David Frier,
Independent Fractional/Virtual CISO

incorporated as

Rochester Information Security, LLC

Practical security leadership for organizations navigating compliance, customer security expectations, and real operational risk.

If someone suggested you speak with me, you’re probably dealing with security becoming a business issue rather than a technical one.

When Organizations Reach Out

Most conversations start when something has changed:

• Customers are asking for SOC 2 or security assurance
• Security reviews are blocking or slowing sales
• Compliance efforts have become chaotic or expensive
• Security ownership inside the company is unclear
• Leadership needs experienced guidance, not more tooling

At this point, what organizations usually need is judgment and leadership.

What I Do

I work directly with leadership teams to provide independent security guidance and program direction.

Typically this means helping organizations:

• Establish a credible security program
• Prepare for audits without unnecessary complexity
• Respond confidently to customer security reviews
• Make defensible risk decisions
• Align security expectations with business reality

The goal is not paperwork or frameworks.

The goal is predictable, explainable security.

How We Might Work Together

Fractional CISO

Ongoing executive security leadership without hiring a full-time CISO.

Audit & Compliance Readiness

Practical preparation for SOC 2, ISO 27001, and similar external expectations.

Security Program Development

Building governance, risk management, and sustainable security practices.

Advisory Engagements

Independent perspective when security initiatives stall or uncertainty increases.

Experience

I’ve spent decades working inside organizations building and leading security and governance programs.

That experience includes:

• owning audit outcomes
• building security programs from incomplete starting points
• working with executives, engineers, auditors, and customers
• helping organizations move from reactive compliance to sustainable security

Security decisions are rarely just technical problems.

They are leadership decisions.

Framework Alignment

Organizations I support commonly align with:

SOC 2 • ISO 27001 • NIST Cybersecurity Framework • CIS Critical Security Controls • HIPAA

But frameworks are merely tools used to support credible security programs. They have no intrinsic value apart from that.

A Note on Independence

I operate independently. I do not resell products or implementation services. My recommendations are based solely on risk, organizational context, and long-term sustainability.

Start a Conversation

Most engagements begin with a straightforward discussion about your current situation and what you're trying to accomplish.

If you were referred here, feel free to reach out directly.

Contact: Multiple ways to reach out and take this conversation further

SMS/Text or Voicemail to +1-585-563-9595. Response will be pleasingly prompt.

Email to webcontact@rocinfosec.com

Connect and message me on LinkedIn

About me

You get me, not a company with me as a figurehead. In addition to a security leader and advisor, I'm a Tolkien nerd, a slow rider of a Trek hybrid, an Orioles and Cubs fan, and a happy, if average, poker player.

Oh, and I like pistachio nuts.

My CV, if you're interested. Full of gory details.