Founding Member - $49/mo, rate locked in. 100 spots remaining

Veteran Owned & Operated

💚 25% of Net Revenue to Charity

Claim Founder Spot →

Founding Member - $49/mo locked in.

100 spots remaining

Veteran Owned & Operated

💚 25% of Net Revenue to Charity

Built by Someone

Who's Seen

What Happens
When You're

Not Ready.

For 25 years I built security programs for the DoD, Fortune 500, and everything in between; helping organizations defend against organized criminals and nation-state-level attackers.

What I couldn't find anywhere was something built for the small business owner trying to keep a 12-person operation running without an IT department or a consultant's budget. So I built it.

SecurityX — CompTIA's Highest

GSTRT — GIAC Strategic Leadership

U.S. Navy Veteran

📰 31337 InfoSec · Cyber Threat Weekly · 2+ Yrs

Derek Krein

Built by Someone

Who's Seen

What Happens
When You're

Not Ready.

For 25 years I built security programs for the DoD, Fortune 500, and everything in between; helping organizations defend against organized criminals and nation-state-level attackers.

What I couldn't find anywhere was something built for the small business owner trying to keep a 12-person operation running without an IT department or a consultant's budget. So I built it.

Derek Krein

SecurityX — CompTIA's Highest

GSTRT — GIAC Strategic Leadership

U.S. Navy Veteran

📰 31337 InfoSec · Cyber Threat Weekly · 2+ Yrs

Built by Someone

Who's Seen

What Happens
When You're

Not Ready.

For 25 years I built security programs for the DoD, Fortune 500, and everything in between; helping organizations defend against some of the most sophisticated attacks in the world.

What I couldn't find anywhere was something built for the small business owner trying to keep a 12-person operation running without an IT department or a consultant's budget. So I built it.

Derek Krein

SecurityX — CompTIA's Highest

GSTRT — GIAC Strategic Leadership

U.S. Navy Veteran

📰 31337 InfoSec · Cyber Threat Weekly · 2+ Yrs

25 Years on the Front Lines

What Two and a Half Decades in Enterprise Security Actually Looks Like.

I've spent 25 years building and running security programs for organizations that could not afford to fail. The DoD. Defense contractors. Fortune 500 companies. Organizations operating in regulated industries where a breach isn't just expensive, it can be catastrophic.

That work taught me what actually stops attacks and what doesn't. It taught me the difference between security theater and security that works. And it taught me something the industry doesn't advertise.

Much of what enterprise security gets right costs almost nothing to implement.

Process controls. Verification procedures. Clear response protocols. These aren't enterprise secrets. They're just not packaged for business owners who don't have a security team to implement them.

Security theater is everywhere

Enterprise organizations spend millions on technology that looks impressive in a board presentation and stops almost nothing a determined attacker uses in practice. The fundamentals done correctly matter far more than the next platform.

Most attacks are not sophisticated

The overwhelming majority of successful breaches exploit basic failures: no verification process, untrained employees, missing multi-factor authentication, weak identities. Attackers take the path of least resistance. Closing that path doesn't require a ton of tools.

Implementation is where it breaks down

Organizations know what they should do. The gap is having too many tools not fully utilized and no clear documented processes their people actually follow. Fewer tools and written protocols that get fully implemented beat too many sophisticated tools not fully configured and tested, sitting in dashboards.

25 Years on the Front Lines

What Two and a Half Decades in Enterprise Security Actually Looks Like.

I've spent 25 years building and running security programs for organizations that could not afford to fail. The DoD. Defense contractors. Fortune 500 companies. Organizations operating in regulated industries where a breach isn't just expensive, it can be catastrophic.

That work taught me what actually stops attacks and what doesn't. It taught me the difference between security theater and security that works. And it taught me something the industry doesn't advertise.

Much of what enterprise security gets right costs almost nothing to implement.

Process controls. Verification procedures. Clear response protocols. These aren't enterprise secrets. They're just not packaged for business owners who don't have a security team to implement them.

Security theater is everywhere

Enterprise organizations spend millions on technology that looks impressive in a board presentation and stops almost nothing a determined attacker uses in practice. The fundamentals done correctly matter far more than the next platform.

