Skip to content
LeWinter Advisory

About

I've been in the room, made the call, and owned the result.

Mike LeWinter

Mike LeWinter

Principal Consultant. CISSP.

LinkedIn
CISSP Certified Information Systems Security Professional
CMMC RP Registered Practitioner, advise and prepare, not assess
Verified Vanta Admin Vanta Academy. Automated SOC 2, ISO 27001 & continuous compliance.

CISSP is the standard senior certification in information security. CMMC RP is the credential for guiding defense-supply-chain compliance. Verified Vanta Admin certifies hands-on command of the leading SOC 2 and ISO 27001 automation platform.

I run LeWinter Advisory as a deliberately small practice. One principal, real engagements, no account layer between you and the person doing the work.

Clients hire me because the room needs a senior voice that has actually built, broken, and shipped the thing being discussed. That's the whole differentiation, and it's earned, not claimed.

Where I come from. I came up as a developer, which means I can still read the code and open the network tab myself. I ran technology as a CTO. I was the lead architect on financial-services systems where being wrong was expensive and "looks compliant" was never good enough. And I've taken manufacturing operations from the plant floor through ERP, PLCs, manufacturing execution systems, and the path into the business systems, so operational technology isn't a domain I read about, it's one I've lived in.

THE ROAD HERE Thirty years from first commit to independent practice. Software Developer first commit Network Admin the wires and routes Software Technical Services deeper builds Software Architect Fiserv data warehouse Data Warehouse as a Service owned 24×7 support Lead Architect API security startup Pega Sr. Architect enterprise systems Cisco global scale CREDENTIALS EARNED ALONG THE WAY CISSP CMMC RP Verified Vanta Admin IQMS manufacturing ERP QTG technology leadership LeWinter Advisory independent, by design 1234 5678 910 11
DOMAINS I'VE WORKED ACROSS CloudRules EnginesNetworking SecurityProgram MgmtVirtualization ContainersCollaborationEnterprise Arch
INDUSTRIES SERVED RetailHospitalityHealth CareBankingInsurance FintechManufacturingEducationPublic SectorWarehouse & Dist.

What that means for you. Security, compliance, privacy, infrastructure, and AI decisions rarely stay in their own lane. Because I've owned the technology end to end, I can see how they connect and handle them as one coherent effort, instead of you stitching together advisors who each see only their piece. When I tell you something will hold up, it's because I've built things that had to.

How we work: advisory-led prime

Most technology and security help comes in one of two shapes. Either you hire a consultant who hands you a report and a list of vendors to go chase, or you hire a managed-services vendor you then have to manage. Both leave the hardest part to you: holding the whole thing together and being accountable when it doesn't.

We work a third way. When you hire us, you experience one thing: LeWinter Advisory leading the work. We own the relationship, set the expectations, make the judgment calls, translate what the specialists are telling you, and stay accountable for the outcome. That doesn't change whether the hands on the keyboard are ours or a vetted partner's.

You your business one relationship LeWinter Advisory one accountable point UNDER OUR DIRECTION Penetration testing 24/7 monitoring Incident forensics Managed desktops One point of contact who's responsible. Not a roster you have to coordinate.

A lot of the work I do myself: the assessments, the strategy, the architecture, the privacy work, the incident command. Some work needs hands we don't have, like penetration testing, around-the-clock monitoring, managed desktops, or deep forensics during a live incident. When it does, we bring in vetted partners and direct them. You get one accountable point of contact instead of a roster to coordinate, and we're always straight with you about who's doing what.

Engagements are mostly fixed-fee, with clear scope and deliverables set up front, so you know what you're getting before we start. Assessments and roadmaps stand on their own; they don't auto-funnel into "now buy my managed service." Where ongoing work makes sense, it's a separate, opt-in continuation, because a diagnosis you can trust is one that wasn't rigged to sell you the next thing.

The commitments behind the model

This only works if it's honest, so we hold ourselves to a few rules. They're the difference between a real prime and a reseller hiding behind a logo.

Capability ships when the paper ships. We won't imply we personally run a 24/7 security operations center, a forensics team, or a full helpdesk unless a real partner agreement, with a defined service level and escalation model, makes that true. Where a capability is partner-backed, we say so plainly.

The service level we promise you never exceeds what our partner owes us. What we commit to downstream flows one-to-one from what a partner contractually owes upstream. No promise floats free of something real behind it.

Accountability is the product. We carry first-line responsibility for the engagement. That's the point of hiring a prime instead of assembling vendors yourself: someone whose interests are aligned with yours is governing the people doing the work, holding them to their service levels, and translating it into terms you can actually evaluate.

Credentials. CISSP. CMMC Registered Practitioner. Verified Vanta Admin. Deep AWS, Azure, and Microsoft 365. Principal Consultant of LeWinter Advisory LLC, based in San Luis Obispo, California, working with clients on-site and remotely.

Industries

  • Financial services
  • Manufacturing & OT
  • Healthcare
  • Hospitality
  • Retail

Frameworks I work in

  • NIST CSF
  • CIS Controls
  • SOC 2
  • HIPAA
  • CCPA/CPRA
  • GDPR
Get in touch
Get in touch