Parallax
Risk & Security

// Information Security Consulting

Security Without
Compromise.

Strategic cybersecurity advisory for organizations that cannot afford to get it wrong — from CMMC and compliance programs to fractional CISO leadership and OT security.

Start a Conversation

CMMC

Level 2 & 3 Readiness

vCISO

Fractional Leadership

OT/ICS

Manufacturing Security

20+

Years Experience

// Services

What We Do

01

vCISO Services

Fractional security leadership for organizations that need CISO-level judgment without a full-time hire.

FractionalStrategicBoard ReportingRetainer

Monthly retainer

02

Compliance Programs

SOC 2, ISO 27001, HIPAA, PCI DSS, and Cyber Essentials programs designed for audit readiness and commercial credibility.

SOC 2ISO 27001HIPAAPCI DSSCyber Essentials

Project-based

03

Security Assessments

Risk-based gap analysis against NIST CSF, CIS Controls, and industry-specific frameworks — with a prioritized remediation roadmap.

NIST CSFCIS ControlsGap AnalysisRisk

Project-based

04

OT / ICS Security

Industrial control system security reviews for manufacturing environments where uptime and safety constraints are non-negotiable.

IEC 62443SCADAOT/IT ConvergenceManufacturing

Project-based

05

Incident Response Readiness

IR program design, planning, and tabletop exercises — so your team knows exactly what to do before an incident happens.

IR PlanningTabletop ExercisesPlaybooksPreparedness

Project-based or retainer

06

Security Program Management

Disciplined program management for security initiatives, tool deployments, and regulatory programs that need to stay on track.

Program ManagementGovernanceRoadmapExecution

Retainer or project-based

// Government & Defense

Government & Defense

01

CMMC Readiness

End-to-end CMMC Level 2 and Level 3 readiness programs — from gap assessment through evidence collection and audit preparation.

CMMC 2.0Level 2Level 3C3PAO Prep

Project-based

02

NIST SP 800-171 Compliance

Full implementation of the 110 security requirements in NIST SP 800-171 for organizations handling CUI.

NIST 800-171CUIDFARSDIB

Project-based

03

ITAR / DFARS Compliance

Export control compliance and DFARS cybersecurity clause implementation for defense manufacturers and technology companies.

ITAREARDFARSExport Control

Project-based

04

Defense Security Assessments

Security posture assessments specifically designed for defense contractors, federal suppliers, and organizations in classified environments.

DIBNIST 800-53Supply ChainDefense

Project-based

// Why Work With Us

Practitioner-Led

Every engagement is led by a senior practitioner who has built and run security programs at the CISO level — not staffed by generalists following a playbook.

DIB & Commercial Depth

We operate across both defense and commercial environments — CMMC, ITAR, and OT security alongside SOC 2, ISO 27001, and vCISO engagements. Few firms do both credibly.

Outcome Oriented

We measure success by audit outcomes, posture improvement, and board confidence — not deliverable count or billable hours.

// Free tool

Not sure where you stand?

Take our free 15-minute self-assessment. Answer 30 questions, select your framework, and get a report showing your alignment and priority gaps — no account required.

Start free assessment →

Ready to strengthen your
security posture?

No obligation — let's discuss your environment.

Get in Touch