Most attacks are not sophisticated

The overwhelming majority of successful breaches exploit basic failures: no verification process, untrained employees, missing multi-factor authentication, weak identities. Attackers take the path of least resistance. Closing that path doesn't require a ton of tools.

Implementation is where it breaks down

Organizations know what they should do. The gap is having too many tools not fully utilized and no clear documented processes their people actually follow. Fewer tools and written protocols that get fully implemented beat too many sophisticated tools not fully configured and tested, sitting in dashboards.

25 Years on the Front Lines

What Two and a Half Decades in Enterprise Security Actually Looks Like.

I've spent 25 years building and running security programs for organizations that could not afford to fail. The DoD. Defense contractors. Fortune 500 companies. Organizations operating in regulated industries where a breach isn't just expensive, it can be catastrophic.

That work taught me what actually stops attacks and what doesn't. It taught me the difference between security theater and security that works. And it taught me something the industry doesn't advertise.

Much of what enterprise security gets right costs almost nothing to implement.

Process controls. Verification procedures. Clear response protocols. These aren't enterprise secrets. They're just not packaged for business owners who don't have a security team to implement them.

Security theater is everywhere

Enterprise organizations spend millions on technology that looks impressive in a board presentation and stops almost nothing a determined attacker uses in practice. The fundamentals done correctly matter far more than the next platform.

Most attacks are not sophisticated

The overwhelming majority of successful breaches exploit basic failures: no verification process, untrained employees, missing multi-factor authentication, weak identities. Attackers take the path of least resistance. Closing that path doesn't require a ton of tooling.

Implementation is where it breaks down

Organizations know what they should do. The gap is having too many tools not fully operationalized and no clear documented processes their people actually follow. Fewer tools and written protocols that get fully implemented beat too many sophisticated tools not fully configured and tested, sitting in dashboards.

Why This Exists

There Is No In-Between.
I Built the Thing

that Didn't Exist.

I've been tracking attacker behavior since 2014. Every year the numbers get worse. Coveware is a ransomware response firm. Coveware Q4 2025: 42.3% of businesses under 100 employees hit with ransomware. Nearly 73% under 1,000 employees. 88% of all ransomware incidents target small and midsize businesses. The average funds-transfer fraud (BEC) attack costs $123,000.

Meanwhile the industry keeps building solutions for the Fortune 500. Enterprise hardware. Enterprise software. Managed security service providers charging thousands a month. Consultants at $300–$500 an hour. Advice written for IT departments, not small business owners.

Small business owners were left to figure it out alone, or give up entirely. I couldn't find the in-between. So I built it.

Small businesses are the backbone of the American economy and the supply chain for defense contractors, utilities, healthcare, and financial services. When the smallest link gets compromised, attackers walk upstream. That's a national security issue the industry has been slow to address.

25 years of enterprise cybersecurity expertise, translated into plain-language guidance built specifically for small business owners. All the enterprise lessons learned, made accessible and affordable.

My wife and I also run a charitable foundation. Cybersecurity 4 Small Biz donates 25% of every dollar of net revenue to that foundation. Same mission: give to those who need it most.

Why This Exists

There Is No In-Between.
I Built the Thing that Didn't Exist.

I've been tracking attacker behavior since 2014. Every year the numbers get worse. Coveware is a ransomware response firm. Coveware Q4 2025: 42.3% of businesses under 100 employees hit with ransomware. Nearly 73% under 1,000 employees. 88% of all ransomware incidents target small and midsize businesses. The average funds-transfer fraud (BEC) attack costs $123,000.

Meanwhile the industry keeps building solutions for the Fortune 500. Enterprise hardware. Enterprise software. Managed security service providers charging thousands a month. Consultants at $300–$500 an hour. Advice written for IT departments, not small business owners.

Small business owners were left to figure it out alone, or give up entirely. I couldn't find the in-between. So I built it.

Small businesses are the backbone of the American economy and the supply chain for defense contractors, utilities, healthcare, and financial services. When the smallest link gets compromised, attackers walk upstream. That's a national security issue the industry has been slow to address.

