ZIXIA
ServicesWorkInsightsAbout
Contact
● About the practice

A name chosen carefully. Work done the same way.

ZIXIA is a senior advisory practice for cloud, security, and AI modernization. Embedded, not advisory-only. Built to leave teams stronger than we found them.

§ Why the name

The story behind ZIXIA.

Bu Shang · 子夏 · c. 507 BC

In ancient China, Zixia (Bu Shang) was one of Confucius’s most accomplished disciples, a scholar known above all for his deep, committed love of learning.

After Confucius died, Zixia didn’t retreat from the world. He established his own school and used everything he had absorbed to counsel and teach Marquess Wen of Wei, the ruler of the most powerful state of his era. He took a lifetime of gathered wisdom and put it directly in service of leaders who needed it most.

When I named my consulting practice, that felt exactly right.

For nearly thirty years, that’s what this work has been: a lifetime of gathered, hands-on technical wisdom, put directly in service of leaders who need it most.

§ Track record

Nearly thirty years of building things that actually shipped.

The arc behind the practice. Built from scratch, scaled, audited cleanly, and handed off in working condition.

1997

Co-founded a B2B technology venture

Built the entire technology foundation from nothing. While most dot-com companies of the era collapsed, the company was solid enough to be acquired by a Fortune 500 retailer for $22M.

2000

Built Information Security at a multi-billion-dollar travel platform

Identified a critical security gap after a major corporate spin-off and built the Information Security function from scratch. Scaled it as the company grew into an e-commerce leader. PCI Level 1 compliance achieved; SOX audits remained clean for years.

2014

CISO at a single-family office

Six years with the personal family office of one of the most privacy-sensitive principals in the private sector. CISO, then Director of Technology Services, then Senior Manager of Enterprise Programs. Cut a $16M operating budget by 10% three years ahead of schedule while protecting an environment with zero tolerance for incident.

Today

ZIXIA engagements

Built and handed off a global In-Building Cellular DAS program at a hyperscale technology company over six years, growing it from inception into a self-sustaining operation across 90+ facilities serving 130,000+ corporate users, with a 49-person cross-functional team and a $10M+ capital portfolio. Acting CISO at a $1B+ national manufacturer, where we stood up the first enterprise security program from scratch: GRC frameworks, an SIEM processing 14M+ events per day across 25 U.S. sites, and OT/ICS segmentation across 13 manufacturing plants. Currently advising the Operations Excellence team at a Fortune 50 technology company on AI strategy and tooling.

§ Principles

Five principles, kept honestly.

These are not aspirations. They are the way we run every engagement, and the reason clients return when something else is on fire.

01

Senior execution

No analyst handoff, no body-shop hours. The person you brief is the person doing the work.

02

Embedded, not advisory-only

We sit beside your team and do the work with them. Decks alone do not change outcomes.

03

Outcome accountability

Engagements are scoped to outcomes, not hours. We own the result, not just the recommendation.

04

Long-term thinking

The right answer this quarter is sometimes the wrong one in three years. We sequence with that in mind.

05

Restraint

We resist scope creep, tool sprawl, and theater. The shortest credible path is almost always the right one.

§ Practice model

A senior practice with a deep bench.

ZIXIA is built for senior, hands-on engagements. Every conversation is direct with a principal, and the work is done at the level of the work, not delegated downward.

When an engagement calls for additional senior expertise (a specialized security architect, a cloud cost specialist, an AI evaluation lead), we bring in trusted associates from a deep, vetted network. They are senior operators with their own track records, and they work to the same standard.

The result: clients get the focus and accountability of a small practice, with the breadth to absorb engagements that would otherwise need a much larger firm.

Senior throughout. Embedded by default. Sized to the work.
§ Credentials

Certified across the surfaces we work on.

Active certifications across security, cloud, and platform domains. Maintained current as a condition of practice.

CISSP
ISC2
Certified Information Systems Security Professional
CCSP
ISC2
Certified Cloud Security Professional
Based
Seattle, WA · Working remotely with clients across North America
● Contact

Tell us what’s pressing.

Brief us in a few sentences. We read everything that comes through this form, and reply within two business days. Calls happen only after a fit looks plausible. Your time is respected.

  • 01
    Read
    Within 2 business days
  • 02
    Reply
    A short, direct response, not a sequence
  • 03
    Call
    Only after written exchange suggests fit
Submissions stay private. No newsletters.