About Us

Cyber attacks are a way of life, and not just for the largest companies.  In a recent study of mid-to-small sized companies in the U.S., 80% reported at least one security incident last year, yet “a stunning 55% reported having no regular access to any IT security experts, either internal or third party”.  The study went on to say that within the IT departments of these same companies, 67% reported having no security certifications. When it comes to cybersecurity, middle market companies are almost on their own.

That’s not acceptable, which is why we founded Cyber Risk Opportunities.  Our mission is to enable middle-market executives to become more proficient cyber-risk managers.  We decided to help middle-market executives manage their cybersecurity risks in the same deliberative way they manage every other aspect of their businesses.

And that’s the point.

Founded by Kip Boyle (USAF-Rt.), a nationally recognized analyst, lecturer and thought-leader in cyber risks, the vision behind Cyber Risk Opportunities is to help middle-market companies thrive online.

Best Practices

Kip realized that middle-market companies need the same rigorous management practices that he developed as Chief Information Security Officer (CISO) for much larger companies.  The problem was that cybersecurity best practices and recognized standards are highly technical and understood primarily by those with highly specialized IT certifications. He saw the need for a customizable, yet scalable, management program that would translate these best practices and standards into an actionable and holistic management program suitable for middle-market companies

Business Value

Kip also noticed throughout his career that IT professionals in middle-market companies struggle to communicate effectively with business people.  Similarly, he noted that business people at times fail to understand the importance of the issues raised by their IT team members. So an effective management program would need to include a systematic business value analysis that helped executives understand the return they were getting for their investment.


Kip observed that effective management seeks continuous improvement through an iterative and highly collaborative effort.  He learned over the years that the highest-functioning teams were cross-functional and focused on very specific high-priority objectives. So a high-functioning management program would need to systematically set mitigation priorities in a highly iterative and collaborative way.


Kip noticed that many executives are highly visual, so he learned to communicate a tremendous amount of data using visual tools. Knowing that the average time span executives give to a single subject is under three minutes at a time, Kip would need to summarize highly technical information into readily consumable scorecards and use other visual reporting tools. The visual reporting system improves communication and therefore increases understanding of the state of a company’s cybersecurity management program.


Finally, Kip correctly saw that executives and IT professionals face a dizzying array of consulting services, software and hardware products and cloud-based solutions, all claiming to be the ‘be-all-end-all’ protection against cyber attacks.  The world didn’t need another typical consulting company.  Kip wanted to be the advocate for middle-market companies- helping them build their understanding of how these disparate products and services might best be deployed to protect themselves. So, the entire Cyber Risk Opportunities offering would need to be designed to ensure the result of the management program was advocacy.  Advocacy for the customers.

Cyber Risk Opportunities Managed Programs

Thus was born the concept of the Cyber Risk Opportunities Managed Programs – a comprehensive management program for middle-market companies that:

  • Translates Best Practices and Standards into a holistic management program; 

  • Analyses and reports the Business Value derived by mitigation steps; 

  • Builds collaboration between executives, their IT organization and their strategic vendors; 

  • Provides highly effective visual reporting tools; 

  • Provides on-going advocacy; and

  • Does all this at an effective price.

Kip Boyle

Founder and CEO

Rob Finch

Cyber Risk Analyst

Dan Stull

Lecturer, University of Washington, Advisory Board Member

Kip has been an excellent trusted partner for almost a year. His keen sense of the balance between information security and business strategy combined with his Cyber Risk Opportunities toolbox have been key to continuing to position information security for short and long term success in any organization. He brings an excellent outside perspective to any team and is acutely aware of how to articulate strategy in a C-level fashion.

Glenn Joiner, Information Security Officer at Milliman

I have worked with Kip using his framework for critical infrastructure to develop the next version of King County’s Information Security roadmap. I found the tools Kip provided to be extremely useful and easy to use. They also allowed me to focus in on the important issues facing King County and prioritize those issues resulting in a more usable roadmap than previous iterations.

Ralph Johnson, Information Security and Privacy Professional and Leader

Kip Boyle is the consummate professional. I’ve had the opportunity to work with him over the past 15 years in a variety of capacities and I’ve always found him a true pleasure to work with. Not only does he have a friendly, upbeat, positive and can-do attitude, but he is technically proficient and extremely experienced in the world of information security. He has a unique ability to explain complex technical matters to the general public and has always been a pleasure to work with.

Marc Goodman, Author at Future Crimes: Everything Is Connected, Everyone is Vulnerable and What We Can Do About It