Get to know me

Over a Decade of Cybersecurity Advisory for Fast-Growing and Regulated Organizations

About Me

Hi, I’m Andrew Brosman, and I help organizations make smarter, faster, and more practical security decisions.

With a background in Accounting and Cybersecurity, I’ve spent the last decade guiding companies through their toughest risk, compliance, and security challenges. Whether it’s enabling sales, preparing for audits like SOC 2 or PCI, or helping leadership teams understand real security risk—not just checkbox compliance—I’ve been there.

I’ve led programs at companies like X (formerly Twitter), Salesforce, and Coalfire, working hands-on across GRC, third-party risk, AI-integrated compliance, and enterprise risk management. I’ve also advised some of the world’s largest companies as a consultant at EY.

What I bring isn’t just frameworks and certifications (though I have those too—CISSP, CISA, CPA, AWS CCP, GCIH, CCSK). I bring practical, grounded advice based on years of working at the intersection of business, security, and trust.

I started this site to share what I’ve learned—and to help others build programs that work in the real world. Whether you're a startup preparing for your first audit, a growing company facing tough customer security reviews, or just someone trying to figure out what “good” security looks like—I’ve got you.

Things I Believe

  • Security should enable the business, not block it.

  • Compliance isn’t security—but they can work together.

  • Clear communication is just as important as technical depth.

  • Risk is everywhere—what matters is how you prioritize and act.

Outside of Work

I’m based in Florida, and when I’m not nerding out about security, I’m usually learning about something new (lately: the intersection of GRC and AI), exploring the outdoors, or figuring out how to grow pineapples in my backyard.

© 2025. All rights reserved.