Decades inside CIA, NSA, and the Pentagon. Years helping organizations who don't have those budgets. That gap is the problem we solve.
When you have massive resources, it's easy to dictate "minimum requirements." But what if you don't?
For twenty years, Pat worked inside the organizations that set the standards - NSA, Pentagon, NATO. These environments had unlimited budgets, dedicated teams, and security as mission-critical.
Meanwhile, Roger and David spent over a decade consulting with companies in the real world - organizations that had to make tradeoffs, prioritize investments, and justify every dollar spent on security.
The disconnect was obvious: the DoD and Intelligence Community create "standards" that assume everyone has their resources. They don't.
We saw companies pay $500,000 for assessments that were 90% boilerplate. CISOs asking "when is it enough?" and being told "there is no enough." Executives making billion-dollar business decisions with worse data than they had for picking lunch.
The industry had confused "comprehensive" with "useful." It prioritized documentation over decisions. It treated every recommendation as equally important because it couldn't calculate what actually mattered.
We knew there had to be a better way.
Risk Aperture was born from 10+ years of consulting work and a critical insight about resource constraints.
Roger and David had accumulated 1,200+ cybersecurity recommendations across hundreds of clients. Most consultants would have filed them away. Instead, we started analyzing patterns:
Pat brought the strategic framework from two decades in government: understanding how organizations with massive budgets create standards that become impossible requirements for everyone else. The concept of a cybersecurity poverty line existed in theory - we made it operational reality.
Not perfect security (which doesn't exist). Not compliance theater. Just: defensible, strategic, and sufficient for your resources. We took an academic concept and built the math, the data structures, and the intelligence engines to actually calculate it.
Then we built the platforms to deliver it:
Former CIA, NSA, DoD, and financial sector personnel with decades protecting the most sensitive systems in the world. Roger and Pat both hold TS/SCI clearances with Full-Scope Polygraph.
Co-Founder | Former CTO, CIA Directorate of Operations
With over thirty years in IT, Roger shaped mission capabilities across CIA operations. Prior to CIA, he was a Managing Partner at Gartner, leading technology and business solutions for their global client portfolio. Roger brings unparalleled expertise in translating technical capabilities into operational impact.
Co-Founder | Corporate Operations & Risk Mitigation
David's decade running corporate operations and co-creating our proprietary assessment methodologies gives him a nuanced ability to help leaders understand and mitigate risk. He's advised internal audit teams, C-suites, and boards from midsize regional businesses to global corporations. David knows how executives actually make decisions - and what data they need to make good ones.
Co-Founder, CTO, CSO | Former Principal Cyber Advisor to SecDef
Twenty years building and securing weapon systems, space programs, and critical infrastructure at NSA and the Pentagon. Pat served as Technical Director for Weapons & Space Cybersecurity at NSA and Principal Cyber Advisor to the Secretary of Defense, advising the White House and National Security Council on national cyber policy. He saw firsthand how unlimited budgets create unrealistic "minimum standards" - and brings that strategic insight to organizations operating in the real world.
Chief Information Security Officer
Jennifer specializes in cybersecurity for emerging technologies and critical infrastructure. She's a founding member of the National AI and Cybersecurity ISAO, serves on the Forbes Technology Council, and volunteers as a cybersecurity specialist for the USMC Cyber Auxiliary. In 2024, she was named one of the global top 50 Information Security Professionals and recognized as a NYS Assembly Woman of Distinction. Jennifer ensures our platforms stay ahead of emerging threats.
Risk Aperture exists to solve three fundamental problems in cybersecurity:
Organizations get generic recommendations that don't account for their specific threats, budget, or risk tolerance. We provide intelligence that's calibrated to your reality - not to DoD's reality.
Security spending has no natural ceiling when you follow government-created standards. We calculate your poverty line - the minimum viable security posture for your resources - so you know when you're above water versus when you're just buying expensive peace of mind.
Executives need to make investment decisions with incomplete information. We translate technical risk into business language and ROI calculations that board members can actually use - not compliance checklists that assume unlimited budgets.
If you're tired of assessments that assume you have Pentagon-level resources, let's talk.