Enterprise Security.
SMB Friendly.
25+ years of cybersecurity expertise powering scalable products and strategic consulting. From security awareness to incident readiness to Virtual CISO (vCISO) services.
Why Anchor
Four things that separate working with us from hiring another security vendor.
Practitioner, not just consultant
Jonathan has led SOC 1 and SOC 2 programs as Director of GRC at Kevel, and performed third-party vendor reviews aligned to ISO 27001 at other organizations. He's built real compliance programs — not just advised on them.
Enterprise expertise, SMB cost structure
25+ years in Director-level security roles at enterprise organizations. Priced and scoped for companies without a dedicated security team.
Products + consulting in one shop
BitDrip for AI data loss prevention. TL;CR for CPE tracking. Tools built because the problem was real — and still maintained by the same person doing your consulting.
Published, verifiable expertise
8-part NIST CSF series. Active security blog with 85+ articles. Transparent credentials: CISSP, CISM, CCSP, GRCP. Nothing behind a sales wall.
Consulting Services
When you need expert guidance beyond our products, our consulting services deliver strategic security leadership tailored to your organization.
Jonathan Carpenter
25+ years of cybersecurity experience across Director of GRC, Director of Information Security, Principal GRC Analyst, and Lead Security Engineer roles.
The Anchor Platform
Security products built by practitioners, for practitioners.
BitDrip↗
Self-hosted AI data loss prevention. Blocks employees from sending patient records, API keys, source code, and PII to ChatGPT, Claude, Gemini, and 12+ other AI tools — in real time, at the network level. Runs entirely in your infrastructure.
- Network-level proxy — blocks browsers & CLI tools
- 15+ detection categories (PII, PHI, credentials)
- 6 compliance frameworks (HIPAA, SOC 2, GDPR…)
- Self-hosted · zero-trust · free Community tier
TL;CR Portal↗
AI-powered CPE tracking for security professionals. 179 certifications supported.
- AI document extraction
- Deadline reminders
- Compliance reports
Who We Work With
If any of these describe your situation, we should talk.
You're a SaaS company with enterprise customers asking for SOC 2 before signing contracts
You're a healthcare organization with HIPAA obligations and no dedicated compliance officer
You're building your first formal security program and don't know where to start
You need CISO-level security leadership but can't justify a full-time hire
You're preparing for government contracts that require NIST CSF alignment
You've had a security incident and need a structured response and prevention plan
Industries We Serve
From the Blog
Practical security guidance for SMBs.
Free Security Tools for Small Businesses: A Practical Guide
Strong cybersecurity doesn't require enterprise budgets. Here are proven free and open-source tools that professional security teams actually use.
Malvertising: The Threat Hiding in Your Google Search Results
That top search result for 'download Slack' might be malware. Here's how malvertising works and why it's catching even careful users.
Linux Server Security: A Practical Toolkit for Small Teams
You don't need enterprise security tools to protect Linux systems. Here's a free toolkit that actually works.
Client Work
A sample of recent engagements. Additional references available on request.
SOC 1 Type 1 Readiness
A payments-adjacent FinTech startup needed SOC 1 Type 1 readiness to satisfy enterprise customer due diligence. No formal compliance program existed at the start of the engagement.
Delivered a complete readiness package in six weeks: stakeholder interviews across six departments, a COSO 2013-aligned gap analysis, 20 finalized control policies, a visual gap summary for executive leadership, and a remediation tracker. Engagement concluded with a formal written confirmation from the client that all deliverables met scope.
Third-Party Vendor Risk Assessments
Engaged as a security subcontractor to support a consulting firm's vendor risk program. Conducted ISO 27001-aligned third-party vendor risk assessments across multiple vendors, including review of security documentation, compliance posture, and risk rating.
NIST CSF & Cloud Security Assessment
Performed a NIST Cybersecurity Framework alignment review and AWS cloud security assessment across multiple production environments for a large media platform. Delivered gap analysis findings to executive leadership with a prioritized remediation roadmap.
“Anchor Cyber Security delivered a complete SOC 1 Type 1 readiness package — 20 control policies, COSO-aligned gap analysis, and full readiness binder — in under six weeks. Jonathan was professional, thorough, and made a complex process manageable.”
Ready to build a security program that actually holds up?
Schedule a free consultation. No sales pitch — just a direct conversation about your specific situation.