SMB owner
Get a plain-language security audit of your small business.
Plain-language audit of your actual posture, with a prioritized remediation plan your team or vendor can execute.
> 00 the practice
What you already know Your team is using AI without real oversight. Your security posture has never been written down. Both gaps compound.
One advisor. Security, AI, and the discipline to run both.
One advisor working with one customer at a time. Security, AI governance, and the Intent discipline that keeps both honest. Delivered by David Borden under a single-retainer cap.
1 available retainer slot first-review lead time two weeks
> 01 who this is for
Four problems we close.
Sole proprietor
Put AI to work as a sole proprietor without it going sideways.
Structured fluency across modern AI platforms. Intent first, guardrails before scale, reviewable artifacts.
Small team
Get your small team off reused passwords and onto a real credential foundation.
Password managers, MFA, Passkeys, and credential automation. A running foundation your team owns and operates.
Exec
Get your AI use-case past outside counsel without three rewrites.
NIST AI RMF and ISO 42001-literate posture. Named intent per use-case, guardrails before scale, written risk register.
> 02 also in scope
Two more we close.
Named outcomes. Each is delivered by a specific engagement shape.
Ship a SOC 2 Type I in twelve weeks.
A structured program that moves an unprepared team from informal controls to audit-ready: gap list, drafted policies, control owners named, and a calendar the team can ship on.
Automate the busywork your team keeps redoing by hand.
AI-assisted productivity automation across Google Workspace, Microsoft 365, and iCloud. Structured data and a process the team can operate. Running automations the client owns after the program ends, not a deck of ideas.
> 03 practice area
Security & Compliance
SMB security audits. Security Leadership on Retainer. SOC 2 Readiness Enablement. Credential and Identity Foundation. Zero Trust applied proportionally.
See the Security practice> 04 practice area
AI Practice
AI risk assessment, AI adoption enablement, AI-augmented productivity automation, and data organization. Intent first, guardrails before scale, systems the client owns and operates.
See the AI practice> 05 practice area
Intent Engineering
The discipline of clear outcomes, explicit constraints, real guardrails, and verifiable results. The methodology underneath the AI Practice offerings.
Read the methodology> 06 engagement shapes
Four shapes, one operating model.
- 01 Advisor on Retainerretainer · 1 at a time
Strategic partnership over quarters, one customer at a time, structured cadence.
- 02 Readiness Reviewscoped · 1 week
A single scoped engagement producing a prioritized plan.
- 03 Intent Engineering Workshopsession · on request
A working session that turns ambiguity into operational intent.
- 04 Enablement Programprogram · on request
Training plus artifact production for teams adopting AI or pursuing SOC 2.
Frameworks this practice speaks fluently.
Not a logo wall. The advisor works these frameworks as a daily practice: policy, control mapping, audit posture, governance.
SOC 2
Type I & II
ISO 27001
2022
NIST CSF
2.0
NIST AI RMF
1.0
ISO 42001
AI mgmt
GDPR
EU
HIPAA
U.S.
Personal track record
These are David's career outcomes, not Forge & Ward client work.
- SOC 2 Type II shipped from zero at PKWARE and Fusion Anesthesia
- HIPAA compliance program at Fusion Anesthesia
- PCI program + cardholder-data descoping at National Business Furniture
- Trust Center published at trust.pkware.com
- Certifications AWS Certified Solutions Architect, Anthropic (5), Vanderbilt Claude Code, (ISC)² Certified in Cybersecurity
- Public writing JARVIS-Drops series on LinkedIn and X