We work with wealth management firms, healthcare organizations, defense contractors, and companies pursuing SOC 2, HIPAA, or CMMC compliance. Our clients pass their audits and protect their client data. They sleep better knowing their cybersecurity program is handled by professionals who’ve done this hundreds of times before.
When you work with Adelia Risk, you get an experienced security team that builds and runs your cybersecurity program. We’re not here to replace your IT staff. Instead, we work alongside them, providing the security expertise they don’t have time or bandwidth to develop themselves.
Working with Adelia Risk means you get a team that will:
We stay engaged with your company, adjusting the program as your business grows and
regulations change. This is an ongoing partnership, not a project with an end date.
Josh Ablett started his cybersecurity career at Royal Bank of Scotland, then the fifth-largest bank in the world. As SVP, he learned how large organizations separate IT operations from security oversight for good reason: the stakes are too high for one team to check their own work.
Over the following years, Josh worked in the cybersecurity divisions at HP and Bottomline Technologies. He served as SVP of Product and CISO at Dtex Systems, an insider threat detection startup. He saw the same pattern everywhere in that enterprises invested heavily in dedicated security leadership, while smaller companies struggled because their IT staff was wearing too many hats.
By 2017, ransomware had gone mainstream. Regulators were asking harder questions, and clients were demanding proof of security from their vendors. Josh launched Adelia Risk to help smaller companies get the same security leadership that enterprises had always had.
The company name comes from Josh’s two daughters. “Adelia” is a portmanteau of their names, combined. It’s a reminder that we’re building something meant to last, and that the businesses we protect are often family businesses too, with real people counting on them.
Adelia Risk is different from other vCISO providers. Here’s why we’re a
perfect fit for businesses that need assistance with their cybersecurity.
The big vCISO firms are built for Fortune 500 companies. They’ll recommend solutions that cost more than your entire IT budget. One-person consultants can vanish on you when they get sick or take on another project.
Adelia Risk sits in the middle. We’re large enough to have real depth and backup on our team, but small enough to give you personal attention. Our sweet spot is companies with 10-200 employees, though we’ve worked with organizations as small as 5 and as large as 600.
You don’t want the same people who build your systems also responsible for checking if those systems are secure. It’s the “fox watching the henhouse” problem.
When your IT team handles security, they’re essentially grading their own homework. They may miss vulnerabilities in systems they built. They might not push back on executive requests that create risk. Adelia Risk provides that independent perspective your IT team can’t give you.
Other consultants hand over a 50-page checklist and wish you luck. We’ve heard the stories from clients who came to us after those experiences, frustrated and no closer to compliance than when they started.
Adelia Risk stays with you through implementation. We explain what needs to happen, why it matters, and help you get it done. When you have questions six months from now, we’re still there to answer them.
Cancel any time with 60-day notice.
We’re here to earn your business every month and will never lock you into a long-term contract. Most clients stay with us for years. Not because they have to, but because the partnership works.
Founder / CISO
Operations
Information Security Analyst
Compliance / Josh’s Uncle
Finance
Our core team handles most client needs. When projects require specialized skills like penetration testing or cloud security architecture, we bring in contractors we’ve worked with for years. You get access to deep expertise without paying full-time rates for skills you only need occasionally.
Our core focus is on regulated industries and growing businesses with complex compliance needs. We understand the unique security challenges and audit requirements within the sectors listed below.
We’ve helped dozens of SEC-registered investment advisors and wealth management firms build cybersecurity programs that satisfy regulators and protect client assets. Our typical RIA clients have 5-600 employees and manage anywhere from hundreds of millions to billions in assets. We understand the SEC examination process and know what examiners actually look for.
We work with companies pursuing SOC 2 Type I and Type II, or ISO 27001 certification. These engagements are usually driven by customer requirements or investor due diligence. We’ve seen too many companies over-engineer their security programs trying to get certified. Our approach gets you there efficiently.
HIPAA compliance, PHI protection, and the specific security requirements that come with handling protected health information. We’ve helped medical practices and healthtech companies of all sizes build programs that satisfy HHS requirements while remaining practical for busy healthcare environments.
CMMC Level 2 compliance and NIST 800-171 implementation for companies handling Controlled Unclassified Information (CUI). The requirements are specific and the stakes are high. We help contractors meet these standards without disrupting their operations.
Adelia Risk provides exceptional security, not just compliance checkboxes. Anyone can help you pass an audit by documenting policies nobody follows. We’d rather build a program that actually protects your business and clients.
We won’t recommend tools we haven’t used ourselves. The security market is full of vendors promising AI-powered threat detection that ends up being an overpriced dashboard. We’ve tested the products we recommend and know what actually works.
We’ll always be honest, even when delivering bad news. If your security posture has gaps, you need to know. If a compliance timeline isn’t realistic, we’ll tell you.
We believe in mutual respect and no lock-in agreements. We build long-term relationships that build value on both sides.
Adelia Risk works with clients across the United States. Security leadership doesn’t require someone sitting in your office. We meet via video call and collaborate through shared documents and project management tools. When in-person meetings make sense, we make them happen.
Adelia Risk is exactly what I needed for my business, I’m in healthcare and protecting PHI is critical. We weren’t sure we were set up properly. Adelia Risk made it so we don’t have to worry. They took care of our email security, made sure our computers were set up the right way, and even took the time to train our staff on how to be safe, secure, and HIPAA-compliant.
Grace Barker Health
Working with Adelia Risk provides peace of mind. I sleep better at night knowing that our client data is being protected. Josh and his team are responsive, highly knowledgeable and helpful.
They take complicated topics and make them understandable. We love working with Adelia Risk!
Parsons Capital Management
Before we hired Adelia, I thought our IT people (me) had the cybersecurity thing covered. ‘We’ were wrong.
Josh and his team helped us find the gaps, close the gaps and document everything so we’re as buttoned up as we need to be for our clients and the SEC.
Physician Family Financial Advisors, Inc.
Like most investment advisors, I wanted to worry less and prepare for our next audit. Other vendors offered confusing “one size fits all” solutions. Since working with Adelia, we’ve built a policy that we understand and can achieve! We passed our most recent audit with flying colors.
Jackson Money Management
We are very satisfied with the quality of product and exceptional customer service.
We have a high level of confidence in our ability to protect PHI because Adelia Risk properly set up our HIPAA compliant email.
Barrier Islands Free Medical Clinic
I chose Adelia Risk because I understood that they would guide me through a process, not simply provide tools for me to learn and use.
I was not disappointed!
Jentner Wealth Management
Let’s Talk Security. Book a free 30-minute consultation, no sales pressure, just honest advice.
