Cybersecurity Consulting
Cybersecurity that translates into decisions leadership can act on.
RedZoan stress-tests organizations against real-world risk and converts what we find into clear, quantifiable choices for executives. Built on 17 years inside the USAF, NSA, DISA, Mandiant, and Google.
Proven at
Engagements span the agencies that regulate America's financial system (FDIC, OCC, SEC, CFPB, Treasury), federal law enforcement (DOJ, FBI, USMS), energy (INL), public health (NIH), legislative oversight (GAO, House of Representatives), international defense (NATO), major US cities, and research institutions — the same depth of expertise, now applied to organizations of every size.
Services
What we do
RedZoan is launching with one focused service: tabletop exercise design, facilitation, and executive reporting. More are coming. If you have a specific need outside this scope, get in touch — there's a good chance we can help, or point you to someone who can.
Tabletop Exercise (TTX) Engagements
Stress-test your response before an adversary does it for you.
A tabletop exercise translates abstract risk into observable behavior. We walk your team through a realistic scenario, document where decisions stall and information breaks down, and hand leadership a clear picture of what to fix and in what order. The cost of failure becomes a lesson, not a breach.
- Organization-specific scenario design (ransomware, business email compromise, insider threat, supply chain, and more)
- Compliance framework alignment — NIST CSF, CMMC Level 2/3, CIS Controls, or NIST 800-61
- Optional threat intelligence grounding — real-world advisories and actor profiles integrated into your scenario
- Structured decision-point injects tailored to the roles in the room
- Live exercise facilitation and scoring against a five-level maturity model
- Executive After-Action Report — findings, gaps, prioritized recommendations, and a phased remediation roadmap
- Deliverables in both PowerPoint and Word, ready to present to leadership or your board
We've run this work for Google's most critical systems, federal cabinet agencies, research universities, and municipalities across the country. Same rigor. Right-sized for the organizations that need it most.Schedule a Consultation
Additional services coming soon. Have a specific need? Get in touch.
Our Approach
How an engagement works
Every RedZoan tabletop exercise is delivered in three phases — Design, Execute, and Report. Each phase contains structured workshops, scoped to your engagement and the people who need to be in each one.
Phase 01
Design
Build the right exercise for the right organization.
Design
Build the right exercise for the right organization.
Design scope flexes with how tailored you want the exercise to be. At one end, a generic exercise built around common industry scenarios — fewer workshops, faster to stand up. At the other, a fully tailored exercise built around your specific environment, threat landscape, and operational context — deeper Design work, sharper scenario authenticity. We'll establish where on that spectrum your engagement sits during kick-off.
Workshops in this phase
- Kick-off — A scoping conversation with the project sponsor. We agree on objectives, exercise scope, deliverables, and who needs to be in each subsequent session. Usually limited to the sponsor alone to preserve scenario confidentiality.
- Environmental review tailored engagements — A working session with the sponsor and technical subject-matter experts to gather what we need: architecture, critical systems, response capabilities, operational constraints. The scenario is built around what we learn here.
- Scenario review and enrichment — The drafted scenario is walked through with the sponsor and your environmental experts to confirm technical viability and alignment with your objectives. Adjustments are made before lock.
- Final review — A logistics and content walkthrough to confirm everything is in place before execution.
Phase 02
Execute
Run the scenario. Observe the response.
Execute
Run the scenario. Observe the response.
Depending on the scope of your engagement, the Execute phase involves one or both of the following sessions. Each is facilitated live, with structured decision-point injects and scoring against a five-level maturity model.
Workshops in this phase
- Technical tabletop exercise — A facilitated session focused on technical response: detection, containment, eradication, and coordination across the technical teams.
- Executive tabletop exercise — A facilitated session focused on leadership decisions: internal and external communications, escalation, business continuity, regulatory disclosure, and strategic response.
Phase 03
Report
Hand leadership a clear picture of what to fix and in what order.
Report
Hand leadership a clear picture of what to fix and in what order.
The Report phase converts what happened in the room into a presentation-ready package leadership can act on. Same content in both Word and PowerPoint, formatted for the audience.
Workshop in this phase
- After-action review — A debrief session to walk through observations, lessons learned, and the draft report. Final deliverables are issued after this review.
What's in the report
- Executive summary built for leadership
- Per-domain findings and observed gaps
- Inject-by-inject performance observations
- Prioritized recommendations — framework-aligned and ranked by urgency, impact, and effort
- Phased remediation roadmap
Sized to the engagement, not to a template.
About
About James Inhof
James Inhof is a cybersecurity practitioner with over 17 years of experience across the USAF, NSA, DISA, Mandiant, and Google. His work has centered on translating complex security risk into strategic decisions leadership can act on — architecting Google's enterprise Stress Testing & Resilience program as its solo architect, advising CISOs and executive teams at organizations of every size, and translating active incident response into executive decisions when the boardroom conversation moved to crisis. A career built on building programs where none existed, fixing the unfixable, and solving the problems others couldn't.
James founded RedZoan Consulting on a simple premise: the combination of experience he brings — defensive cyber operations inside the intelligence community, translating major incident response for cabinet-level agencies, and enterprise Stress Testing & Resilience program design inside Google — is not a thing most organizations can assemble through a traditional hire or a typical vendor. RedZoan exists to make it directly available.
James is a United States Air Force veteran. He began his career with the 33rd Combat Communications Squadron — part of the "3rd Herd" — whose mission was to deploy anywhere in the world and stand up full command-and-control communications from scratch within 72 hours.
Anytime. Anywhere.
Improvise. Adapt. Overcome.
Every piece of the mission packed onto pallets and flown out the back of a plane. If it wasn't on the pallet, it didn't exist. Things got forgotten. Things broke. Failure wasn't an option. James was responsible for server, workstation, and cryptographic readiness on paper, but a 72-hour clock forced him to understand the whole picture and cross-train across the rest.
That habit — following the bouncing ball, finding the critical path, seeing how every piece fits — is what lets him lead complex engagements today without getting lost in the weeds. Most of the time.
Engage
Let's talk
If you are a business owner or executive who wants an honest conversation about your organization's security posture, reach out. No jargon. No sales pitch. Just a straight answer about where you stand and what it would take to get you to where you need to be.
RedZoan works with a limited number of clients at any given time. The person who scopes your engagement is the person who runs it — no account managers, no junior staff, no hand-offs.