Atlas Cyber Solutions
Independent Cybersecurity Advisor

Joshua Caldwell

CISSP CISM CRISC CCSP GSLC AAISM ISO 27001 Lead Auditor

Senior cybersecurity leader with over a decade of experience across enterprise security operations, GRC, cyber threat intelligence, risk management, vulnerability management, and incident response. I help organizations build resilient, tailored security programs without the overhead of a full-time CISO.

Serving small and mid-sized businesses, nonprofits, and startups that desire enterprise-quality security guidance.

Get in Touch → View Services
What I Do

Advisory & Consulting Services

Practical, outcome-focused engagements tailored to your organization's size, risk profile, and maturity level.

GRC Advisory & Consulting

Governance, risk, and compliance program development. Control frameworks, policy libraries, risk register design, and preparedness centered in NIST RMF, NIST CSF, ISO 27001, CMMC, and more.

Cybersecurity Strategy

Executive-level strategic guidance for aligning security investments to business objectives. Budgeting, prioritization, and board-ready communication of cyber risk posture.

Security Program Development

Building or maturing a security program from the ground up; people, process, and technology. Policies, procedures, organizational structure, and operating models.

Cyber Threat Intelligence

CTI program design to include identification of threat actors targeting your industry, intelligence lifecycle management, integration with SOC and IR operations, tailoring the goals of the program to align with business needs, and more.

Incident Response Advisory

IR plan development, tabletop exercise facilitation, playbook design, and post-incident review. Preparation before, and guidance through, a security event.

Current State Review & Roadmap

Structured assessment of your current security posture against a target framework, with a prioritized, practical roadmap for improvement tied to business risk.

Vendor & Tools Analysis

Independent evaluation of security products and vendors. RFP support, proof-of-concept criteria, tool stack rationalization, and unbiased recommendations free of vendor relationships.

Vulnerability Management

Program design and maturation for vulnerability identification, prioritization, and remediation. Scanning strategy, risk-based prioritization frameworks, SLA development, and integration with broader risk and patch management operations.

Human Risk Management & Resilience

People are both the greatest risk and the strongest defense. Advisory on security awareness programs, phishing simulation strategy, insider threat frameworks, behavioral risk indicators, and building a security culture that actually sticks.

Small Business Point-in-Time Security Review

A focused, point-in-time security review designed specifically for small and mid-sized businesses. You'll receive a clear, prioritized set of actionable recommendations for building cost-effective resilience. No jargon, no vendor upsells, just honest guidance. Ideal for organizations that need expert eyes but don't have a dedicated security team.

Featured Engagements

Where Organizations Start

Curated engagements for organizations ready to take a focused step forward.

About

Experienced. Independent. Practical.

Joshua Caldwell

Joshua Caldwell

Independent Cybersecurity Advisor

I'm a senior cybersecurity professional with over a decade of hands-on experience building and leading security programs in complex enterprise environments. My career spans security operations, incident response, cyber threat intelligence, GRC, vulnerability management, AI security, risk management, and insider threat analytics.

Through Atlas Cyber Solutions, I make that enterprise-level expertise accessible to organizations that deserve serious security guidance without the cost of a full-time senior hire or the inefficiency of a large consulting engagement. Whether you're a growing mid-market company, a small business building your security foundation, or an established organization with a specific challenge to solve, I'm here to help you mature your security posture in a way that actually fits your organization.

I'm also active in the professional community as a member of the ISACA CISM Certification Working Group Advisory Board and the GIAC Advisory Board, and I mentor the next generation of security professionals through ISACA. I welcome inquiries from organizations seeking an experienced cybersecurity practitioner for board or advisory committee roles.

Credentials
CISSP
Certified Information Systems Security Professional
CISM
Certified Information Security Manager
CRISC
Certified in Risk and Information Systems Control
CCSP
Certified Cloud Security Professional
GSLC
GIAC Security Leadership Certification
AAISM
Advanced in Artificial Intelligence Security Management
ISO
ISO 27001 Lead Auditor — Mastermind Certified
Get in Touch

Ready to Talk?

Whether you're evaluating a specific need or just want a candid conversation about your security posture, I'm happy to connect.

Proudly serving small and mid-sized businesses, nonprofits, and startups.

Available for new engagements
[email protected]

(571) 989-2724

Schedule a Consultation →
LinkedIn ↗ Atlas LinkedIn ↗ Send Email →