Better Decisions.
High-Stakes Environments.
Boutique advisory firm. Two practices: cyber and technology risk, and maternal and child health policy. Nick and Jessica Ashley lead every engagement.
Cyber & Technology Risk Advisory
For critical infrastructure operators, federal programmes, and regulated enterprises where a security failure means a regulatory penalty, an operational outage, or a mission consequence.
Cyber & Technology Risk →Health Policy Advisory
Maternal and child health policy for government agencies, health systems, and foundations where the gap between what the evidence says and what gets implemented has real consequences for real people.
Health Policy →Our Thesis
The domain changes.
The problem doesn't.
Cyber risk and health policy are different fields with different buyers, regulators, and failure modes. The underlying challenge is the same: making a call when the information is incomplete, the stakes are real, and getting it wrong costs more than getting it right.
You work with the person whose expertise you engaged. Nick leads every cyber engagement. Jessica leads every health policy engagement.
About the firm →Proprietary Frameworks
Frameworks built for the problem,
not borrowed from an adjacent one.
ATLAS, CCTM, and SENTINEL came out of live deployments at MISO Energy and U.S. Cyber Command, environments where a wrong model produces a $1M/day regulatory penalty or a failed operation, not a missed KPI.
The Team
Two advisors. No associates.
Latest Insights
All insights →The Human Layer Is the Attack Surface
Adversaries exploit attention, trust, and the decision shortcuts that govern behaviour under pressure. Standard threat models don't account for it.
NERC CIP Compliance Is Not Grid Security
Passing the audit and securing the grid are different objectives. The gap between them is where breaches happen.
Executive Risk Reporting Should Drive Decisions, Not Document Risk
Boards act on financial exposure and operational consequence. Vulnerability counts and severity ratings don't give them that.