David Frier -- Independent Fractional CISO

Rochester Information Security, LLC

Practical security leadership for organizations navigating compliance, customer security expectations, and real operational risk.

If someone suggested you speak with me, you’re probably dealing with security becoming a business issue rather than a technical one. Feel free to book a quick meeting now.

When Organizations Reach Out

Conversations often start with the following challenges:

• Customers are asking for SOC 2 or security assurance
• Security reviews are blocking or slowing sales
• Compliance efforts have become chaotic or expensive
• Security ownership inside the company is unclear
• Leadership needs experienced guidance, not more fla$hy tech

At this point, what organizations usually need is expert judgment, cost effective outside perspective, and leadership.

What I Do

I work directly with leadership teams to provide independent security guidance and program direction.

Typically this means helping organizations:

• Establish a credible security program
• Prepare for audits without unnecessary complexity
• Respond confidently to customer security reviews
• Make defensible risk decisions
• Align security expectations with business reality
• Mentor other security-related staff members
  

The goal is not paperwork or frameworks.

The goal is predictable, explainable security.

How We Might Work Together

Fractional CISO

Ongoing executive security leadership without hiring a full-time CISO.

Audit & Compliance Readiness

Practical preparation for SOC 2, ISO 27001, and similar external expectations.

Security Program Development

Building governance, risk management, and sustainable security practices.

Advisory Engagements

Independent perspective when security initiatives stall or uncertainty increases.

Experience

I’ve spent 20+ years working inside organizations building and leading security and governance programs.

That experience includes:

• Owning audit outcomes
• Building security programs from incomplete starting points
• Working with executives, engineers, auditors, and customers
• Helping organizations move from reactive compliance to sustainable security

Security decisions are rarely just technical problems.

They are leadership decisions.

Framework Alignment

Organizations I support commonly align with:

SOC 2 • ISO 27001 • SOX • NIST Frameworks • CIS Critical Security Controls • HIPAA • and more

Remember that frameworks are, by design, tools used to support credible security programs. There's nothing magical about them on their own. Together, we'll formulate a solid security program and also attain any framework compliance or certification that business needs justify.

A Note on Independence

I operate independently. I do not resell products or implementation services. My recommendations are based solely on risk, organizational context, and long-term sustainability.

Start a Conversation

Most engagements begin with a straightforward discussion about your current situation and what you're trying to accomplish.

If you were referred here, feel free to reach out directly.

Contact: Multiple ways to reach out and take this conversation further

Book a quick meeting now.

Connect and message me on LinkedIn

Email to webcontact@rocinfosec.com

SMS/Text or Voicemail to +1-585-563-9595.
Responses to email or text will be pleasingly prompt during waking hours, Eastern time.

About me

You get me, not a company with me as a figurehead. In addition to a security leader and advisor, I'm a Tolkien nerd, a slow rider of a Trek hybrid, an Orioles and Cubs fan, and a happy, if average, poker player.

I am a lifelong learner, and I went ahead and picked up a few "trophies" for that along the way in the form of certifications: CISM, CISSP, RIMS-CRMP, CRISC, C)HISSP....

Oh, and I like pistachio nuts.

My CV, if you're interested. Full of all the gory details.