About Jonathan Thompson #
I’m Jonathan Thompson, founder of Thompson InfoSec. I run a boutique virtual CISO practice and security assessments for growing B2B SaaS companies: the kind that have outgrown ad-hoc security but aren’t ready for a full-time CISO.
I spent more than two decades in the trenches before going independent: network engineering, DevOps, then cloud security architecture and security leadership. My background runs across cloud-native startups, medtech, and national nonprofits, so I’ve seen how security plays out in fast-moving environments and regulated ones alike.
I’m a practitioner, not a policy wonk. I’m comfortable on the command line and speak fluent engineer, and I can turn what I find into risk language an executive team and a board can act on. That bridge between the technical and the business side is most of the job.
I hold myself to a high standard: honest assessments, recommend only what actually moves the needle, and treat every client’s environment like it’s my own.
Education & Certifications #
B.S. and M.S. in Cybersecurity and Information Assurance, plus industry certifications including the CISSP, CISM, OSCP, and Certified vCISO.
About Thompson InfoSec #
Thompson InfoSec is a boutique practice, not a staffing firm or a software platform. Every engagement is me. I assess your risk, build the strategy, and help you make smart decisions about what to fix. Your team or MSP handles the implementation.
Whether you need a one-time security assessment, help preparing for ISO 27001 or SOC 2, or an ongoing virtual CISO to lead your security program, you work with one accountable person from start to finish.