Clarity. Insight. And a lot less mystery.

We have a better way of approaching cybersecurity challenges.

You may have heard that cybersecurity is complicated. Inscrutable. Precarious. Or that it’s an “IT responsibility.” That the “right technology” fixes everything. And, our favorite: that it’s all quite scary business.

Nothing could be further from the truth.

Cybersecurity is a strategy. A way of working. A process for achieving your business objectives. Once you understand how it fits into your organization’s management and culture, cybersecurity becomes a process to be embraced…a tool for greater success.

Whether you’re needing to pass an audit, protecting against malicious cyber events, or gain the confidence and agility to secure your next big opportunity, our insights and experience will improve your business.

We call it being “never not ready” – the ability to take your business where you want it to go.

Smart. Experienced. Valuable.

There’s “being in the business for X years,” and there’s being the ones who seem to get the call whenever there’s a lot on the line. That’s our Senior Team at Monarch.

We quickly assess your cybersecurity challenge, formulate a sound strategy, and help you implement the necessary changes. And we’re able to do this cost-effectively and without unnecessary disruptions to your day-to-day operations.

We also pride ourselves on our client relationships. We’re counselors, collaborators and myth-busters. We’re on top of the continuing changes in your industry. We’re responsive and supportive. And we love what we do.

Meet the Monarch Team

Jozef Kurlanski


Joe Kurlanski has over 25 years’ experience in IT and information security. He holds CISSP® and HCISPP® certifications from ISC2©, and is a Registered Practitioner (RP) and Provisional Assessor (PA) with the CMMC-AB. A veteran developer of sustainable risk management and information security programs for hospitals, banks, credit unions, and Department of Defense contractors, Joe founded Monarch Information Security Consulting in 2014 expressly to meet the unique needs of smaller businesses grappling with today’s myriad laws, regulations and data security challenges.

John Rogers

Senior Information Security Consultant

John H. Rogers, CISSP®, CMMC-RP, CMMC-PA, CMMC-PI, has been an information security professional since 2002, making the transition from his prior career as an IT Network Engineer. John has created and managed comprehensive information/cybersecurity programs in the private and public sectors; he has also served as a dedicated advisor and board committee member in the financial, healthcare and education sectors. John has performed hundreds of risk and compliance assessments for community banks, financial services organizations, state agencies, large healthcare systems, medical practices, and other large and small organizationsJohn is also a sought-after public speaker, and regularly conducts training sessions, presentations and workshop engagements nationwide to a spectrum of audiences. He is able to translate the most complex topics at any organizational level and relay the importance of each person’s role in the subject matter. 

Jim Macisso

Sales Manager

For nearly a decade, Jim has assisted a diverse array of clients across the private & public sector, including Healthcare, Finance, and DoD Contractor industries and holds a Certified Information Security Management (CISM®) certification from ISACA®. Coming from a long family history of military service, Jim is passionate about helping clients build adaptive cybersecurity programs that practically address compliance challenges and help them take it further to enable their business goals.

Brenda Paradis

Senior Information Security Consultant

With over 20 years of experience in highly regulated industries, Brenda holds CISA, CISM, and CDPSE certifications from ISACA and is a Registered Practitioner (RP) with the CMMC-AB. Brenda has worked with hundreds of small and medium-sized businesses developing information security programs that are “right-sized” for the organization. In addition to risk assessments, governance policy/process development, business continuity, and disaster recovery, Brenda provides cybersecurity training and informational sessions for all levels of the organization: from the frontline to the C-Suite to the Board of Directors. If you ask any of Brenda’s clients, they will praise her technical vulnerability translations and her ability to help identify and prioritize the cyber risks to their business.

Dr. Bianca Baker-Eck

Dr. Bianca Baker-Eck

Associate Information Security Consultant

Dr. Bianca Baker-Eck has worked as a senior researcher and project manager for the Bavarian Police Academy in Germany for security projects on a National and a European level with a focus on cyberpsychology and cybersecurity. Her doctoral work in applying and maintaining rapport and empathy in dyadic relationships, such as police interrogations, has been cited by the United Nation’s new Guidelines for Effective Interviewing released in 2021. Dr. Baker-Eck’s ability to connect with people from “both sides of the table” gives her a strong rapport both with those teams building cybersecurity programs, and those charged with auditing and assessing the effectiveness of those programs.

Patrick Cartney

Associate Information Security Consultant

Patrick has been information systems adjacent for years and recently decided to fully migrate to Information Security. Patrick holds a master’s degree in Information Technology/Cybersecurity (MSIT) from the Florida Institute of Technology, is a Registered Practitioner with the CMMC-AB, and a Certified Regulatory Vendor Program Manager (CRVPM®). His previous career in digital marketing aids in communicating, deciphering, and demystifying complex concepts & InfoSec jargon.

Your message has been successfully sent

Unable to send.

V-ISO Services

V-ISO is our most engaged and complete service offering at Monarch ISC. You select the components, and we execute an annualized program acting as an outsourced member of your internal team.

