Cybersecurity · Privacy · Risk Advisory

Security leadership your board
can act on — without
the full-time hire.

I'm Margaret. I work with healthcare organizations, healthtech companies, and regulated businesses across Canada and the US. Whether you're heading into an audit, navigating a new privacy regulation, or trying to figure out what AI is actually doing to your data — I help you get clear, get compliant, and stay there.

CIPM · IAPP FAIR Practitioner ISO 27001 Lead Implementer ISACA Vancouver Board
Free · No obligation
Start with a free email security scan

Free, no tools to install. Plain-language report of your security posture — delivered in 48 hours.

Get a free email security scan Book a 20-min call instead
What I do
Six ways I can help
your organization

Most of my clients come to me when they've hit a wall — an audit deadline, a new regulatory requirement, or a board that suddenly wants answers about cyber risk. Here's where I tend to be most useful.

01
Virtual CISO (vCISO)

You need a CISO. You don't need to pay for one full-time. I become your strategic security lead — owning your risk program, presenting to the board, and making sure your team knows what to do when things go sideways.

Healthcare Healthtech 50–500 employees
Monthly retainer · Project-based · Interim cover
02
Privacy & compliance audit readiness

I don't just check whether your policies exist — I find out if your operations would actually survive a regulator's questions or an enterprise client's security review. Then I help you fix it before they ask.

HIPAA PIPEDA ISO 27001 SOC 2
Gap report · Risk-ranked findings · 90-day roadmap
03
AI governance & risk assessment

Your staff are already using AI tools. Most organizations haven't assessed a single one. I help you understand what's in use, where your data is going, whose jurisdiction it's under — and what you're actually on the hook for.

AI Governance FAIR ePHI Data Residency
AI tool inventory · Data flow map · Governance policy
04
FAIR risk quantification

Traffic-light risk reports don't move boards to action. FAIR does. I translate your risk scenarios into a dollar range — the probable financial impact — so your leadership can make decisions with real numbers instead of colours.

Board Reporting Investment Decisions Due Diligence
Financial risk model · Board-ready report
05
Privacy by design implementation

Bolting privacy on after the fact is expensive and tends to break. I embed data protection into your products and processes from the start — PIAs, vendor reviews, consent gaps, data flow mapping.

GDPR PIPEDA PIPA BC HIPAA
PIA/DPIA · Vendor review · Consent framework
06
Board & executive security advisory

Boards are being held personally accountable for cybersecurity failures — but most receive technical briefings they can't evaluate. I translate risk into business language: what's the real exposure, what decisions need to be made, and what good governance actually looks like.

CEO CFO Board Medical Director
Risk reporting framework · Executive coaching · Regulatory liaison
60%
Average reduction in audit findings across GDPR, HIPAA & SOC 2 programs
100%
SOC 2 & privacy audit readiness across 8 UBC academic departments
70+
PIAs & DPIAs conducted embedding privacy-by-design across healthcare & finance
Who I work with
You're probably a fit if...

I do my best work with organizations that are moving fast, dealing with sensitive data, and need someone who speaks both security and business.

Healthcare Providers
Clinic groups, diagnostic centres, long-term care — BC & Canada
Healthtech Companies
Scaling 50–500 employees, Series A–C, US & Canada
Public Sector
BC government, education, public health authorities
Financial Services
Fintech, credit unions, regulated financial institutions
Organizations in Transition
Post-funding, pre-audit, new leadership, or regulatory pressure