Andrew Alaniz

Cybersecurity and risk leader who's spent 18+ years building security programs at Fortune 500 companies, global banks, and high-growth startups. Now helping organizations get security right through CipherNorth.

18+ Years of Experience | Founder of CipherNorth | Fortune 500 Banks | Volunteer Firefighter & EMT

People First. Everything Else Follows

I've built security programs from scratch, guided teams through regulatory exams, led incident response in real world events, and helped explain cybersecurity to business executives. If the programs and processes we put in place don't enable business, then we've failed.

I started this blog in 2017 to write honestly about what I've learned including topics like cybersecurity strategy, leadership, and career advice.

Outside of security, I'm a volunteer firefighter, EMT, and wilderness rescue operator. The fire service teaches the same principles that matter in incident response such as operating under pressure, making decisions with incomplete information, coordinating across teams that don't normally work together, and staying calm when the stakes are high.

When I'm not working, I'm outdoors and with the fam hiking, climbing, and exploring the places where cell service doesn't reach with my family.

Who I Am

Consulting

Security leadership through CipherNorth

CipherNorth is a cybersecurity advisory firm built for leaders who are tired of vendors selling fear and delivering PowerPoints. We partner with you to right-size your security program, navigate audits, and prepare for what's next.

Advisory and Strategy

Fractional CISO, security program development, go-to-market advisory, and board reporting. The strategic layer your organization needs.

Operations & Response

Incident response planning, tabletop exercises, and cyber readiness. We help you prepare for the threats that keep you up at night.

Testing & Readiness

Assessments, vulnerability management, audit readiness, and AI governance. Know where you stand, then close the gaps.

Speaking & Community

Bringing real security insights to the stage

I present on cybersecurity strategy, incident response, leadership, and building resilient programs. No vendor pitches. No buzzwords. Just practical insight from doing the work.

  • Southeast Cyber Summit

  • ISACA Birmingham

  • National Cyber Summit

  • fwd:cloudsec

For Security Teams

Building Programs That Actually Work

Lessons from standing up security programs at banks, enterprises, and startups — what matters, what doesn't, and where most teams get stuck.

For Executives

Cybersecurity Risk in Business Terms

Translating security risk into language your board, investors, and customers actually understand — without the fear, uncertainty, and doubt.

Philosophy

Outcomes, process, and technology always come second. People…that's where we should focus our efforts, and everything else will fall in place.

You can ask anyone who's worked with me — you don't have to guess what I'm thinking. I build programs and I build teams. Understanding the nuances of the programs we build is key, and it starts with understanding three perspectives: what the business needs, where technology fits, and what the information flow looks like.

Recent Writing