Consulting and Education

CONSULTING · EDUCATION · TRAINING

Full-Spectrum Cybersecurity Consulting, Grounded in Practitioner Experience

Strategic advisory, offensive security, governance, and capability development for organizations facing the next generation of cyber risk.

PKM Cyber Consultants delivers cybersecurity consulting across every dimension of organizational risk, from board-level advisory and AI governance to red team engagements and executive education. Dr. Paul Morrison brings the same practitioner-grounded perspective to consulting engagements that he brings to university lecture halls and corporate training programs. The result is work that does not merely describe cybersecurity, but transforms how organizations practice it with rigor, judgment, and ethical clarity.

Cybersecurity Consulting Services

The consulting practice serves organizations across financial services, healthcare, government contracting, technology, and other regulated industries. Engagements range from single-day executive briefings to multi-quarter capability development programs and ongoing fractional Chief Information Security Officer relationships. Every engagement begins with understanding the client’s specific risk landscape, regulatory obligations, and strategic priorities, and ends with concrete outcomes that strengthen the organization’s security posture.

Core Consulting Service Lines

AI-Augmented Offensive Security

Red team engagements, penetration testing, and adversarial simulation that integrate artificial intelligence tooling with traditional offensive methodology. Engagements include scoped technical assessments, social engineering campaigns, and tabletop exercises that prepare leadership teams for the threat scenarios most relevant to their organization. All work is conducted within authorized boundaries under formal rules of engagement.

Cybersecurity Executive Advisory

Strategic guidance for boards, audit committees, and C-suite leadership on cyber risk, regulatory exposure, and security program effectiveness. Advisory engagements include cyber risk quantification, security strategy alignment to business objectives, governance framework selection and implementation, and incident response readiness. Available as point engagements or as ongoing fractional Chief Information Security Officer arrangements.

Cybersecurity Capability Development

Multi-quarter engagements that build durable cybersecurity capability within client organizations. Programs combine assessment, design, implementation, and knowledge transfer to produce security operations centers, governance and risk programs, and security leadership pipelines that operate effectively after the engagement concludes. Capability development draws on doctoral research and active practice across financial services and regulated industries.

AI Governance and Regulatory Readiness

Practical implementation of NIST AI Risk Management Framework, ISO 42001, and the EU AI Act in regulated industries. Engagements include AI governance gap analyses, control framework development, model inventory and risk classification, and policy authoring tailored to the client’s specific regulatory environment.

Risk and Compliance Advisory

Alignment of enterprise security to NIST CSF 2.0, ISO 27001, SOC 2, and sector-specific compliance regimes. Engagements include readiness assessments, control gap remediation roadmaps, audit preparation, and ongoing compliance program advisory.

Cybersecurity is not a feature to be added; it is a discipline to be practiced. Every engagement we accept reflects that conviction.

Industries Served

KM Cyber Consultants brings cybersecurity expertise to organizations across multiple regulated and high-stakes industries, with particular depth in environments where the convergence of regulatory pressure, advanced threats, and operational complexity demands experienced leadership.

Financial services: Banking, asset management, insurance, and capital markets institutions facing complex regulatory regimes and sophisticated adversaries.
Healthcare and life sciences: Provider organizations, payers, and pharmaceutical companies navigating HIPAA, FDA cybersecurity guidance, and the rising tide of medical device threats.
Government and defense: Federal contractors, state and local government agencies, and defense industrial base organizations operating under FedRAMP, CMMC, and related frameworks.
Technology and SaaS: Software vendors and platform companies preparing for enterprise scrutiny, customer security reviews, and SOC 2 attestation.
Higher education: Universities and academic medical centers balancing open research environments with the security demands of research data, student records, and federal grant compliance.

University Instruction

Beyond the consulting practice, Dr. Morrison teaches at the graduate and undergraduate levels in cybersecurity, artificial intelligence, and information governance, with a focus on producing students who can move directly into industry roles. His teaching draws on years of practitioner experience in cybersecurity leadership at major financial services institutions and on doctoral research conducted at Colorado Technical University.

Current Academic Appointments

De Montfort University Cambodia (DMUC)

Targeted Lecturer in Cyber Security position with a September 2026 start. Teaching responsibilities will span undergraduate and postgraduate cybersecurity programs at DMUC’s Phnom Penh campus, with particular emphasis on AI-augmented threat modeling, governance frameworks aligned to international standards, and the practical demands of cybersecurity leadership in the Southeast Asian regulatory context.

Capitol Technology University

Active graduate student in the Master of Science in Artificial Intelligence program, with completed coursework in advanced machine learning, data mining and knowledge management, intrusion detection modeling using deep learning architectures, and AI ethics. This ongoing graduate study informs the practitioner-academic synthesis that defines Dr. Morrison’s teaching voice.

