01
Cybersecurity Framework Audits
Independent assessments against recognized cybersecurity frameworks including NIST CSF, CIS Controls, HIPAA Security Rule, and CMMC readiness requirements.
Cybersecurity Framework Audits
Understand your real riskbefore it becomes a problem.
True Bearing Risk runs framework-based cybersecurity audits that map your current posture, expose the gaps, and hand you a prioritized plan to fix them — in language your team and your board can both act on.
NIST · CIS · ISO 27001Independent · Vendor-Neutral
Primary Services
Independentassessments and analysis.
Five disciplines that anchor the practice — scoped tightly, priced flat, and delivered by the principal.
02
Compliance Readiness Assessments
Evaluate an organization's preparedness for regulatory requirements, client security questionnaires, cyber insurance applications, and framework adoption.
03
Cybersecurity Risk Assessments
Identify, document, and prioritize cybersecurity risks affecting business operations, sensitive data, and organizational resilience.
04
Security Gap Analysis
Compare current cybersecurity practices against industry standards and provide a clear roadmap for improvement.
05
Cyber Insurance Readiness Reviews
Assess security controls commonly required by cyber insurance carriers and identify gaps that may impact coverage or premiums.
Executive Advisory
For owners, leadership,and the board.
- Executive Cybersecurity Reviews
- Give business owners and leadership teams a clear understanding of cybersecurity risks, compliance obligations, and strategic priorities.
- Board-Level Cybersecurity Briefings
- Present cybersecurity and compliance findings to boards, leadership teams, and governance committees in clear, business-focused language.
- Independent Security Program Reviews
- Evaluate the effectiveness of existing cybersecurity programs and deliver objective recommendations for improvement.
Areas We Review
Comprehensive assessments,tailored to your framework and risk profile.
- Identity & Access Management
- User access
- Administrative privileges
- Authentication controls
- MFA adoption
- Email Security
- Phishing protection
- Spoofing prevention
- Business email compromise controls
- Backup & Recovery Readiness
- Backup strategy
- Recovery capabilities
- Business continuity considerations
- Third-Party & Vendor Risk
- Vendor security practices
- Cloud providers
- Outsourced service providers
- Governance, Policies & Risk Management
- Security policies
- Risk management practices
- Governance oversight
- Incident Response Preparedness
- Response planning
- Escalation procedures
- Recovery coordination
The Approach
Three movements: sight, set, steer.
01
Sight
We start by reading the chart you already have — interviews, documentation, prior assessments, contracts. No questionnaires sent into the void.
02
Set
We name the risks that matter, rank them against your tolerance, and surface the controls being managed by accident rather than design.
03
Steer
You receive a written course of action: what to fix, what to fund, what to accept — with the rationale to defend each call.
Scope of Practice
What we do not provide.
Our independence is the product. We evaluate, analyze, and advise — and we refer remediation to qualified providers without taking a fee for the referral.
- Managed IT Services
- Help Desk Support
- Technology Product Sales
- Security Product Resale
- Ongoing Monitoring Services
- Network Administration
- System Implementation
- Remediation Services
- Penetration Testing
- Legal Compliance Certification
About Wes Haire
True Bearing Risk Advisors was founded by Wes Haire to provide independent cybersecurity risk and compliance assessments for organizations seeking objective, practical guidance.
Wes brings more than 30 years of experience helping businesses manage technology, cybersecurity, and operational risk. Throughout his career, he has worked closely with professional services firms, small and mid-sized businesses, and organizational leadership teams to strengthen security practices and improve operational resilience.
In addition to his cybersecurity and technology experience, Wes serves as a bank director and chairs an Information Technology Committee, providing oversight and strategic guidance on technology, cybersecurity, and risk management matters.
Wes also brings a military background and a practical understanding of leadership, accountability, and risk assessment. Those experiences helped inspire the True Bearing Risk Advisors philosophy: helping organizations understand where they stand today, identify areas of risk, and chart a clear path forward.
True Bearing Risk Advisors is focused exclusively on independent cybersecurity risk and compliance assessments. We do not sell technology products, managed IT services, or implementation projects. Our role is to provide objective evaluations, clear recommendations, and actionable guidance organizations can use to improve their cybersecurity posture and compliance readiness.
30+ Years
Technology, cybersecurity, and operational risk experience across professional services and SMB leadership.
Board-Level
Bank director and chair of an Information Technology Committee — governance perspective on cyber risk.
Independent
No product sales, no managed services, no implementation work. Evaluation and guidance only.
Let's talk about risk.
Tell us what'skeeping you up.
Based in Maine, True Bearing Risk Advisors provides independent cybersecurity risk and compliance assessments for organizations seeking objective assessments, practical guidance, and actionable recommendations.
- Office
- By appointment