Working directly with engineering teams, product leads, and executives to build privacy and security controls that actually function in your environment.
These services are designed for small-to-medium technology companies building software products and platforms. The work is operational, not advisory-only.
No checkbox compliance. No 200-page reports that sit on a shelf. The output is working controls, trained teams, and governance that keeps up with product velocity.
Flexible, expert advice when you need it. Ross assists your appointed Privacy Officer with implementation or advisory. Book hourly support across a range of topics to support privacy in your tech company. From roadmapping, program development, and policy changes, to problem-solving specific, deep technical issues, Ross is there for you and your team.
Cut through the noise around AI adoption by building governance frameworks that are actually usable — covering policy development, acceptable use, shadow AI prevention, risk assessment, and the accountability structures needed to keep teams moving without flying blind.
Meet your annual training requirements for all staff in a fun, interactive, and tasty way. Ross facilitates regular short-form Learning Lunches for your teams where privacy is covered in a way that is relatable and moves the needle for specific roles. Tailored for your company, these are must-have sessions for awareness.
Ross comes on board as a senior privacy engineer who joins your team part-time to design and run practical data protection. Data flows and risks are mapped, legal rules are turned into technical designs, privacy-by-design patterns are set (data minimisation, pseudonymisation, limited access), and automated controls are built for consent, retention, and data subject rights. Delivered as a predictable monthly service, it boosts compliance, supports existing teams, cuts the need for expensive hires, and keeps engineering, product, and legal aligned with auditable privacy practices.
Ensure your tech company gains complete visibility into its threat landscape with an organisation-wide risk assessment aligned to NIST or customised to your operational realities. Assets are mapped, gaps identified, impact quantified, and remediation prioritised so executives and engineers can make informed, timely decisions. The result is a single, actionable view of risk that drives consistent governance, improves incident response, supports compliance, and focuses scarce resources on the highest-return controls.
Assessing SDLC maturity against OWASP SAMM alongside privacy-specific controls delivers a comprehensive view of privsec across the development lifecycle. By mapping your controls to SAMM’s domains, assigning maturity levels, and using evidence-based metrics (percentage of projects with completed DPIAs, automated data-flow inventories, frequency of privacy unit tests), you gain actionable insights into gaps, remediation priorities, and cross-functional accountability.
Performing and facilitating threat assessments using LINDDUN and PLOT4AI gives your product team a rapid, cost-effective, and practical insight into the risks you face in terms of data privacy and AI implementation. If you only start risk assessment once you go to code, you’re already too late.
Need to hit a more detailed training requirement or project milestone? Ross provides interactive training on privacy and security to all staff, or specific teams such as development, security, customer service, and more. Ranges from high-level awareness to deeply detailed Privacy Officer training and everything in between.
Ross works across Canadian, US, and international privacy and security frameworks. The work is always grounded in operational reality — not just the letter of the law.
Ross is not a lawyer and does not provide legal advice.
A discovery call takes 30 minutes and gives you a clear picture of where the work starts.