25 years of enterprise cybersecurity expertise, translated into plain-language guidance built specifically for small business owners. All the enterprise lessons learned, made accessible and affordable.

My wife and I also run a charitable foundation. Cybersecurity 4 Small Biz donates 25% of every dollar of net revenue to that foundation. Same mission: give to those who need it most.

Why This Exists

There Is No In-Between.
I Built the Thing

that Didn't Exist.

I've been tracking the threat landscape since 2014. Every year the numbers get worse. Coveware is a ransomware response firm. Coveware Q4 2025: 42.3% of businesses under 100 employees hit with ransomware. Nearly 73% under 1,000 employees. 88% of all ransomware incidents target small and midsize businesses. The average BEC attack costs $123,000.

Meanwhile the industry keeps building solutions for the Fortune 500. Enterprise hardware. Enterprise software. MSSPs charging thousands a month. Consultants at $300–$500 an hour. Advice written for IT departments, not small business owners.

Small business owners were left to figure it out alone, or give up entirely. I couldn't find the in-between. So I built it.

Small businesses are the backbone of the American economy and the supply chain for larger enterprises. When they're vulnerable, everyone is vulnerable. This isn't just a business problem. It's a national security issue the industry has been dangerously slow to address.

25 years of enterprise-level expertise, translated into plain-language guidance built specifically for small business owners. All the enterprise lessons learned. Made accessible and affordable.

My wife and I also run a charitable foundation. Cybersecurity 4 Small Biz donates 25% of every dollar of net revenue to that foundation. Same mission: give to those who need it most.

Where it All Started

The Foundation

Lesson I Learned Before

Cybersecurity.

If the foundation is wrong, everything

downstream is wrong. You can't patch a bad

foundation. You have to fix it.

After my sea tour on H-46 helicopters, I moved to shore duty as a calibration technician on the VAST computer system, still in the Navy, but now ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate. The work was precise, unforgiving, and completely dependent on getting the foundation right. A calibration error didn't announce itself. It propagated silently until something downstream failed.

I carried that lesson into every security program I ever built. The most sophisticated security setup in the world fails when the fundamentals aren't in place. And the fundamentals are almost always the gap.

I say it all the time: when you build on a strong foundation, what you build is strong. When you build on a weak foundation, what you build is weak. That's true for aircraft avionics. It's true for cybersecurity. It's the reason every CS4SB module starts with the fundamentals. It's not the easy way, but fundamentals done with excellence stop most threats cold.

U.S. Navy Service

Operations: H-46 helicopters - Desert Shield, Desert Storm, and a tour after. Then shore duty: VAST calibration technician, F-14 avionics

Role: Shore duty - calibration technician, VAST computer system, F-14 avionics testing

Lessons learned: Precision matters. Foundations matter. Hope is not a strategy.

I served during Desert Shield and Desert Storm. That experience shaped how I approach problems: methodically, with a clear understanding of what's at stake, and without the luxury of hoping things work out.

The Navy teaches you that preparation isn't optional. When lives are on the line, there's not a lot of middle ground when something goes wrong.

Hope is not a strategy. I've applied that hard lesson learned to cybersecurity for 25 years.

Where it All Started

The Foundation

Lesson I Learned Before

Cybersecurity.

If the foundation is wrong, everything

downstream is wrong. You can't patch a bad

foundation. You have to fix it.

After my sea tour on H-46 helicopters, I moved to shore duty as a calibration technician on the VAST computer system, still in the Navy, but now ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate.

The work was precise, unforgiving, and completely dependent on getting the foundation right. A calibration error didn't announce itself. It propagated silently until something downstream failed.

I carried that lesson into every security program I ever built. The most sophisticated security setup in the world fails when the fundamentals aren't in place. And the fundamentals are almost always the gap.

I say it all the time: when you build on a strong foundation, what you build is strong. When you build on a weak foundation, what you build is weak. That's true for aircraft avionics. It's true for cybersecurity.

It's the reason every CS4SB module starts with the fundamentals. It's not the easy way, but fundamentals done with excellence stop most threats cold.