This package may include everything we offer, or any of several sets of core program components. We bundle your choices, provide privileged pricing, and schedule our year together to build the program foundations. Once the foundations are built, we move into Sustainability Mode, still providing whatever level of engagement you choose.

What’s included?

  • Unrestricted access to your advisor by email or phone for your day to day questions.
  • A monthly meeting to ensure progress is steady. We can act as leader, facilitator, secretary, and/or taskmaster, that’s up to you.
  • Process tracking beyond the monthly meeting.
  • Reporting formatted for any organizational level.
  • A senior certified information / cyber security professional with at least 20-years of experience working with financial services organizations, healthcare practices and systems, and DOD contractors.

Contact Us

Or Schedule Consultation Today

Documents, Policies & Plans

Our highly effective policies and plans are currently in-force at banks, credit unions, healthcare facilities, and DoD contractors. Our careful iterative process ensures your organization is understood before the writing begins. Your policies and plans need to express actual practices, not some templatized check-box fantasy that bears little resemblance to your unique organization.

We will work with you to create a new Information Security Program, or dramatically improve your existing program or any component to include:

  • Information Security Policy
  • Incident Response Plan
  • Security Plan(s)
  • Business Continuity/Disaster Recovery Plans
  • Vendor Management Plan
  • Pandemic Response Plan

Monarch ISC Information Security Program documents have undergone two-decades of regulatory and audit scrutiny, passed every test, and set the standard. They are the bedrock on which you will build your information security program.

Contact Us

Or Schedule Consultation Today

Cybersecurity Training

People are your weakest link. We deliver effective training to any organizational group to strengthen the whole chain, from end-users, to IT Professionals, to Board of Directors, and every level in-between. Everyone must gain awareness and develop the skills needed in their roles to make an organization resilient to adverse events and incidents.

Our live instructor-led training sessions:

  • Are customized for your organization.
  • Cover all regulatory required material, current threats, Cybercriminal profiles and processes, and of course how to defend against nearly constant attempts by the bad guys to disrupt your mission.
  • Are conducted via video conferencing and recorded for your unrestricted internal use.

Engage us to follow-up the training with phishing email test campaigns to measure the effectiveness of our training too! We’re confident you’ll see results!

BUY NOW, Contact Us or Schedule Consultation Today

Contact Us

HIPAA Compliance Assessment

You made sure your Electronic Medical Record (EMR) system was HIPAA-compliant. Did you know that is just the first step in making your practice HIPAA-compliant?

You take great care of your patients, and you know that means taking great care of your patients’ sensitive personal data, too. But complying with the federal Health Insurance Portability and Accountability Act (HIPAA) can be as complicated as some of the things you learned in medical school.

Monarch Information Security Consulting understands what the law demands of you and your practice, can evaluate what you need to do to meet those expectations, and will create a customized and easy-to-understand plan for you to achieve complete HIPAA compliance and get back to caring for your patients with confidence.

Our consultants have over 40 years of experience in identifying, evaluating, and remediating HIPAA compliance. We take the time to get to know you and your organization, and we create a comprehensive map of your entire data flow. We pinpoint your vulnerabilities and infractions, we provide a smart, straightforward plan to achieve sustainable, HIPAA compliant data security, and we stand by you and our work in the event of an audit.

Contact Us

FFIEC CAT Assessment

The FFIEC Cybersecurity Assessment Tool measures the maturity of your financial institution’s information security program. The tool helps define your current inherent risk profile and assess your compliance status across the security domains. 

It can be a daunting exercise to complete.

We can help!

Our experts work with your team to complete the assessment and document any gaps in compliance. We will build a timeline for remediation, and can assist with training, risk assessments, policy building, business continuity exercises, board reporting, and more. Our work will fill the gaps and increase your maturity level. 

Contact Us

CMMC Assessment

The Cybersecurity Maturity Model Certification (CMMC) has been released!

The certification will be required for all Department of Defense contractors AND sub-contractors. Audits will begin in 2020. The audit timelines and the list of approved auditors have not been released.

Special Note: DoD Guidance for self-assessment scoring has been updated! You will need to provide your self-assessment (Basic) of the NIST 800-171 guidance to the Supplier Performance Risk System (SPRS). The system is online NOW! Do you know your score?

NOW is the time to start the certification process, so contact us for a free consultation.
For many organizations this is a strange new world. Data security requirements have been in place for banks, merchants accepting credit cards, and healthcare organizations, but never have manufacturers and other government contractors with unclassified information faced this type of scrutiny.
This can be an overwhelming amount of work.
The certification domains cover a wide variety of topics from Asset Management to System and Information Integrity. You will need to implement the correct controls, write the appropriate policies, and keep track of your compliance activities in preparation of an audit. Failure to be certified will mean thousands, or millions, of dollars in lost government contracts.

Monarch ISC can help.

Schedule Consultation