What We Do

Services

Every engagement begins with a 30-minute discovery call, no charge and no obligation. We assess fit and scope the work together. If Herrin Advisory is not the right answer, I will tell you, and usually tell you who is.

Capacity is deliberately limited. Herrin Advisory takes a small number of clients at a time, and current availability is noted with each service. Quality of attention is the product.

Engagements are typically five-figure and up. Scope and pricing are set on the discovery call. Founding-client terms are available for the first engagements in each service line, in exchange for reference rights.

🏛 Board & Executive Advisory

A practitioner voice for boards, executives, and investors navigating cybersecurity, AI risk, and technology governance. I have sat on boards and I have briefed them as a CISO. NACD.DC Certified Board Director. Briefings run on the same multi-domain intelligence engine behind Global Race Condition, aimed at your organization.

Board Advisor Seat

For boards that want standing access to a practitioner, with preference for financial services and technology companies.

A formal advisory role: board meeting participation, quarterly preparation, and a direct line when something breaks. Capacity is limited; two seats currently available.

Board & Executive Briefings (One-Time)

Need an expert to weigh in on a topic of concern? AI risk, geopolitics, regulatory change, a pending decision.

One bespoke briefing, written and live. Custom scoped research built for your specific company, industry and threat profile, delivered in a working session with your leadership team, with the analysis that does not make it into the public brief. The written product is yours to keep.

Quarterly Briefing Program (Annual)

For organizations that want the intelligence function on retainer rather than on demand.

Reserve a calendar year of quarterly briefings on the topics that matter to your audience, timed to your board calendar. Each quarter builds on the last: the threat picture evolves, the analysis tracks it, and your leadership team stops rediscovering context from zero. Includes direct access between briefings.

Executive Decision Support

For executives facing one specific decision: a vendor selection, an architecture choice, a post-incident pivot, acquisition diligence.

Single working sessions, short structured sprints, or an ongoing retainer with async access. Every engagement ends with a written recommendation you can put in front of your board.

Product & Startup Advisory

For founders, product leaders, and investors who need honest buyer-side feedback.

Twenty-five years as a buyer of security technology, plus two successful founder exits. Pre-launch reviews, ICP validation, diligence support, and ongoing advisory seats for seed through Series B.

🛡 Fractional CISO

CISO-grade strategic guidance, board engagement, and program ownership without the cost of a full-time hire. Capacity is limited and currently waitlisted; the next slot opens in July 2026.

Advisory Retainer

For security leaders and executives who want a senior sounding board on call.

Monthly executive sessions, async access, and board briefing preparation. The lightest-weight way to keep a 25-year practitioner in your corner.

Fractional CISO (Embedded)

For growth-stage companies and mid-market firms that need the role filled, not just advised.

Board attendance, leadership coaching, roadmap ownership, vendor conversations, and incident response leadership. A real seat at your table.

Interim CISO (Bridge)

For PE portfolio companies and enterprises between permanent CISOs.

Full coverage of the role, typically three to six months, including hiring support for the permanent replacement. I work myself out of the job.

Program Assessment

For firms preparing for a material event: IPO, acquisition, major audit, or incident recovery.

A four-to-eight week assessment against NIST CSF 2.0 or your framework of choice. Board-ready deliverable, executive readout, and a remediation roadmap your team can actually execute.

🎙 Speaking & Events

Sixty-five international keynotes and counting, including RSA, Black Hat, F5 AppWorld, and InfraGard. Topics where cybersecurity intersects with business strategy, AI, and geopolitics. Every talk is built for the audience in the room. No recycled decks.

Keynotes, Talks & Workshops

For conferences, corporate events, associations, and universities.

In-person and virtual keynotes, panels, fireside chats, and half- or full-day executive and technical workshops. Custom content, pre-event planning calls, and Q&A included.

Event Hosting & Moderation

For summits, industry events, and private client gatherings.

MC and moderator work, run-of-show design, panelist preparation, live interviews, and program curation. The difference between a good event and a forgettable one is usually the person at the microphone.

Client Executive Visits

For VARs, integrators, and sales organizations that need an experienced CISO voice in the room.

Executive briefing center visits, QBRs with marquee clients, and pre-sales conversations where the client needs honest assessment rather than a pitch. No vendor quota, no product line, no upsell motion.

Regional Programs

For local firms, VARs, and consultancies in the Americas, APAC, and ANZ.

Week-long regional deployments: executive roundtables, custom briefings from the forefront of US cyber and AI, and dedicated customer meetings, all arranged by your local team. You fill the calendar. I show up and deliver.

How Engagements Work

Start. A 30-minute discovery call. You describe the problem, I tell you honestly whether and how I can help. A written proposed scope follows within five business days.

Travel. Available across the Americas, APAC, and ANZ. Travel billed at cost.

Capacity. Engagements are first-come, first-served, with a waitlist when full. Limited capacity is not a marketing line. It is how the quality stays high.

Book a Discovery Call