Meet the Expert Behind Anchor Cyber Security

The Story Behind Anchor Cyber Security

“I started Anchor Cyber Security because I’ve seen too many small and midsize businesses struggle with cybersecurity challenges that shouldn’t be overwhelming when you have the right expertise on your side.”

— Jonathan Carpenter, Founder & Principal Consultant

From Systems Administrator to Cybersecurity Leader

Jonathan’s journey in cybersecurity began over 25 years ago as a Linux systems administrator. Since then, he has held critical roles, including Director of GRC, Principal GRC Analyst, Lead Security Engineer, and Director of Information Security. With experience in startups, healthcare, SaaS, and finance, Jonathan brings both deep technical knowledge and strategic leadership to every engagement.

Why Anchor Exists

Small and midsize businesses face the same cyber threats as large enterprises—but often without the budget, staff, or specialized expertise to respond effectively. Anchor Cyber Security was founded to bridge that gap.

Too often, growing organizations are left to choose between expensive consulting firms or navigating compliance and cybersecurity on their own. Anchor was created to offer a third option: practical, expert-led cybersecurity support tailored to real-world business needs.

Our mission is simple—make enterprise-grade security accessible to the organizations that need it most. Whether you’re preparing for an audit, building your first security program, or managing vendor risk, Anchor provides strategic guidance grounded in experience, not complexity.

What Sets Anchor Apart

Technical Depth Meets Business Reality

We bridge the gap between technical implementation and executive strategy—aligning cybersecurity with real-world operations and goals.

Hands-On Leadership Experience

We’ve built and led security programs, not just advised them. That means better insight, stronger recommendations, and outcomes that actually work.

Industry-Specific Expertise

With a strong track record in healthcare, legal, SaaS, and financial services, Anchor delivers compliance and security programs that are relevant, sustainable, and defensible.

Core Services

• GRC Advisory Services
  ISO 27001, SOC 2, HIPAA, PCI DSS readiness, and program development

• Cybersecurity Strategy & Program Development
  Build or mature security programs aligned to your business needs, with vCISO options

• Cloud Security Advisory
  Secure AWS, Azure, and GCP environments with expert IAM, config review, and compliance mapping

• Data Privacy and Protection
  Actionable guidance for HIPAA, GDPR, and CCPA compliance

• IT & Cybersecurity Assessments
  Risk assessments, gap analysis, and audit preparation (SOC 2, HIPAA, etc.)

• Security Awareness Training
  Custom employee training and phishing simulations to build a culture of security

• Third-Party Vendor Risk Review
  Supply chain risk assessments and vendor security evaluations

Client Success Stories

Over the years, Anchor Cyber Security has helped organizations across industries strengthen their security posture, prepare for audits, and build sustainable compliance programs. Here are a few examples of recent success:

NIST CSF & AWS Security Gap Assessment

Challenge: A growing technology firm needed a comprehensive security review of its AWS production infrastructure.
Solution: Conducted a gap assessment aligned to NIST Cybersecurity Framework and AWS Security Best Practices. Findings covered IAM, EC2, S3, security awareness training, and logging.
Impact: Delivered actionable recommendations prioritized by severity, enabling the organization to improve visibility, reduce exposure, and plan a roadmap for remediation.

SOC 1 Type 1 Readiness for a Financial SaaS Company

Challenge: The client required assistance in preparing for a SOC 1 Type 1 audit and aligning controls with COSO and ITGC standards.
Solution: Led a complete readiness assessment and developed supporting documentation, including finalized control policies, gap analysis, and remediation plans.
Impact: Equipped the organization with everything needed to move forward with a formal audit confidently.

SOC 2 Type II Program Support (Multi-Year)

Challenge: A software firm needed to establish and maintain SOC 2 Type II compliance over multiple audit cycles.
Solution: Helped build the program from the ground up, including risk assessments, policy development, evidence collection, and audit support over a 3-year span.
Impact: Enabled the company to achieve and sustain SOC 2 compliance, supporting their growth and client acquisition.

ISO/SOC/PCI Process Maturity for Existing Compliance Programs

Challenge: Several organizations had existing compliance certifications but lacked well-defined processes and documentation.
Solution: Worked collaboratively with internal teams to refine workflows, standardize documentation, and improve audit readiness.
Impact: Strengthened internal controls, reduced audit friction, and improved team confidence in maintaining compliance.

Certifications & Credentials

Jonathan holds 15+ industry-recognized certifications, including:

• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• CCSP – Certified Cloud Security Professional
• GRCP – OCEG GRC Professional
• Security+, Linux+, Project+, CSM, CIW, Cisco CCNA+Security, and more

These represent both broad and deep expertise across governance, cloud security, risk management, technical architecture, and leadership.

Industries We Serve

• Healthcare – HIPAA, medical device security, compliance audits
• Legal Services – Data privacy, privilege protection, policy design
• SaaS & Tech – SOC 2 readiness, DevSecOps, secure cloud deployment
• Financial Services – Regulatory compliance, risk reduction, security architecture

Our Approach: The Anchor Method

1. Listen First – Understand your goals, environment, and pain points
2. Assess Thoroughly – Identify gaps using proven frameworks
3. Plan Strategically – Build a roadmap tailored to your business
4. Implement Practically – Realistic solutions that fit your team and budget
5. Monitor Continuously – Keep your posture strong over time
6. Evolve Together – Adapt security as your business grows

Why Businesses Trust Anchor

• Deep Experience – 25+ years in cybersecurity and IT across critical roles
• Straightforward Solutions – No jargon. No upselling. Just what works
• Remote-First Flexibility – Serving clients across Maine, New England, and the U.S.
• Ongoing Partnership – Security is a journey—we’re in it with you

Ready to Strengthen Your Cybersecurity?

Whether you’re preparing for an audit, building a security program, or managing cloud risk, Anchor Cyber Security is here to help.

Schedule a Free Consultation →