// About

Practitioners First.
Consultants Second.

After two decades leading security programs across semiconductor manufacturing, aerospace, defense, and technology environments, the decision to consult came down to a simple observation: the organizations that need security expertise the most are consistently underserved by the firms that claim to provide it. Too expensive, too generic, too focused on deliverables over outcomes. Parallax Risk & Security exists to do it differently.

This practice is built on real operational experience — building security programs from the ground up, navigating incidents under pressure, achieving compliance certifications that actually required changing how organizations operated, managing OT and ICS environments where uptime and safety constraints are non-negotiable, and communicating all of it to boards and executive teams in terms that drive decisions. That breadth is not accidental. Security problems do not stay neatly in one domain.

We serve two distinct client tracks. For defense contractors and organizations in the Defense Industrial Base, we deliver CMMC readiness, NIST SP 800-171 compliance programs, and ITAR advisory — built around the specific obligations and threat landscape of the DIB. For commercial organizations, we provide vCISO leadership, SOC 2 and ISO 27001 readiness, security assessments, and OT security programs tailored to manufacturing environments.

Engagements are structured as partnerships, not transactions. You work directly with the person you hired — not a project manager passing work to a junior analyst. We stay close to your environment, are direct about what we find, and measure success by your outcomes, not the thickness of our report.

Defense & DIB

›CMMC Level 2 & Level 3 readiness programs

›NIST SP 800-171 compliance and SSP development

›ITAR / EAR export control compliance

›DFARS cybersecurity clause implementation

›Defense supply chain security assessments

›C3PAO audit preparation

Commercial & Enterprise

›Fractional CISO / vCISO engagements

›SOC 2 Type I & II readiness

›ISO 27001:2022 implementation

›OT / ICS security for manufacturing environments

›Semiconductor and IP-sensitive environment expertise

›Incident response planning and tabletop exercises

›Board and executive security communication

// How We Work

Radical Transparency

We tell you what we find, even when it is uncomfortable. Sugar-coating findings does not make organizations more secure — it just delays the reckoning.

Risk-Proportionate

Not every finding deserves the same urgency. We help you invest remediation effort where it reduces the most material risk to your business.

Operationally Aware

Recommendations that cannot be implemented in your environment are not recommendations — they are noise. We design for your constraints, not a theoretical ideal.

No Recurring Revenue Bias

We do not design engagements to generate follow-on work. We design them to solve the problem. If that means a shorter engagement, that is the right outcome.

// Free Resources

Security Posture Assessment

A free 30-question self-assessment mapped to CMMC, NIST CSF, ISO 27001, SOC 2, and five other frameworks. Generates a branded PDF report with domain breakdown and priority findings.

Take the assessment →

Incident Response Playbook

A practical IR quick reference covering phases, checklists, regulatory notification deadlines, communication templates, and role definitions. Works offline — installable to your home screen.

Open the playbook →

Let's talk about your program.

No pressure, no sales cycle — just a direct conversation about where you are and where you need to be.

Get in Touch

Practitioners First.Consultants Second.