Andrew Alaniz
Cybersecurity and risk leader who's spent 18+ years building security programs at Fortune 500 companies, global banks, and high-growth startups. Now helping organizations get security right through CipherNorth.
18+ Years of Experience | Founder of CipherNorth | Fortune 500 Banks | Volunteer Firefighter & EMT
People First. Everything Else Follows
I've built security programs from scratch, guided teams through regulatory exams, led incident response in real world events, and helped explain cybersecurity to business executives. If the programs and processes we put in place don't enable business, then we've failed.
I started this blog in 2017 to write honestly about what I've learned including topics like cybersecurity strategy, leadership, and career advice.
Outside of security, I'm a volunteer firefighter, EMT, and wilderness rescue operator. The fire service teaches the same principles that matter in incident response such as operating under pressure, making decisions with incomplete information, coordinating across teams that don't normally work together, and staying calm when the stakes are high.
When I'm not working, I'm outdoors and with the fam hiking, climbing, and exploring the places where cell service doesn't reach with my family.
Who I Am
What I believe
Customer success is a priority
Security should enable business, not block it
Every problem has three perspectives: business, technology, and information
Clear communication builds more trust than perfect controls
If you're not preparing, you're not ready
Consulting
Security leadership through CipherNorth
CipherNorth is a cybersecurity advisory firm built for leaders who are tired of vendors selling fear and delivering PowerPoints. We partner with you to right-size your security program, navigate audits, and prepare for what's next.
Advisory and Strategy
Fractional CISO, security program development, go-to-market advisory, and board reporting. The strategic layer your organization needs.
Operations & Response
Incident response planning, tabletop exercises, and cyber readiness. We help you prepare for the threats that keep you up at night.
Testing & Readiness
Assessments, vulnerability management, audit readiness, and AI governance. Know where you stand, then close the gaps.