as your organization's chief information security officer on a part-time or embedded basis — setting strategy, owning the risk register, reporting to leadership, managing budget and vendors, and making sure your program actually maps to what applies to you, whether that's CMMC or HIPAA.

Orcannus is based in Woodstock, Georgia, and focuses primarily on Georgia-based organizations, with in-person availability statewide. Engagements outside Georgia are considered case by case — reach out and we'll talk through what makes sense.

Defense contractors preparing for or maintaining CMMC 2.0 compliance, manufacturers protecting operational technology and IP, healthcare organizations managing HIPAA obligations, and government and education entities managing FERPA and public-sector security requirements.

Consulting is scoped and time-bound — an assessment, a policy set, a plan. Fractional CISO is ongoing and embedded — a standing role with recurring hours and accountability over time. Many clients start with consulting and move into a fractional relationship once the immediate gap is closed.

A full-time CISO typically commands a six-figure salary plus benefits, before factoring in the time to recruit one. A fractional arrangement gives you the same strategic seniority at a fraction of the cost, scaled to the hours your organization needs. Exact terms depend on scope — reach out for a quote.

Get in touch

Let's figure out your depth.

Pick a time below for a discovery call, or reach out by email. Tell me where your organization stands and what's driving the urgency — an audit, a contract requirement, or a gap you already know is there.

Based in Woodstock, GA · Cherokee County
Serving Organizations statewide across Georgia