U.S. Navy Service

Operations: H-46 helicopters - Desert Shield, Desert Storm, and a tour after. Then shore duty: VAST calibration technician, F-14 avionics

Role: Shore duty - calibration technician, VAST computer system, F-14 avionics testing

Lessons learned: Precision matters. Foundations matter. Hope is not a strategy.

I served during Desert Shield and Desert Storm. That experience shaped how I approach problems: methodically, with a clear understanding of what's at stake, and without the luxury of hoping things work out.

The Navy teaches you that preparation isn't optional. When lives are on the line, there's not a lot of middle ground when something goes wrong.

Hope is not a strategy. I've applied that hard lesson learned to cybersecurity for 25 years.

Where it All Started

The Foundation

Lesson I Learned Before

Cybersecurity.

If the foundation is wrong, everything

downstream is wrong. You can't patch a bad

foundation. You have to fix it.

After my sea tour on H-46 helicopters, I moved to shore duty as a calibration technician on the VAST computer system, still in the Navy, but now ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate. The work was precise, unforgiving, and completely dependent on getting the foundation right. A calibration error didn't announce itself. It propagated silently until something downstream failed.

I carried that lesson into every security program I ever built. The most sophisticated security stack in the world fails when the fundamentals aren't in place. And the fundamentals are almost always the gap.

I say it all the time: when you build on a strong foundation, what you build is strong. When you build on a weak foundation, what you build is weak. That's true for aircraft avionics. It's true for cybersecurity. It's the reason every CS4SB module starts with the fundamentals. Doesn't mean the easy way, fundamentals done with excellence stops most threats cold.

U.S. Navy Service

Operations: H-46 helicopters - Desert Shield, Desert Storm, and a tour after. Then shore duty: VAST calibration technician, F-14 avionics

Role: Shore duty - calibration technician, VAST computer system, F-14 avionics testing

Lessons learned: Precision matters. Foundations matter. Hope is not a strategy.

I served during Desert Shield and Desert Storm. That experience shaped how I approach problems: methodically, with a clear understanding of what's at stake, and without the luxury of hoping things work out.

The Navy teaches you that preparation isn't optional. When lives are on the line, there's not a lot of middle ground when something goes wrong.

Hope is not a strategy. I've applied that hard lesson learned to cybersecurity for 25 years.

The Journey

From Service

to Small Business

A career built on protecting people, in uniform and in business.

Early Career

U.S. Navy

Desert Shield, Desert Storm -

then the F-14

Advanced Avionics, Combat Operations, Calibration

Started with Advanced Avionics School, then serviced H-46 helicopters through Desert Shield, Desert Storm, and a tour after. Finished as a calibration technician on the VAST computer system, ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate. The precision required in the work, and the consequences of getting it wrong, changed me forever.

Transition

Northrop Grumman

F-14 Fighter Aircraft 'B' Upgrades

From the Flight Line to the Civilian World

After the Navy, spent several years at Northrop Grumman upgrading F-14 fighter aircraft to the newer B spec. When the F-14 program was winding down, I saw it coming. Went to school, got certified - Microsoft Certified Security Engineer (MCSE), Cisco Certified Network Associate (CCNA), and CompTIA A+. Laid off on a Monday. Raytheon had an open house that Wednesday. Walked in with the certs and a secret clearance. They asked if I'd like to do security. I said sure.

Almost like it was meant to be.

25 Years

Enterprise

Cybersecurity

DoD · Fortune 500 · Telecom ·

Financial Services

Front Lines, from the Beginning

What started as a Wednesday open house became a 25-year career on the front lines of cybersecurity. Built the Navy Marine Corps Intranet east coast Network Operations Center (NOC) from the ground up. Earned the first 3-year Authority to Operate at Joint Forces Command. Held my own consultancy doing special programs for the DoD. Built security programs across telecom, financial services, and more. Helping the Fortune 500 and smaller entities secure their organizations.

Ongoing 2+ Years

31337 InfoSec

Cyber Threat Weekly

Weekly Threat Intelligence for the Security Community

Started publishing a weekly threat intelligence newsletter tracking adversarial behavior, emerging threats, and attack trends. Written for security professionals, built an organic following in the InfoSec community with no real promotion, was just giving back. What it revealed: the intelligence existed for enterprise teams. Nothing translated it into clear action for the small businesses that needed it.

