Independent. Vendor-neutral. Grounded in practice.
Brownsville Advisory is an independent security and compliance advisory practice focused on helping organizations build the InfoSec maturity they need to compete — in regulated markets, federal contracting vehicles, and trust-dependent industries.
Our work spans four integrated domains: Security, Compliance, Privacy, and Trust. We do not sell products, represent vendors, or prescribe single-platform solutions. Our value is independent analysis, clear communication, and a practical path forward that fits the organization making the decision.
Edward's career in information security began inside the federal government — supporting GRC programs, RMF and ATO processes, and interagency compliance for VA and DoD systems, including healthcare data environments operating under direct Congressional oversight. That experience established a foundational understanding of how agencies actually evaluate risk, what authorization packages require to succeed, and what assessors look for when compliance is put to the test.
That foundation shifted to the commercial side, where the work changed from maintaining compliance to building it from the ground up — standing up GRC functions, earning authorizations across multiple frameworks simultaneously, and building the internal programs that allow technology companies to operate credibly in regulated and federal markets. Having operated on both sides of the compliance relationship — as the practitioner inside the agency and as the person building programs for companies seeking authorization — shapes how this advisory practice approaches every engagement.
His work has extended into international markets, with direct experience navigating compliance requirements in the United Kingdom and Australia alongside domestic federal frameworks. Privacy is threaded throughout — including formal Data Protection Officer responsibility, GDPR program development, and privacy impact assessments in environments where security and privacy obligations intersect and sometimes pull in opposite directions.
Before a career in information security, Edward served eight years in the U.S. Army as a Healthcare Specialist, including deployment in support of Operation Iraqi Freedom. That background informs how he approaches high-stakes decisions, ambiguous situations, and the responsibility that comes with being trusted by organizations navigating consequential compliance and security challenges.
The organizations we work with are navigating real obstacles: a defense contract that requires CMMC Level 2 assessment, a compliance gap blocking a procurement, a security incident that revealed architectural debt, or a regulatory requirement that no one inside the organization fully understands yet.
We help them move from uncertainty to clarity — and from clarity to action. That means understanding the regulatory requirement precisely, scoping what actually applies, and producing advisory output that serves both the technical team doing the work and the leadership making the investment decision.
Edward has spoken on international compliance strategy at RampCON, addressing how organizations can extend their security investment beyond domestic frameworks — covering cross-framework mapping, data sovereignty, and FedRAMP as a foundation for global market access rather than a ceiling.
"Security work is not defined solely by paid engagements. High standards applied consistently — even outside formal scope — build trust, credibility, and long-term reputation capital."
Responsible disclosure, when performed ethically and constructively, strengthens the ecosystem without exploiting it. Every engagement — formal or otherwise — is an opportunity to demonstrate that security and integrity are not in conflict.