Veteran-owned consultancy delivering fractional CISO services, security program development, and infrastructure transformation for organizations across the TOLA+ region. Currently accepting select engagements.
Practical security and infrastructure guidance grounded in hands-on executive experience — not theoretical frameworks.
On-demand security leadership for organizations that need executive-level guidance without a full-time hire. Board reporting, security program development, risk management, compliance strategy, and incident response oversight built on real-world CISO experience across manufacturing, healthcare, and defense.
Build or mature your security program from the ground up. Policy frameworks, team structure, vendor evaluation, tool consolidation, and roadmap development aligned with business objectives. We focus on programs that actually work in practice — not shelf-ready documentation.
Strategic migration from legacy systems to modern, cloud-native architectures. Container orchestration, multi-cloud strategy, VMware-to-Kubernetes transitions, and infrastructure-as-code implementation. Designed for organizations running real workloads across multiple facilities and environments.
Comprehensive vulnerability assessments and penetration testing that go beyond automated scanning. Attack surface mapping, risk-prioritized findings, and actionable remediation plans. We assess from an adversary's perspective, leveraging OSINT, open-source, and commercial tooling.
Confidential advisory services for C-suite executives and boards navigating technology risk, M&A technical due diligence, cyber insurance readiness, and regulatory compliance. A trusted sounding board with the technical depth to challenge assumptions and validate strategy.
Technical design and architecture review for complex environments spanning on-premises, cloud, and hybrid infrastructure. Identity and access management, network segmentation, zero trust implementation, and OT/IT convergence for manufacturing and industrial environments.
NorthCreek Security Group is the consulting practice of Andrew Healey — a technology executive with 25 years spanning infrastructure, cybersecurity, and operations leadership across manufacturing, defense, aerospace, healthcare, and cloud services.
With three previous CISO roles and experience leading large teams in both manufacturing, consulting, and cloud, NCSG brings a practitioner's perspective to every engagement. We've built security programs from scratch, modernized legacy infrastructure at scale, and led incident response for sophisticated threats — not from a consulting desk, but from inside the organizations we've served.
Based in Northwest Arkansas and serving the TOLA+ region, NCSG is particularly well-suited for mid-market manufacturers, food and agriculture companies, and regional enterprises navigating the transition from legacy systems to modern, secure infrastructure.
NCSG is currently accepting select consulting and advisory engagements. Whether you need a fractional CISO, a security assessment, or a trusted advisor for a specific initiative — reach out and let's talk.
Response time is typically within one business day.