I think the best way to learn, especially in technology and security, is through real, hands-on experience. I’ve spent over 30 years working in IT across different organizations. Over the years, I’ve worked as a support technician, senior infrastructure administrator, and cybersecurity manager. I’ve also led big projects and helped teams switch from older systems to cloud platforms. 

Over the past several years, I’ve moved from technical IT work to focusing on security and risk. I made this change after seeing how much organizations need clear, simple advice to stay safe. To help with this, I earned two respected certifications: ISACA’s CRISC and the Canadian Risk Management (CRM) designation. These connect my IT experience with a broader view of risk. 

Now, I provide cybersecurity risk consulting for nonprofits and small startups. I help with awareness training, security and maturity assessments, and give strategic advice to leaders. My approach is clear and organized, so small teams get the same quality of guidance as large organizations, but at a price they can afford. 

CRISC is a certification for people who handle IT risks. It shows you can spot risks, explain them to leaders, and help organizations pick the right controls to stay safe. 

CRM is a designation that teaches the elements of risk management. It covers how to find risks, understand their impact, and plan simple, practical steps to reduce them throughout the organization.