The intelligence methodology behind it drives every Pro Community briefing.

The Turning Point

The Numbers

Don't lie

Two and a Half Decades Defending Enterprise. Meanwhile...

12 years tracking how attackers operate and 2+ years publishing weekly threat intelligence for the security community made something impossible to ignore. The tools attackers use keep getting cheaper and easier to deploy. AI changed the game, what once required technical skill now requires almost none. The cost of launching an attack dropped. The volume and velocity of attacks continue to increase. And the targets paying the price aren't just the enterprises. Everyone is a target.

Especially the businesses without strong foundational security. Small businesses get hit hardest because the foundation isn't there, no verification processes, untrained employees, weak passwords, basic gaps that attackers walk straight through.

Today

Cybersecurity 4

Small Biz

Just Launched

Built for the Small Business Owner

Launched Cybersecurity 4 Small Biz to bring enterprise-level guidance to small business owners. Plain language. Practical protocols. Accessible and affordable pricing. Every module is a complete package: threat brief, protection protocol, and employee micro-training. Come build this with us.

The Journey

From Service

to Small Business

A career built on protecting people, in uniform and in business.

Early Career

U.S. Navy

Desert Shield, Desert Storm -

then the F-14

Advanced Avionics, Combat Operations, Calibration

Started with Advanced Avionics School, then serviced H-46 helicopters through Desert Shield, Desert Storm, and a tour after. Finished as a calibration technician on the VAST computer system, ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate. The precision required in the work, and the consequences of getting it wrong, changed me forever.

Transition

Northrop Grumman

F-14 Fighter Aircraft 'B' Upgrades

From the Flight Line to the Civilian World

After the Navy, spent several years at Northrop Grumman upgrading F-14 fighter aircraft to the newer B spec. When the F-14 program was winding down, I saw it coming. Went to school, got certified - Microsoft Certified Security Engineer (MCSE), Cisco Certified Network Associate (CCNA), and CompTIA A+.

Laid off on a Monday. Raytheon had an open house that Wednesday. Walked in with the certs and a secret clearance. They asked if I'd like to do security. I said sure.

Almost like it was meant to be.

25 Years

Enterprise

Cybersecurity

DoD · Fortune 500 · Telecom ·

Financial Services

Front Lines, from the Beginning

What started as a Wednesday open house became a 25-year career on the front lines of cybersecurity. Built the Navy Marine Corps Intranet east coast Network Operations Center (NOC) from the ground up.

Earned the first 3-year Authority to Operate at Joint Forces Command. Held my own consultancy doing special programs for the DoD. Built security programs across telecom, financial services, and more. Helping the Fortune 500 and smaller entities secure their organizations.

Ongoing 2+ Years

31337 InfoSec

Cyber Threat Weekly

Weekly Threat Intelligence for the Security Community

Started publishing a weekly threat intelligence newsletter tracking adversarial behavior, emerging threats, and attack trends. Written for security professionals, built an organic following in the InfoSec community with no real promotion, was just giving back.

What it revealed: the intelligence existed for enterprise teams. Nothing translated it into clear action for the small businesses that needed it.

The intelligence methodology behind it drives every Pro Community briefing.

The Turning Point

The Numbers

Don't lie

Two and a Half Decades Defending Enterprise. Meanwhile...

12 years tracking how attackers operate and 2+ years publishing weekly threat intelligence for the security community made something impossible to ignore. The tools attackers use keep getting cheaper and easier to deploy.

AI changed the game, what once required technical skill now requires almost none. The cost of launching an attack dropped. The volume and velocity of attacks continue to increase. And the targets paying the price aren't just the enterprises. Everyone is a target.

Especially the businesses without strong foundational security. Small businesses get hit hardest because the foundation isn't there, no verification processes, untrained employees, weak passwords, basic gaps that attackers walk straight through.

Today

Cybersecurity 4

Small Biz

Just Launched

Built for the Small Business Owner

Launched Cybersecurity 4 Small Biz to bring enterprise-level guidance to small business owners. Plain language. Practical protocols. Accessible and affordable pricing. Every module is a complete package: threat brief, protection protocol, and employee micro-training. Come build this with us.

