Helping You Forge Automated
Cybersecurity Capabilities
TRUSTED I EXPERIENCED I RESULTS-DRIVEN
Our Services

Proposal Support
Does your must-win proposal have an OSCAL, cATO or cybersecurity automation requirement? Would that be a discriminator?
We have excellent win-rate architecting cybersecurity responses.

OSCAL Enablement
Trying to determine how to get started with OSCAL?
Let the co-author of the OSCAL specification help you determine the best starting point and approach for your organization.

Training
Canned or tailored training available for your sales, proposal and technical teams.

Enterprise Security Architecture
Increase the efficiency and effectiveness of your organization’s cybersecurity practices across your portfolio of systems and teams.

FISMA/FedRAMP/CMMC Alignment
Unlock a massive market by embracing Federal cybersecurity requirements or improve your existing capabilities to achieve better margins and expand your customer base. We can help you reach these goals faster and more efficiently.

Solution Architecture
From enterprise harmonization to point-solutions, we help you understand options, design solutions, and ensure implementation efforts remain on target.
Our product agnostic approach ensures we work in your best interest.
Our Clients




Strategic Design
Sensible Implementation
Our solutions start out aspirational and are aligned to the realities of your scope and resources. Our unique mix of experience with enterprise IT and cyber operations, regulatory compliance, standards alignment, process improvement, and system development methodologies ensure you experience benefits as soon as possible and to the greatest degree practical.
Ready for the next steps?
Contact us for a free consultation.
Let's discuss your goals and determine how we can best help you!
Meet Brian
Brian is the architect and co-creator of the Open Security Controls Assessment Language (OSCAL) and inaugural chair of the OSCAL Foundation. His achievements are built on 35 years of experience with information technology (IT), quality management, business process re-engineering (BPR), and cyber solution architecture. In 2024 Brian started Ruf Risk to focus on his passion for serving organizations as they seek to enhance their cybersecurity practices.

News and Updates
FedRAMP 20x: Stay the Course! Prepare to Move Faster!
March 26, 2025 I like sailboats. They are a time-honored method for crossing a large body of water. Tried and true! Elegant! I also like motorboats. While their engine adds complexity, they are more maneuverable and allow you to travel faster. Sometimes you need speed...
Supporting the OSCAL Foundation
Ruf Risk is proud to be an inaugural member of the Open Security Controls Assessment Language (OSCAL) Foundation! This critical global partnership between government, industry and academia was launched to advance the development and adoption of standards to automate...