Areas of Instructional Focus

AI and cybersecurity convergence: How artificial intelligence reshapes the threat landscape, defensive architectures, and the governance frameworks that protect organizations from adversarial AI.
Cybersecurity strategy and leadership: Translating board-level risk appetite into operational security programs, with attention to financial services, healthcare, and government contexts.
AI governance and regulation: Practical implementation of NIST AI RMF, ISO 42001, and the EU AI Act in regulated industries, with case studies drawn from active consulting practice.
Offensive security and red teaming: Methodology, ethical boundaries, and the evolving role of AI tooling in adversarial simulation engagements.
Information governance and risk management: Aligning enterprise security to NIST CSF 2.0, ISO 27001, and sector-specific compliance regimes.

Corporate Training and Capability Development

PKM Cyber Consultants delivers tailored training programs for security teams, executive audiences, and cross-functional groups responsible for organizational risk. These engagements range from intensive multi-day workshops to ongoing capability development partnerships embedded within client security programs.

Executive Briefings

Targeted sessions for boards, C-suite leadership, and audit committees, designed to translate technical cybersecurity realities into the language of business risk, regulatory exposure, and strategic decision-making. Typical engagements range from 90-minute board briefings to half-day executive workshops covering topics such as AI governance readiness, cyber risk quantification, and incident response preparedness.

Security Team Development

Structured learning paths for security operations centers, governance and risk teams, and security leadership pipelines. Programs are built around the practical demands of the client environment rather than generic curriculum, with attention to the specific tools, frameworks, and regulatory regimes that the team operates within.

Workshop Formats

Half-day executive briefings tailored to specific board, audit committee, or leadership concerns
Full-day intensive workshops on AI governance, threat modeling, or regulatory readiness
Multi-week capability development engagements that combine instruction with hands-on program implementation
Custom curriculum development for internal security academies and university partnerships

International Reach

Cybersecurity is inherently transnational, and the threats facing organizations rarely respect geographic boundaries. PKM Cyber Consultants delivers consulting, education, and training engagements across multiple regions, with active program development in Southeast Asia and ongoing engagement in North American and European contexts.

Southeast Asia

Active program development with a focus on Cambodia, Thailand, Vietnam, and the Philippines. The Cambodia engagement, anchored by the pending DMUC academic appointment, includes broader work on AI governance frameworks, government advisory engagements, and certification training partnerships. PKM Cyber Consultants is positioned to serve as a bridge between Western cybersecurity standards and the rapidly developing regulatory environments of Southeast Asian financial centers.

North America

Continuing engagement with U.S. financial services institutions, healthcare organizations, government contractors, and academic partners, drawing on Dr. Morrison’s executive cybersecurity experience and active practice in the Mid-Atlantic corridor.

Europe

Selective engagements aligned with EU AI Act implementation, GDPR-adjacent governance work, and partnerships with European academic institutions interested in cross-Atlantic curriculum collaboration.

Anthropic Cyber Verification Program

In April 2026, PKM Cyber Consultants received formal approval under Anthropic’s Cyber Verification Program. This approval authorizes advanced AI-augmented cybersecurity research and education engagements and represents a meaningful third-party validation of the firm’s positioning at the intersection of AI and cybersecurity. The verification supports both consulting work and academic teaching engagements, ensuring that the firm operates within the boundaries that responsible AI deployment requires.

Academic and Professional Credentials

The consulting, teaching, and training engagements offered by PKM Cyber Consultants rest on a foundation of academic, professional, and military credentials accumulated across more than two decades of practice.

Academic Credentials

DSc in Computer Science, Colorado Technical University
MBA, Bason University
Master of Science in Artificial Intelligence, Capitol Technology University (in progress)
Carnegie Mellon CISO Executive Certification
Carnegie Mellon Certified Risk Officer (CRO)

Professional Certifications

CISSP — Certified Information Systems Security Professional
CEH — Certified Ethical Hacker (EC-Council)
CompTIA Security+
CompTIA Network+

Service and Recognition

United States Military Veteran
Anthropic Cyber Verification Program — Approved (April 2026)

Engage PKM Cyber Consultants

Whether the need is a strategic consulting engagement, an executive briefing, a multi-quarter capability development program, or an academic partnership, PKM Cyber Consultants approaches every engagement with the same standard of rigor, preparation, and practitioner-grounded depth. Conversations begin with understanding what the client or institution is trying to accomplish and end with a concrete proposal for how the engagement will deliver that outcome.

A Veteran And Minority Own Company