The Journey

From Service

to Small Business

A career built on protecting people, in uniform and in business.

Early Career

U.S. Navy

Desert Shield, Desert Storm -

then the F-14

Advanced Avionics, Combat Operations, Calibration

Started with Advanced Avionics School, then serviced H-46 helicopters through Desert Shield, Desert Storm, and a tour after. Finished as a calibration technician on the VAST computer system, ensuring the equipment that tested the computers in F-14 fighter aircraft was accurate.

The precision required in the work, and the consequences of getting it wrong, changed me forever.

Transition

Northrup Grumman

F-14 Fighter Aircraft 'B' Upgrades

From the Flight Line to the Civilian World

After the Navy, spent several years at Northrop Grumman upgrading F-14 fighter aircraft to the newer B spec. When the F-14 program was winding down, I saw it coming. Went to school, got certified - Microsoft Certified Security Engineer (MCSE), Cisco Certified Network Associate (CCNA), and CompTIA A+.

Laid off on a Monday. Raytheon had an open house that Wednesday. Walked in with the certs and a secret clearance. They asked if I'd like to do security. I said sure.

Almost like it was meant to be.

25 Years

Enterprise

Cybersecurity

DoD · Fortune 500 · Telecom ·

Financial Services

Front Lines, from the Beginning

What started as a Wednesday open house became a 25-year career on the front lines of cybersecurity. Built the Navy Marine Corps Intranet east coast Network Operations Center (NOC) from the ground up. Earned the first 3-year Authority to Operate at Joint Forces Command.

Held my own consultancy doing special programs for the DoD. Built security programs across telecom, financial services, and more. Helping the Fortune 500 and smaller entities secure their organizations.

Ongoing 2+ Years

31337 InfoSec

Cyber Threat Weekly

Weekly Threat Intelligence for the Security Community

Started publishing a weekly threat intelligence newsletter tracking adversarial behavior, emerging trends, and attacker behavior. Written for security professionals, built an organic following in the InfoSec community with no real promotion, was just giving back.

What it revealed: the intelligence existed for enterprise teams. Nothing translated it into clear action for the small businesses that needed it.

The intelligence methodology behind it drives every Pro Community briefing.

The Turning Point

The Numbers

Don't lie

Two and a Half Decades Defending Enterprise. Meanwhile...

12 years tracking the threat landscape and 2+ years publishing weekly threat intelligence for the security community made something impossible to ignore. The tools attackers use keep getting cheaper and easier to deploy.

AI changed the game, what once required technical skill now requires almost none. The cost of launching an attack dropped. The volume and velocity of attacks continue to increase. And the targets paying the price aren't just the enterprises. Everyone is a target.

Especially the businesses without strong foundational security. Small businesses get hit hardest because the foundation isn't there, no verification processes, untrained employees, weak passwords, basic gaps that attackers walk straight through.

Today

Just Launcched

Built for the Small Business Owner

Launched Cybersecurity 4 Small Biz to bring enterprise-level guidance to small business owners. Plain language. Practical protocols. Accessible and affordable pricing.

Every module is a complete package: threat brief, protection protocol, and employee micro-training. Come build this with us.

What We Stand For

Values Shaped by Service

Mission Before Profit

The goal was never to build a big business. It was to close the gap that leaves small businesses vulnerable. Every decision starts with "does this help the member?"

No One Left Behind

A value carried over from military service. If you own a small business and want to protect it, you deserve expert guidance, regardless of budget, technical background, or size.

Radical Clarity

Cybersecurity is made to sound complicated by people who profit from confusion. We do the opposite, plain language, practical steps, zero jargon, every time.

Profit With Purpose

25% of every dollar of net revenue goes to charity. A successful business is focused on more than just its balance sheet.

Actionable Over Generic

Knowing a threat exists is useless without knowing what to do about it. Every Pro community threat package ends with clear, executable action steps, and employee micro-training.

Integrity Always

We won't sell your data, recommend products we wouldn't use ourselves, or sugarcoat real threats. We won't pretend to have reviews we don't have. Honesty is the foundation of trust.

What We Stand For