· Cybersecurity For Small Businesses
· CISSP-Certified

Find your vulnerabilities,
before someone else does.

Most small businesses don't know what they're exposed to until it's too late. I help you find the gaps, understand what they mean, and know exactly what to do about them in plain language, without the jargon.

Get a Free Consultation See What's Included
CISSP Certified
No jargon, ever
Small Business Focused
About

Hi, I'm Eric Levenstein.

I'm a cybersecurity professional with a CISSP certification and years of hands-on experience helping organizations identify and address their real security risks, not just the theoretical ones.

Before launching this consulting practice, I spent years in cybersecurity and risk management roles at institutions including UCLA, the Department of Defense, Consolidated Edison, and Semtech, giving me firsthand experience with the threats, controls, and compliance requirements that organizations of all sizes face.

What that background taught me is that most business owners aren't ignoring cybersecurity because they don't care. They're overwhelmed by technical language, unsure where to start, and skeptical of price tags without a clear understanding of the resulting benefits. That's exactly why I do this differently.

I've worked with small law firms, therapy practices, and other professional service businesses that handle sensitive client data every day. I'll give you a clear picture of where you stand, written in plain English, with honest recommendations you can actually act on.

Credentials & Experience

  • CISSP — Certified Information Systems Security Professional
  • Experience assessing professional service businesses, including law firms and healthcare practices
  • Deep background in governance, risk & compliance frameworks
  • Familiar with HIPAA, data privacy, and client confidentiality requirements common to small professional practices
  • Based in Southern California, serving clients locally and remotely
Services

Right-sized for your business.

Three clear options, without hidden upsells. Every engagement starts with a free 30-minute consultation to make sure we're a good fit.

Tier 1
Essentials

A focused assessment of your most common and critical exposure points. Ideal for businesses that want to start somewhere real without overwhelming their budget.

  • Network posture review
  • Password & access control practices
  • Email security evaluation (phishing exposure)
  • Basic software & patch hygiene check
  • Written summary with prioritized findings
Most Popular
Tier 2
Standard

A thorough assessment for businesses that handle sensitive client information including practices with HIPAA obligations or attorney-client confidentiality requirements.

  • Everything in Essentials
  • Vendor & third-party risk review
  • Data handling & storage practices
  • Access controls & user privilege audit
  • Incident response readiness check
  • Detailed written report with remediation roadmap
Tier 3
Comprehensive

A full-scope engagement with an executive-ready deliverable. Ideal for firms with compliance obligations or client confidentiality at the core of their business.

  • Everything in Standard
  • HIPAA / data privacy alignment review
  • Business continuity & backup assessment
  • Staff security awareness evaluation
  • Executive summary + full findings report
  • Prioritized remediation roadmap with effort estimates
Testimonials

What clients say.

A sample of feedback from businesses I've worked with.

★★★★★

"We had no idea how exposed our client files were. Eric walked us through everything in terms we actually understood, and the report he gave us was something we could hand directly to our IT person and take action on."

Founder New York Legacy Lawyers - Brooklyn, NY
★★★★★

"As a therapist in private practice, I was worried about HIPAA and didn't know where to start. Eric made the whole process comfortable, identified a few things I needed to fix immediately, and helped me understand why they mattered."

Psychotherapist Private Practice - Los Angeles, CA
★★★★★

"I expected this to feel like being lectured by an IT person. Instead it felt like getting advice from a trusted colleague. Eric is thorough, clear, and genuinely invested in protecting your business."

Owner Web Services Provider - Westlake Village, CA

More testimonials coming soon. Please reach out if you'd like to be featured after your assessment.

FAQ

Common questions.

Not at all. I work specifically with business owners who aren't IT experts. My job is to translate what's technically true into what's practically important for your business, in plain English. You'll always understand what I found and what it means before we talk about what to do about it.
My focus is assessment and recommendations. I don't function as a managed IT provider, but I do help you understand which issues are simple enough to handle on your own and which ones warrant bringing in a tech professional. For straightforward fixes, I'll often walk you through them directly. My goal is to leave you with a clear action plan, not a vague list of concerns.
The Essentials assessment can typically be completed in a few hours, spread across one or two sessions. Standard assessments usually take two to three sessions over a week or two. Comprehensive engagements involve more depth and may take two to three weeks to complete, depending on the size and complexity of your business.
Both. I'm based in Southern California and can meet in person with clients in the Los Angeles and Ventura County areas. For clients elsewhere, assessments are conducted entirely remotely via video call and secure document sharing, with no reduction in the quality of the work.
Absolutely. Everything you share with me is treated as strictly confidential. I'm happy to sign a mutual NDA before we begin if that gives you peace of mind. Many clients prefer it, and I think it's a perfectly reasonable practice before inviting anyone to look at your systems.
I work primarily with small professional service businesses: law firms, therapy and mental health practices, medical offices, financial advisors, and similar businesses that handle sensitive client information and have real compliance exposure. If you're a small business owner who isn't sure whether your cybersecurity situation is adequate, we're probably a good fit.
CISSP stands for Certified Information Systems Security Professional. It's widely considered the gold-standard certification in cybersecurity. Earning it requires passing a rigorous exam covering eight security domains, plus years of verified professional experience. It means the person assessing your business has demonstrated deep, broad knowledge of cybersecurity, not just a passing familiarity.
Contact

Let's talk about your business.

Start with a free 30-minute consultation.

No pressure, no sales pitch. We'll talk about your business, what you handle, and where your biggest concerns are. From there, I'll recommend whether an assessment makes sense for you, and which one.

Most business owners leave that first call with a clearer picture of their situation than they've ever had before. That alone is worth 30 minutes.

Eric@Levenstein.us
Available upon request
Response within one business day

Send a message

Your information is kept strictly confidential and never shared.

Message sent!

Thanks for reaching out. I'll get back to you within one business day.