We provide
Strategic Security Services.

About Us

We Get It.

You have an organization to run. You know that cybersecurity is important, but you can't take your eyes off the ball, and devote dedicated security resources that distract from your main mission. We know that you have a "day job", and that it's not cybersecurity. Let us help you design and implement a security program and appropriately scaled security processes tailored for the type, size, and maturity of your organization.

We believe strongly in collaboration and client empowerment as part of a resilient security framework, and work with our clients to ensure appropriate knowledge-transfer to enable effective security tasks to be performed by internal resources.

Above all, we are client-focused. We work hard to understand what is right for your organization, and provide honest, independent advice that fits and supports your business, size, and culture. We apply our broad and deep experience to help our clients make good decisions for managing security risks.


We only assign seasoned, experienced, senior resources to your projects.

We are not security purists; security is not a goal unto itself. We approach security within the context of how it enhances and enables business processes and advances the organizational mission.

We listen, we observe, and we customize our approach to address the specific needs and unique qualities and situations relevant to your organization. We don't apply cookie cutters, or try to force a square peg into a circular receptacle.

We are dedicated to client empowerment. We are happy to work ourselves "out of a job" with your organization, by maximizing the transfer of knowledge and skills related to security and assurance to your internal staff. We want to "teach you to fish", or to become your own aquaculturist, if you so desire.


What We Do.

At Positroniq, we help to protect organizations through assessment and advisory services designed to improve security, risk, and compliance programs and processes. Our consultants have many years of experience in providing security and risk-focused consulting services to a broad array of clients in financial services, healthcare, biotech, energy, retail, technology, and other industries, including members of the Fortune 500. We provide an objective view of security posture and IT risk management strategy, based on leading practices and an understanding of industry-specific standards and requirements.

Security Strategy

Alignment of information security and data privacy programs with business plans, IT plans, product and service roadmaps,  enterprise risks, and legal and standards requirements.

Development of information security and data privacy strategic plans including vision, mission, multi-year objectives, and current year goals.

Security Program

Preparation of information security, data privacy, IT audit, and compliance guidance documents - including policies, standards, procedures, work instructions, and process maps

Preparation of the business case for information security and data privacy investments and projects (justification and prioritization)

Optimization of information security, data privacy, IT audit, and compliance organizational structures and their linkage to the rest of the organization

Development and delivery of security and privacy awareness and training materials

Privacy and Compliance

Development of strategies and plans for effectively managing compliance with requirements from multiple sources (e.g., laws, regulations, and industry standards such as HIPAA/HITECH, GLBA/FFIEC, 201 CMR 17.00, Payment Card Industry Data Security Standards, etc.)

Assistance with practical risk-based adherence to various security and privacy frameworks standards (e.g., ISO 27001/27002/27005, NIST 800 series, CObIT, SOC 1 / SOC 2 readiness, OpenSAMM, BSIMM, Privacy Shield, GDPR, Generally Accepted Privacy Principles, etc.)

Application Security

Assessment of  product development and security operations, program, and practices.

Implementation or integration of security practices into development operations.

Evaluation of planned products and services (review of features vs. market needs, compliance risk evaluation, and threat modeling.)

Security Leadership

Interim or fractional Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO) roles

Security Awareness

Development, customization, and delivery of security awareness training, ranging from general security awareness for non-technical staff, to secure design and development practices for software product teams.


Get In Touch.

Contact Information
Postal Mail

2311 N. 45th Street #212
Seattle, WA 98103

Email Us At