About NonaSec
Straightforward security consulting from people who've been there
Leadership & Experience
Delivering enterprise-grade cybersecurity expertise through hands-on experience and proven results.
With over 17 years in the trenches of cybersecurity, Chris brings hands-on experience across military, defense, and commercial environments. From defending critical infrastructure to leading incident response investigations for Fortune 50 companies, he's seen what works and what doesn't.
Chris developed insider threat programs for global enterprises and pioneered incident response and digital forensics workflows for worldwide response teams. His work includes threat hunting in support of the Olympics, uncovering foreign misinformation content farms during presidential campaigns, and developing actionable intelligence during zero-day investigations.
His work has been featured in The New York Times for critical cybersecurity investigations, and he has appeared on multiple podcasts discussing emerging security trends and threat intelligence.
As founder of NonaSec, Chris delivers enterprise-grade security expertise through a boutique model that combines technical depth, operational leadership, and strategic insight to help organizations strengthen resilience against evolving threats.
Professional Certifications
Industry-leading certifications ensuring expertise stays current with evolving threats and best practices
Who We Serve Best
We specialize in helping growing companies (50-500 employees) in healthcare, SaaS, and professional services achieve compliance and strengthen their security posture without breaking the bank or overwhelming their teams.
Growing Companies
Companies with 50-500 employees who need enterprise-level security expertise but don't have the budget for Big Four consulting fees.
Compliance-Driven
Organizations facing HIPAA, SOC 2, PCI DSS, or other regulatory requirements who need practical guidance, not just checkbox audits.
Results-Focused
Leadership teams who want actionable security improvements, not 200-page reports that sit on shelves gathering dust.
How We're Different
Unlike firms that hand you a 200-page report and disappear, we provide prioritized 90-day action plans with ongoing support to ensure you actually implement improvements.
Actionable Deliverables
Instead of overwhelming reports, you get clear priorities with specific steps, responsible parties, and realistic timelines. Plus weekly check-ins for the first month.
Same-Day Decisions
Need to adjust scope mid-project? Want to add a new requirement? No committee meetings or change order delays—just a quick conversation and we adapt immediately.
No Junior Staff
Every hour you pay for is delivered by someone with 17+ years of hands-on experience. No recent graduates learning on your time or inflated bills for basic work.
Implementation Support
We don't just identify problems—we help you fix them. From policy templates to vendor selection guidance, we stay engaged until your security program is running smoothly.
Our Approach to Confidentiality
You won't find a client list on our website. That's intentional. The best security is invisible, and our clients prefer it that way. Every engagement starts with a mutual NDA—your security challenges, business strategies, and even the fact that you're improving security all stay confidential.
We protect your information with the same rigor we recommend for your business. Encrypted communications, secure file transfer, and strict access controls aren't just things we preach—they're how we operate every day.
Let's Discuss If We're the Right Fit
Every engagement starts with a conversation. No sales pitch, no pressure—just an honest discussion about your challenges and whether we can help.
What to Expect from Our Consultation:
Common questions we address upfront: Budget ranges, typical timelines, team availability requirements, and whether your situation is a good fit for our expertise. View our transparent, fixed-fee pricing.